How to Keep your Business Continuity Plan from Failing
by Scott Youngs
It’s no longer a matter of “if” when it comes to disaster recovery (DR). Businesses create and store more data every day. At some point, there will be a data disaster. Whether it’s an entire data center or a few critical files, businesses need to recognize this reality and develop a comprehensive plan and strategy for recovering their data. Business continuity (BC) plans keep companies moving when data is lost. It’s not just the technology, either. A true BC plan goes beyond IT infrastructure, integrating organizational and operational strategy and processes to ensure employees understand and follow established best practices. People need to know how to react to data disasters so that any loss doesn’t have a substantial impact on the enterprise.
However, BC often fails when businesses need it most because they haven’t followed some basic tenets of real disaster preparedness. No strategy is perfect for every company, but having companywide commitments to continuity and recovery will help organizations develop strategies and keep their plans up to date and on the ready. Here are four considerations and strategies businesses can follow to avoid a disaster:
Maintain and update procedures through IT and organizational changes
The goal of business continuity planning is simply to keep companies moving in the event of disaster or disruption. Achieving this calls for the creation of plans and procedures to follow when something bad happens. However, businesses change constantly, whether it’s due to the integration of a new technology or the onboarding of a dozen new employees. When they formalize strategies to recover critical data and continue operations, there must be time allocated to maintain and update the process. And it’s not just about altering plans and strategy as technology shifts. As businesses scale up or down, or new lines of business come into play, your disaster recovery plan must evolve. Quarterly is best, but even having bi-annual or annual adjustments can ensure that plans are capable of keeping a company moving in line with demands. Making this step a priority keeps business continuity top of mind throughout the enterprise.
Regularly check in with key stakeholders
There’s a natural tie-in between business continuity and IT departments. IT manages and maintains the data companies need to protect and recover in the event of a disaster, as well as the technology on which they most rely. However, IT cannot be the sole driver of business continuity plans and procedures. Business continuity planning must account for the thoughts, insight and demands of key stakeholders throughout the company. The disasters that draw the headlines typically involve companywide outages and data loss. Data disasters don’t always call for an instant failover of an entire data center. Sometimes, it’s just a few departments, or even a few employees, that need to recover their information. By spending time understanding the needs of each department and stakeholder, we can develop business continuity plans for every situation that may arise.
By speaking with stakeholders, business continuity teams can also determine the critical systems to protect. Every piece of data needs a backup. Some data is more important, though. Identifying the critical systems for each stakeholder helps cement a plan and establish the recovery point and time objectives. Moreover, once the technical details are in place, companies can formalize processes. Without considerations for the actual technology and employee procedure, business continuity plans aren’t likely to have their desired outcomes.
Test, test and test again
No one’s perfect. Even the most rigorously developed and technologically advanced business continuity plan can have some flaws. Thankfully, developments in software applications have made it a little easier to test applications. It’s still going to take some time to conduct testing, but it simply needs to be done – regularly. Testing ensures that documentation remains up to date, in line with existing operations and completely accurate. Additionally, regular testing of business continuity procedures not only ensures that the technology is where it needs to be, but it gives employees awareness of their obligations and best practices when disaster strikes. Following updates to business continuity plans, it’s especially important to test plans and protocol to make it clear what’s changed for every person involved.
Make best use of cloud-based options
The cloud has emerged throughout enterprise IT as a legitimate option for the delivery and management of a number of applications. For business continuity, the cloud has provided great value and functionality for business continuity. Since cloud-based models are pay-as-you-go, companies can scale up and down as needed and understand exactly what they need to invest. In the past, companies have opted against robust business continuity and recovery technology because the price was prohibitive. Customized data-mirroring solutions, delivered through the cloud, provide efficient backups for critical systems without such substantial capital expenditure demands. As with any aspect of IT, businesses need to find the products and services that fit their needs most effectively. Customization capability as part of business continuity in the cloud means companies can identify what works best for them in terms of both technology and cost.
There’s no such thing as a “good enough” business continuity plan. Nor is the work of a company ever truly done in terms of developing a business continuity plan. Just as the technology used to run a company evolves, the ways to protect against disaster and maintain business operations must be refined and adjusted over time. At some point, there will be a data disaster, and companies must be committed to business continuity to limit the potential consequences.
Scott Youngs is the chief information officer of Key Information Systems.