Wednesday, January 26, 2011

Business Continuity & Disaster Recovery Planning

Business Continuity and Disaster plan is not something to skim over. As a manager or business owner it needs to be well thought out to try and cover all the risks to your business and services. Unplanned events out of your control need to be planned and insured for.

The loss of vital computer data, customer records and IT systems could cause enough disruption to hurt your market share, cause massive financial loss or even devastate your company so much you go out of business.
A good Business Continuity Plan should enable an organisation to function and ensure the availability of services and resources should disaster strike. If a critical event happens the ability to operate “business as usual” play an important part of company survival.

Example of threats and disruptive events include:

• Fire, Flood, Hurricane, Health Epidemic and environmental disasters
• Terrorism, Warfare, Theft, Cyber Crime, Arson, Employee Sabotage
• Power Failure, Air Conditioning, Data loss, unrecoverable information

Protecting against all these different threat types can get very costly. For IT guarding your data centre and infrastructure against communication failures, virus/spam attacks, security breaches and natural disasters can costs hundreds of thousands if not millions.

Dumping everything on the cloud is an option but you still have issues surround back-up and information security. Therefore a carefully risk assessment of each threat based on:

A. Probability of an event occurring and
B. Potential loss and damage to business

Calculating the likelihood and the financial and business impacts are a good outline of where you need to concentrate your budget and which events are important to your business continuity plan.

Ranking threats, loss and probability and develop a plan that Reduces, Prevents, Deterrents and Protects against vulnerabilities. Simple counter actions could be to back up off site, network connectivity, anti virus software, insurance to cover losses and correct staff security measures.

It important to develop procedures (course of action for each threat), train staff and frequently review and test before an event takes place. Make sure you have a crisis communication and emergency contact plan so stakeholders, employees, customers and suppliers can be updated and people are aware of any changes in place until the threat is resolved.

If your business continuity is resourced and managed no one apart from your staff may notice your HQ was hit by a giant meteor a month ago.

Friday, January 14, 2011

ITIL Training Secured

I have secured over £12500 of ITIL and Office 2007 training for my staff. Good news for a Friday. Things are looking up. The Active Directory project is moving along and training is been done in house directly by me. Nice to mix it up with the team, they have been working so hard re-patching sites and dealing with office moves. In the space of three days we have received many well done’s and thanks for all the hard work.

But there is still much more to do.

Monday, January 10, 2011

To AD or not AD

Returning after the Christmas period I have a clear focus on what needs to be done over the next few months. However Active Directory Management has landed in my domain (AD joke) and no decisions have been made on the overall structure once the merger is complete. There are many processes and procedures that need creating and refining and AD is a full time job here. In addition to the extra network planning needed, we seem to be a little short of communication and decision on how AD will transfer from Networks to my teams.

Ideally what we need is a tool that can automate all AD admin such as Account Creation, Password Resets, Permissions and all the basic level stuff that impacts heavily on IT resources. I even have a solution in mind from past experience. A wonderful piece of software that would solve the problem, cut costs and make us more proactive overnight.

On the downside the cost is around £60,000 but with my contacts I could reduce the cost to around £40,000. With the “credit crush” and merger looks like it’s time to start writing a business case and upping our game plan. Unless the business wants me to be the most expensive Active Directory guy in the world! LOL

Once it’s nailed and people are trained I can regain focus on other things that generate unnecessary work for the business. By the end of the project the staff saving will be 25K per year plus any ROI from efficient savings.