Join the business continuity debate

Why thinking about risk we can't manage

If you want your organisation to be fully resilient don't think about risk that you don't have a chance to anticipate or mitigate, think about standardize and normalize your asset as much as you can to be able to backup and restart your activity as fast as possible with minimum cost.
Classify your information, homogenize your IT and process, keep sure that you know and manage your asset well, and keep your organisation agile with KM, virtualization, Workflow...
In one sentence, be aware and reactive.

Posted by: Raphael Coche  25 Sep 2008

Selling the benefits

Apart from a few pessimistic souls, one of our human failings is an inability to think about the worst scenarios and plan accordingly. Death and illness are obvious cases, but unfortunately all too often this approach extends into our commercial lives.

What a number of companies fail to realise is that unlike death, the commercial disaster scenario they would prefer not to think about can be avoided or at least mitigated by effective planning.

One of the challenges is therefore getting people to go against their instincts, discuss all the terrible things that could happen and plan for them.

This will seem daunting at first, but ultimately it can become a liberating experience for all concerned and extolling the benefits of completing the process is an important part of winning hearts and minds.

Posted by: Neil O'Connell  19 Jun 2008

Business continuity / disaster recovery

Perhaps the best form of mitigation against disaster recovery is constant prevention by assessing circumstances, thus changing the scenario from disaster recovery to crisis management. Disaster can ensue from very mundane oversights

Posted by: Gianni Zambrini  18 Jun 2008

spread your risks

we have 3 offices in East Anglia. Any of these could take on the role as data centre in the event of a "disaster". The servers, PCs , phone systems, comms etc are virtually identical. The branch offices wouldn't be able to support every member of staff (lack of space) but at least work could be done and the clients kept in touch.. All our data is backed up (and tested) regularly and the tapes / files can be used in any office. Cost - signiifcant but justified. Potential losses from an office being down estimated at thousands of pounds a day. Future losses from "concerned" clients would possibly be more.
We're investigating getting all our servers & data looked after at a data warehouse but at the moment the partners are happy with our setup.

Posted by: David Charles  06 Jun 2008

Communication for Committment

Business continuity planning and testing is obviously a cost to any business. This being the case, there will always be a challenge to justify costs and approach to these activities.

Whilst challenge is a good thing and can prompt a re-think of any proposed solution, there comes a point at which the question must be "Do we want to pay for this, or don't we?".

Communication in companies needs to be effective to gain committment to the financial impact and potential risks of an effective Business Continuity plan. One approach for obtaining committment would be to produce mock news articles tracking the demise of the company (or business unit) following a critical incident (needs to be fact based).

Effective communication of the importance of Business Continuity is key.

Posted by: David Creigh  06 Jun 2008

BCP

Unfortunately, without staff who are willing to research, develop and document a good business continuity plan, the only way to know how to prepare is by one's own failures.

The problem resides in a delicate time balancing act between solving real-time issues and actually preparing for what is yet to come. This, along with staff that may be very experienced, but too comfortable, can be disastrous in a very dynamic environment. The pond ripple analogy doesn't hold a candle to a hurricane causing a roof to leak water down into your, so-called, "impermeable" data center. (yes, this happened to us.)

The extra money to bring in an extra set of trained eyes is well worth it. Not only does it free up your own resources to assess present damage, but it will also will clear the palette of your desensitized IT mouth.

You may think you've thought of it all, but anything can happen. The key is redundancy and clarity. With chaos in the IT field, it helps to have someone who can smooth out the edges and prevent a catastrophe before it begins.

Posted by: Mat Barry  03 Jun 2008

A plan can take many forms

Having a DR plan is a great idea for any business, but many take the idea too far or don't look at all of the options. For example, does the business need to provide off-site working facilities for all of its staff, or just a subset? Could sufficient infrastructure be put in place to allow users to work remotely during a disaster scenario? It's all about balancing the need to keep the business up and running with the cost of implementing DR.

Overall though I totally agree with Ralph, without a well documented and tested DR plan, forget it. A DR plan can become obsolete remarkably quickly if documentation isn't updated and IT staff aren't made responsible for keeping the DR plan current.

Posted by: George Mason  27 Mar 2008

Planning Planning and Planning

Bad things do mostly happen to other people, to good occasionally to me and my team. The main reason they happen is because insufficient planning was done. If I have a well documented disaster recovery plan then that has been tested through dry runs. Then when something does go wrong I simply execute the plan. The pain is when either there is no plan or the plan was not tested hence. In case of no planner you have real problems. In the case of no testing you have no idea if the plan works. With tested plan you just implement rather than fire fight.

Posted by: Ralph Johnson  26 Mar 2008