Business Continuity and Disaster Recovery - A Business Not a Technology Issue
Hackers, hurricanes, fires, flooding, power outages, denial of service attacks, application failures, employee error, sabotage and now terrorism are helping companies to focus on the necessity of a business continuity plan.
Through the late 1990s as companies prepared for Y2K, many IT executives, risk managers, CFOs and corporate managers realized that recovering computing systems, networks and data was not enough. As Y2K approached, it became more apparent that a disciplined approach was needed to recover not only data and systems, but also business processes, facilities and manpower to restore and maintain critical functions.
The starting point is a risk assessment. Identify and define your mission critical business processes and systems. Review them for vulnerabilities and identify steps required for restoration and recovery. For your data, make sure it is backed up to secure and separate locations. Evaluate various storage solutions including storage area networks, data replication systems, new virtualization systems, network attached storage devices and managed storage. Pay significant attention also to your telecommunications providers to ensure they have built diversity and redundancy into their networks and have well developed and tested contingency plans.
The risk assessment will start to drive out real questions on the business impacts and losses that could result from disruptions. Mission critical impacts, key business functions, processes and records must all be identified. This is also the time to determine resource requirements and acceptable recovery time frames.
Business continuity planning sounds expensive and it can be time-consuming. However, losing your business functions, processes and systems as well as your company, customer and financial data can be devastating. Build your plan. Train, test, train and test again.