Companies getting started on a business continuity (BC) plan should focus on developing a plan that is solid, realistic and workable.
Build a team to spearhead developing the strategy made up of mission-critical leaders from major departments, with a backup person for each.
The essential positions that must be filled include the BC commander, IT, finance, operations, HR, public relations and legal.
After the team is assembled, categorise key risks by geographic location and identify the impact and interdependencies of each scenario to critical business systems and personnel.
>See also: 3 steps for effective IT business continuity planning
Next, determine the services, information and systems most vital to continue business operations at acceptable levels.
At a minimum, the business continuity plan should address methods to maintain communication systems, data centre and IT systems, crisis/external communications, and human resources.
Communications systems
The ability of a business to communicate with multiple audiences – from employees to customers and partners – is critical in times of disaster.
For hosted telephony systems, employ multiple internet providers and test for failover regularly. It’s also important to verify that critical phone numbers are set to call forward due to unreachable office conditions.
For premise-based PBX systems, prepare a checklist of key telephony vendors to quickly (if possible) re-route calls to enable alternative ring-to locations and numbers, and designate emergency personnel to take and triage inbound calls.
For businesses with call centres, identify critical call types that must be answered and determine amechanism to segregate those calls as well as the key business applications required, and how call centre sta? will access these applications from alternative locations.
Many BC capabilities are innate to IP phone systems and call centres in the cloud. Organisations in areas that are likely to be effected by La Niña weather patterns, and those also evaluating their current phone system, would be wise to implement these services soon and take advantage of the inherent business continuity capabilities.
Data centre and IT systems
For cloud-based data centres and applications, ensure the IT deployment can properly meet disaster recovery RTO and RPO timelines. Also, validate your supplier’s SLA quarterly – the goal should be 99.999% on core applications.
Ensure that employees can access the hosted environment (both from within the business con?nes and remotely) during fail-over mode from the designated location(s).
Finally, schedule and test your plan at least once per year, or in accordance with regulatory requirements.
For premise-based data centres, be sure to create a written recovery plan that is stored remotely. Water and fire are often the greatest threats to on-premise data centres, requiring multiple safeguards.
Many of these should be addressed in the initial design of the room, and retrofits will be necessary in some cases.
Critical elements include adequate cooling and ventilation, housing the data centre above street level with servers as high as possible in the rack, installing a non-water based ?re-suppression system, and employing a VESDA smoke detection and thermal detectors.
Also, be prepared with multiple internet service/data providers, and test for failover regularly.
Poor availability of adequate power is also a significant risk factor for premise-based data centres. Purchase uninterrupted power supplies (UPS) and provide for generator access where necessary.
If the UPS is gasoline-based, determine how much fuel is required for a prolonged outage. If retrofitting your data centre is too costly, consider moving to the cloud.
And don’t forget the importance of data back-ups. If you employ physical tape back-up, take the “human factor” out of your recovery. Tape back-ups should be removed daily and stored in a secure, easily accessed location.
Keep in mind that during a disaster, physical travel can be limited or stopped altogether. Accordingly, it is a good idea to back-up data and applications to a geographically distant location, and that they can be transmitted in a time conducive with your RTO/RPO.
Crisis/external communications
In the event of emergency, an organisation must be prepared to share information and work with a number of constituents.
In the BC plan, identify key communication stakeholders across the organisation and determine audiences including executives, shareholders, public agencies, associates, families, customers, suppliers, partners, media, regulators and more.
>See also: Has business continuity caught up with the cloud?
Craft key data points and positioning in advance for each audience in preparation for a variety of circumstances.
While it may seem a daunting task to orchestrate a wide-ranging business continuity and disaster recovery plan, it will pay multiple dividends in the case of an emergency.
Human resources
Beyond the critical technology-based liabilities associated with crisis scenarios, business continuity planning must also account for managing employee needs and communications.
Key elements include creating and testing onsite safety plans, with the potential need for onsite cash, food and shelter.
Develop an emergency noti?cation plan to keep employees informed at all times, and build plans that prevent payroll delays.
Sourced from Scott Kinka, CTO, Evolve IP