Business continuity is not just about backups!
Last updated on April 16th, 2020
The number of businesses I speak to who don’t have a Business Continuity Plan (BCP) is horrendous. I usually get the stock reply of “but we do backups”. Creating backups is not preparing your business for all potential eventualities that could hinder, damage or destroy your business.
Anyway, regarding backups – the problem is that it can take days to get a business up and running again using normal data/system backups. And that’s even if you have the spare hardware (servers, etc) to restore onto at hand. What if you don’t have spare hardware to hand? Actually, if you haven’t recently tested restoring your systems, how can you be sure you’ll get operational at all?
We all know the scarily high statistics about companies without Business Continuity Plans going to the wall, so I’m still surprised by how many companies are prepared to take huge risks by not having trusted plans in place.
What should I include in a business continuity plan?
Here are an initial six things to start thinking about when business continuity planning comes onto your agenda:
1. Determine how long you can live without data and systems
Deciding this will directly influence your Recovery Time Objective (RTO) which is a key variable in your BCP. You probably have an understanding of the time you can afford to lose with no access to key systems and data, and how many hours or days of lost data you could arguably manage without. Once you define this, you can effectively balance desired recovery times and risk tolerance against a budget.
2. Plan for all eventualities
Downtime, whether it rears its head through a fire, flood, power outage, chemical leak, transport strike, malware attack, hardware failure, terrorism or even a flu pandemic, will hurt your business financially. You should consider all possibilities and have in your BCP a documented strategy to deal with the risks you can identify.
3. It’s more than just IT
As part of your planning process, you should be identifying key information, systems, people and processes, and how they all interact to keep your business running. Then envisage what would happen were you to lose any, or all, of these key ‘assets’. It’s easy to think that your IT infrastructure becoming unavailable is what would cause a lockup of business processes but key personnel becoming unavailable is just as impactful.
4. Scrutinise your suppliers
In business, it’s not just about you; you’re almost certainly reliant to some degree on other companies. It’s fine to have a well-thought-out continuity plan but do your key suppliers (cloud software vendors, IT providers, communication providers e.t.c.) have plans of their own in place? Can they ensure they can still deliver a service to you if they encounter problems or downtime? Send them an email or phone them up and ask.
5. Understand the technologies available
A few years ago, the only effective technologies to protect businesses from disaster were notoriously expensive and were typically aimed at large multi-nationals with generous budgets. Now virtualisation, replication and vaulting technologies will fit the SME budget. And if you’re astute, you’ll find you can implement some without charge due to the savings you’ll make from increased uptime.
6. Test & communicate the plan
There’s no point defining your business continuity plan and leaving it in a drawer. To be able to trust it, you need to prove it and tell people about it. Test it regularly, perhaps every 3 to 6 months or at the very least once a year. If the first time you test your plan is when an emergency occurs, then you could be in trouble.
You need to ensure that the human side of the BCP is tested and proven, not just the IT parts: make sure everyone in the organisation is aware of the procedures and what part they must play should the BCP be invoked. The more you test, the more routine it will become and the slicker your recovery will be – saving you money and perhaps even the business itself.
The above is in no way a comprehensive list of items to consider – it’s just a number of elements to demonstrate there are other areas that need to be considered. You’ll find plenty of other resources on the QuoStar blog to help you plan. If you want to take things a step further then get in touch and we’ll see how we can help.
Here’s another way to think about it: You pay for insurance policies, you lock the server room, you close your windows, you put the building alarm on… but you don’t know how you’ll deal with a disaster? Madness!
Robert Rutherford, CEO of QuoStar
Co-sourced IT Support Guide: The top 5 benefits
Outsourced IT support and internal IT teams both have their pros and cons, but there is a third option available to businesses and that is co-sourced IT support. Co-sourcing is a flexible approach which allows you to supplement your internal IT department with external resources, which can alleviate the team’s workload and simultaneously provide you […]
Why should you invest in your IT systems?
As much as you may dread hearing “infrastructure refresh” or “systems update”, investing in your IT systems is vital for remaining successful in the rapidly changing market. As your business grows, your needs and priorities will change. An increased number of employees, technical advancements or market pressures could put pressure on systems which may have […]
Why do IT teams love private cloud?
There are many different definitions of cloud computing. However, it essentially means you store your applications, systems and data at a remote location and access them via a network connection, typically over the internet, rather than in your own office. This model has already delivered some compelling benefits, including greater flexibility, easier collaboration, and greater […]