Is your business continuity plan too complicated? Do you have a plan at all?
First things first – what is business continuity and how is it different from disaster recovery?
Often confused with disaster recovery, business continuity is a comprehensive approach involving strategic planning to ensure systems, processes and procedures remain functional in the event of a disaster.
In short, business continuity is a proactive step.
Disaster recovery (DR), on the other hand, is the process put into place to resume business operations after a disruptive event. In other words, DR is a reactive step.
According to disastersafety.org, 25% of businesses do not reopen following a major event. However, even minor disruptions can cause significant damage to your business if you don’t have a business continuity plan in place. Hackers are targeting businesses of all sizes and small businesses, in particular, are at risk of security threats to their network.
If you want to maximize your chances of a quick recovery while minimizing your losses, it can pay dividends to invest company resources into developing a business continuity plan.
S: Support: Receive executive-level support for the plan.
A: Assess: Assess all threats and identify solutions.
F: Framework: Build the framework of your plan through a business impact analysis.
E: Exercise: Exercise, test and improve your plan routinely.
Let’s cover each step, one at a time.
Although it may sound simple, this step is critical. For many businesses, the first challenge in getting a business continuity program off the ground is getting support from a CEO or senior level executive. Once high-ranking individuals within the company support the plan, they are more likely to stand behind it and see the plan through to completion.
The next step in the S.A.F.E approach involves defining all threats and solutions at a high level by creating an “assessment map”, as shown below. Next to each threat, define a solution to resolve the threat along with a way to prevent that threat from occurring in the future.
For example, here’s how a cyber-attack might be broken down:
Solution: Data recovery plan
Prevention: Layered security approach, employee education
When it comes to cyber-attacks and data breaches, a layered security approach may be necessary to protect your network from a broad range of attacks through multiple layers of security. Additionally, a data backup and recovery plan should be in place, in the event your network is compromised.
Continue to follow the same steps to define each threat, identifying solutions and different ways to prevent each particular threat from occurring.
If you’re not sure which solution and method of prevention would be the best fit, contact us by phone at (262) 522-8560 or email and we’ll help you understand what solutions are available to you.
Define critical functions and resources: In this step, identify how each threat would affect the survival of your business.
What functions and resources absolutely need to be up and running and, if interrupted/lost, could affect your ability to meet regulatory requirements or continue providing goods and services?
Define Maximum downtime: Record the longest period you can be without these systems.
The answer to this question will help you define your maximum tolerable downtime or MTD. This step is necessary when allocating your business continuity resources, so be sure to evaluate all systems that are critical to the operation of the business.
Define Recovery speed: Once you know what systems need to be recovered, and how long you can be without these systems, define how quickly you will need access to those systems. The answer to this question becomes your recovery time objective or RTO.
To find your recovery speed, ask your Ontech IT consultant “How long would it take to restore XYZ system to working order in the event of a disaster?”
Assess impact: Finally, assess the impact of a disaster on your systems. Pay close attention to cases where the MTD (maximum tolerable downtime) is less than the RTO (recovery time objective).
It is these gaps where your recovery requirements are NOT in line with your business continuity plan. To fix this, meet with executives again, ensure MTD is accurate and confirm with your Ontech IT consultant that recovery times are truly insufficient for meeting these needs.
Once you build a business continuity plan, don’t simply file it away as you would a business plan or mission statement. A business continuity plan is a “living process” that must evolve with the needs of the business as technology capabilities change. Test your plan and update it regularly (yearly – at a minimum) or as any time critical functions, facilities or systems change.
Finally, take the time to train employees to understand their role in executing the plan. Hypothetical walk-throughs, drills, exercises or simulations can stimulate great discussion and ensure your business continuity plan executes seamlessly in the event of a disaster.
If you need help defining your business continuity plan or you have questions, let us help you. We will show you the quickest and most affordable way to ensure your business is covered in the event of a disaster.
Again, if you’re not sure which solution and method of prevention would be the best fit for your business continuity plan, contact us by phone at (262) 522-8560 or email and we’ll help you understand what solutions are available to you.
Schedule a time with your consultant or account manager today!