Wednesday, January 26, 2011

Business Continuity & Disaster Recovery Planning

Business Continuity and Disaster plan is not something to skim over. As a manager or business owner it needs to be well thought out to try and cover all the risks to your business and services. Unplanned events out of your control need to be planned and insured for.

The loss of vital computer data, customer records and IT systems could cause enough disruption to hurt your market share, cause massive financial loss or even devastate your company so much you go out of business.
A good Business Continuity Plan should enable an organisation to function and ensure the availability of services and resources should disaster strike. If a critical event happens the ability to operate “business as usual” play an important part of company survival.

Example of threats and disruptive events include:

• Fire, Flood, Hurricane, Health Epidemic and environmental disasters
• Terrorism, Warfare, Theft, Cyber Crime, Arson, Employee Sabotage
• Power Failure, Air Conditioning, Data loss, unrecoverable information

Protecting against all these different threat types can get very costly. For IT guarding your data centre and infrastructure against communication failures, virus/spam attacks, security breaches and natural disasters can costs hundreds of thousands if not millions.

Dumping everything on the cloud is an option but you still have issues surround back-up and information security. Therefore a carefully risk assessment of each threat based on:

A. Probability of an event occurring and
B. Potential loss and damage to business

Calculating the likelihood and the financial and business impacts are a good outline of where you need to concentrate your budget and which events are important to your business continuity plan.

Ranking threats, loss and probability and develop a plan that Reduces, Prevents, Deterrents and Protects against vulnerabilities. Simple counter actions could be to back up off site, network connectivity, anti virus software, insurance to cover losses and correct staff security measures.

It important to develop procedures (course of action for each threat), train staff and frequently review and test before an event takes place. Make sure you have a crisis communication and emergency contact plan so stakeholders, employees, customers and suppliers can be updated and people are aware of any changes in place until the threat is resolved.

If your business continuity is resourced and managed no one apart from your staff may notice your HQ was hit by a giant meteor a month ago.

No comments: