Why is business continuity planning so important?

/ IT Security Services
April 16th, 2015

Business continuity - Why you need a plan

We are fortunate in the UK that major incidents such as earthquakes, wildfires, flooding or terrorist attacks are rare. Yet when they do occur, we often find ourselves ill-prepared for the trials they present. In countries that regularly deal with these catastrophes, a disaster recovery plan is a standard part of a business plan. However, this is not always the case for organisations in the UK.

To give an example of what can happen, we can look to the Holborn fire in 2015. It’s the perfect example of how an event out of your control can cause significant disruption to your business. In the case of the Holborn fire, an electrical fault caused damage to a major gas main, resulting in an underground blaze that lasted for 36 hours… in the middle of London. It wasn’t until six whole days later that power in the area was finally restored.

Can you imagine the impact of one day where you’re unable to access any emails, files or client details? Here we’re talking about nearly a whole week! Many businesses who suffer a major disaster never fully recover – losing orders, contracts, key employees. Some even go out of business entirely.

As IT is now a pivotal part of so many businesses, the associated cost of downtime is rocketing. Prolonged IT downtime can also damage the reputation of your business, as it impacts your service and availability for clients. So what can you do?

You build your business continuity plan.

How to create a business continuity plan

Contingency planning is now essential for any organisation with business-critical IT. However, one of the most difficult elements is establishing which elements need protecting and how to do this.

An effective Business Continuity Plan (BCP) must assess the dangers and be departmentally broad. It should consider the needs of the whole business, and take into account the many factors such as systems, people, technologies and suppliers.

Your plans need to work off of two key variables:

  • Recovery Point Objective (RPO) – This is essentially the amount of data your business can afford to lose in the event of a disaster. For most businesses, this number will be a low percent.
  • Recovery Time Objective (RTO) – This is the target amount of time it should take for systems to be restored and for you to go back to normal operations.

These objectives vary for each organisation, so perform evaluations on each system to develop individual RTO and RPO. You will need to review and redefine these are regular intervals as the business needs and environment develops.

But resorting to your plan should be a safety net. Ideally, you should instead prevent the impact of a disaster from becoming debilitating. To solve this, you can use technology.

How to protect your systems from disaster

You can protect your critical IT systems by using a hybrid solution which means adopting secure cloud technologies alongside existing onsite infrastructure. The cloud is a cost-effective way to safeguard essential assets. It allows you to replicate crucial data, systems and services for instant recovery in the event of a disaster. Cloud’s adaptability to exact requirements also suits the individualised nature of BCP.

Through using a hybrid approach, you can gain full or partial protection to your critical IT systems as in the event of a systems failure, employees can work remotely accessing the systems they need from the cloud.

On a final note, remember, when establishing a business continuity plan – don’t only focus on the effect natural disasters could have. Security breaches must be part of the overall plan as well as personnel availability. A malware-driven system failure or bout of illness could have a significant effect on business operations.