The threat of disruption due to unforeseen events looms ominously over organizations, no matter how large or small. Your technology backbone includes your systems, applications, data and services and these are critical components of your business. So, when something drastic happens, it goes without saying that there is a significant risk to your operations.
There is rarely any advance warning of a catastrophe, whether it’s a natural disaster (like hurricane Katrina in 2005), a cyber-attack (like the WannaCry ransomware attack in 2017) or a power outage (like the Southwest Blackout in California in 2011). Even a health crisis that nobody saw coming - like the recent outbreak of Coronavirus – can lead to travel limitations, illnesses and a severe strain on team structures.
With the increased reliance on technology in almost all business processes, it’s more important than ever that your company develops a Business Continuity Plan (BCP).
What is a business continuity plan?
A BCP outlines the processes and procedures that your organisation must follow to continue operating in the event of a disruption.
Online systems including your network connections, phone lines, drives, servers and business applications are vulnerable to all manner of chaos in the event of a compromise.
A BCP sets out a series of quick-fix steps or temporary emergency measures to ensure that the most important business operations remain at least functional, even if overall productivity is weakened.
How will your employees communicate? How will collaborative projects move forward and meetings take place? Payments systems, contact systems – in fact your whole UCC platform could run the risk of collapsing.
BCP vs DRP
A business continuity plan goes hand in hand with Disaster Recovery Plan (DRP). While the two both tackle the immediate aftermath of a disruption, they are not the same.
Business continuity focuses primarily on ensuring that you maintain functionality (even at reduced capacity) in the event of an incident while attending to the disruption. Disaster recovery is a corrective measure that looks to restore full IT functionality as quickly as possible.
However, recovering your IT may take some time, so even if your temporary solutions are rudimentary or offline, your organisations must outline them in a BCP to ensure employees know what’s expected of them.
5 crucial steps to creating a business recovery plan
Step 1: Identifying tier-1 applications
For communications, production, sales & marketing, HR and other lines of business to continue to operate, you need to identify which are mission-critical to the needs of your organization. Then you need to document their resource consumption. Evaluate CPU, RAM and other resource elements. Measure critical inbound and outbound network traffic needed to stay operating. This is where comprehensive monitoring and troubleshooting is vital to any organization.
Step 2: Determining Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO)
This is to define exactly what downtime will cost, and how much time you need to recover to keep losses to a minimum. While RPO determines the variable amount of data that will be lost, RTO estimates how long in real time before the disruption begins to inhibit critical business operations.
RPO – the centrepiece of your BCP, it’s the maximum allowable period in which data can be lost from your service. If you measure RPO in minutes (or hours), then it’s crucial to maintain off-site mirrored backups.
RTO – the maximum allowable duration of time and a service level a business needs to be restored after a disruption.
Step 3: Creating your strategy for onsite and offsite scenarios
An onsite backup strategy often works for organizations with data centers supporting a high data change rate, because it provides quick recovery in the event of a disruption. But in the case of server failure, onsite backup will be useless and will mean loss of files and data. This is why organizations with dispersed geographic locations should secure their infrastructure in various locations.
A blended strategy utilizes onsite backup for high data workload organizations, while an offsite strategy ensures business-level recovery.
Step 4: Implementing workflows
The time to plan, predict and control is before the disruption. You need to develop workflows that closely align with your business and cover areas such as:
- Recovery
- Backup
- Failover
- Replication
- Live migration
Step 5: Testing. Analyzing. Optimizing.
Testing to verify the effectiveness of your BCP and DRP – and reviewing it regularly is vital to optimize and strengthen it.
- Gather division leaders and those designated to help carry out the plan and evaluate the elements that need improvement.
- Show the plan to newly hired managers and department heads for new feedback.
- Carry out a simulation of a possible disaster scenario, and involve business leaders, vendors, management and staff.
- Test data recovery, asset management, leadership response, replication and relocation protocols.
Your company's future depends on your people and processes. An organization’s ability function through and recover from unforeseen disruptions is critical. Having the appropriate strategies and tools in place will help your business save time, money and resources to maximum ROI and minimize downtime.
