Business nowadays can not afford to have a glitch that could potentially put them in disadvantage with competitors neither lose any precious operational time…let alone run any risks that could impact their trade. This is the reason why corporations spend a fortune trying to secure their business in case of an incident. Most of them have a second computer room (disaster site) or even a third one holding a replication of servers and data in real time, perform on-line backup and snapshots that will ensure the integrity of the data. However, will this also ensure the continuation of your business after an adversity?
Normally people mixed the terms “disaster recovery” (DR) with “business continuity” (BC). The first will give you the ability to continue functioning, securing your physical assets and the information that can be held on physical or virtual platforms. This is the reason why people think always about IT when they are asked about their business continuity. However, if they stop here they will be making a big mistake. IT DR is just one of the legs for the survival of your business. During my career, while I worked for both public and private institutions I always noticed that there is a tendency to rely just on IT capabilities, forgetting about the rest. To have a complete BC in plan (this is, a plan that will allow you to run your business as if nothing had happened) it needs to involve other areas such as HR, operations, finance and all those departments that run your business on a daily basis. The reason is simple: There are intangible assets that can not be backed-up or duplicated (with the current technology that is): you will be missing the knowledge of your employees. How often are you obliged to call an employee or a colleague that is on holidays, business travel or simply on his day off because there is something that nobody else knows how to do in the company? It may be just a simple approval or the conformation of a document; you need the skills of this person to proceed…
However, what would it happen if this person was not available? Let’s imagine that there is a serious catastrophe (i.e. fire in the building) and that this person is affected and taken to a hospital and put in isolation (plan for the worst hope for the best). He/she does not have to be an executive; it could be anyone that holds intellectual information. You are not going to be able to go to the hospital to make him “login” into our systems and run those end-of-quarter reports.
I am not suggesting to have every position duplicated, but to have an alignment between your normal business life and your continuity plan. Work with your department leaders, set an “Emergency Committee” under which BC plans will take form, audit those and review them as often as needed. Depending on the nature of your business you may need to review them more often so make a compulsory regular entry in everybody’s agendas even if it is just to go over the plan and check that nothing has changed (I had a customer that had to review the plan weekly) …and lastly test, test & test your plan to check that your business will work under stress.
Agree on a day that you will be running on DR/BC so everybody is ready in case something fails…and, if it does, you can always revert. The worst thing that can happen is that you lose some scheduled time for maintenance. It is better to find out that something is not working during a test than in real circumstances when you may not be able to go back. Many companies avoid testing their BC as they say they can not afford to waste time on tests just to find out that their plans are not working when they are really needed.
So, are you ready in case of disaster?