Monthly Archives: November 2015

Keep business continuity on the front burner

All companies need business continuity and disaster recovery plans. There are so many ways a business can face potential disruption, from major events like a flood, earthquake or blizzard, down to much smaller disasters like a faulty server, or a companies network going down thanks to a power outage. Once a business has a plan in place, the tendency is to think of the issue as solved, and not go back to reexamine their practices and procedures again.

This is a mistake, as a good business continuity and disaster recovery plan needs to constantly be looked at and tweaked in order to make sure it continues to cover a business in the best way possible.

"A company still needs a robust, intelligent and responsive business continuity and disaster recovery plan."

Constantly update procedures
Companies are always changing – employees come and go, new technology is added and offices move around. Through all of it, a company still needs a robust, intelligent and responsive business continuity and disaster recovery plan. For this reason, Computer Technology Review recommended updating a BC plan on a quarterly basis. Not only does it help to keep the plan strong when it is regularly revisited, but this can also motivate employees. When the plan is reexamined every few months it stays at the top of everyone's mind. Workers will be thinking about continuity more and that attention will mean a plan is easier to implement in the event of a disaster.

Keep everyone involved
Business continuity and disaster recovery plans almost always involve upper management as they will be making the important decisions in a time of crisis. They also often involve employees from IT as the network infrastructure and technological pieces of a business are generally the focus of the plan. However it pays to involve everyone in the company in the planning to avoid tunnel vision. Business continuity should include what to do in the event of a critical, system-wide failure. But a good plan also takes into account what might happen if just a few employees or a single department is hit with a disaster. By speaking with all of its employees, a company can be sure that its continuity plan protects everything it needs to.

Test often
Having a plan in place in the event of a disaster is not good enough – it must be tested rigorously and regularly. Even if months of a company's time is spent readying a BC plan, it is no guarantee that it will work when the rubber meets the road. Though it will be disruptive to day-to-day operations, it is important to run real-life drills for what could happen. These tests serve two purposes, according to the Data Center Journal first, they ensure that technological solutions put into place work as they are supposed to. Secondly, and perhaps more importantly, they make sure that the human element of the plan knows what it is supposed to do. A disaster situation will likely be stressful and difficult for employees to cope with. They are far more likely to accomplish the tasks they need to if they have performed them before under less stressful circumstance.

How to create a business continuity plan

There are many disruptive events that can affect a company's ability to keep doing what they do. In the modern world, businesses are at the mercy of all kinds of outside factors. Something as small as a power outage, or as large as a major blizzard, can knock business systems offline, prevent employees from coming into work and wreaking havoc on a company's processes. In order to be ready to deal with whatever problems may come, a company needs a good business continuity plan. The right kind of plan can protect a small business from major disasters like earthquakes and hurricanes as well as smaller issues like server crashes or computer viruses. It can even help cover contingencies for what to do if a key employee is sick or leaves the company.

"Business continuity planning starts with a business impact analysis."

Business impact analysis
Business continuity planning starts with a business impact analysis, according to CIO contributors Kim Lindros and Ed Tittel. A BIA is a process whereby a company can take a look at all of its systems and processes and identify what is most critical. It is important to view this analysis through the lens of the company's bottom line. Assess which processes would cost the most money if they were to be unavailable for a period of time. A BIA should take into account which employees, roles and equipment are vital to keep the company running and making money. The plan should help a company decide what processes to bring back online and in which order to keep disruption to its business to a minimum.

Create a plan
The next step is to use the information from the BIA to develop a good business continuity plan. It should cover many things, but there are some basics it needs to address. The Data Center Journal recommends a plan that involves all of a companies employees, not just those in IT. It should also involve training multiple employees in each of the emergency tasks laid out in the plan – that way the business can keep running even if some of the employees are unable to reach the office. The plan should also include an offsite meeting place to be used in a time of crisis as well as a crisis communication plan among the top executives at a company.

Test and retest
It's not good enough to simply have a plan – it also needs to be tested to be certain it works. Much like a building runs fire drills to make sure everyone who works inside is ready in the event of an emergency, a business needs to test its business continuity plan a few times a year to be sure that employees are ready to execute. In some cases, tabletop simulations of disasters and the steps to recovery are enough, but in others it can be beneficial to actually put employees under stressful, "lifelike" conditions to be sure they can execute the procedures under stress. CIO said it is important to make sure these tests are done on a regular basis as businesses are constantly in flux with new employees and new technology. In order to make sure that systems are ready, an employer must be sure the plans are tested and refined as things change.

Long-term considerations for DR strategies

Disaster recovery best practices have evolved significantly in the past few years, driven by the rapid transformation of business technologies, risk and the globalization of economic competition. Not so long ago, some industries were a bit less reliant upon digital technologies than others, but this has changed significantly in the past few years. Now, every industry from agriculture and education to health care and beyond is more comprehensively technology-centric. 

This means that every organization needs to develop and maintain strong IT-related continuity and disaster recovery strategies, as outages will be more disastrous as companies begin to leverage a wider range of technologies. One of the more common issues that many leaders struggle with in this regard is testing, which studies have shown to be a rarity among organizations today. Businesses must be diligent in their assessments and refinements of DR plans, and should strive to avoid some of the more popular errors that render the processes less effective. 

Getting it right
The National Institute of Standards and Technology provided a thorough rundown of what needs to happen to properly test and refine DR plans today, as well as which mistakes tend to be the most common among firms that currently participate in these activities. According to the agency, leaders should designate employees to handle testing matters, creating teams that will champion efforts and keep the strategies moving in the right direction over time. 

DR testing teams should be established and supported. DR testing teams should be established and supported.

The source suggested planning when testing will take place and ensuring all employees involved on the team are available to participate, then work to ensure that technical matters involved are managed by individuals with plenty of experience. Because some small businesses will not have large IT departments nor plenty of professionals on hand that have experience in these matters, managed services will often be a strong option to ensure proper testing. 

In terms of the mistakes most commonly made during these procedures, NIST argued that poor record-keeping of test-related activities will stifle the success of these ventures, as it will be more difficult to avoid re-work. What's more, the news provider suggested that companies not fail to properly coordinate internal tests with IT service providers, as disruption can be caused in these situations. 

Experience needed
Small-business owners will often make the fatal error of trying to do too much on their own, not understanding how technical DR and continuity planning have become. This will almost always lead to lost finances, as improper management of technologies will rarely yield returns on investment. It will also leave the company far more susceptible to disruption and outages, which can be devastating from the perspectives of brand reputation and profit margins. 

Working with a managed service provider that specializes in small business DR and continuity needs will almost always be a safer, more productive and financially advantageous path forward for entrepreneurs. Deployments, maintenance, optimization and testing will be handled by seasoned professionals, leading to stronger performances when disasters come to pass. 

Industry-specific disaster recovery tips released

Plenty of disaster recovery best practices are shared across industries and even regions. For example, network and data backup are critical components of any business continuity plan, regardless of where the company might be operating. However, there are also certain techniques and specific aspects of recovery that will vary among different organizations, and the trick to maintaining optimal operational continuity is to plan for every possible threat. 

This means building a foundation through sound, common necessities of recovery, then stretching the programs to cover more industry-specific risks. Taking that a step further, each individual business will need a specialized recovery and continuity strategy that adds contingencies for unique aspects of operations that might not be apparent in other situations. One industry that has plenty of digitally centric recovery needs is accounting, where data is almost always sensitive.

Accounting for disaster
The American Institute of Certified Public Accountants listed some of the core demands of recovery and continuity for companies that operate in financial services, affirming that these businesses must act soon to protect their bottom lines. Regardless of what time of the year it might be, network outages and data loss can be devastating in this industry, as clients will not be quick to re-sign contracts should they experience increased risk or slow turnaround times on orders. 

Accounting firms must shore up their recovery plans soon. Accounting firms must shore up their recovery plans soon.

According to the association, from a structural standpoint, accounting firms might want to consider implementing a task force of sorts, which would be a team of currently available workforce members to take the lead when a disaster comes to pass. Including at least one individual from each department in the team can help to ensure that all employees stay on the same page even when disruption is apparent and core systems are rendered useless. 

The organization added that accounting firms will need to iron out their plans a bit more comprehensively than other types of companies, and should have contingencies in place to keep mission-critical apps up and running. Finally, AICPA argued that assessment and refinement are critical across all aspects of the recovery plan, and that, because businesses in this industry can be crushed by even a short outage, leaders should focus on tight documentation of all activity related to DR planning and execution. 

Assistance for all
Businesses of all sizes and industries are increasingly looking toward a range of resources to help improve their resilience to disasters, namely managed service providers that offer cloud-based solutions. While this can help to get strategies up to optimal levels and ensure that all necessary technologies are deployed in a timely fashion, smaller companies can also look to the U.S. Small Business Administration for guidance. 

This can be especially helpful when starting a plan from scratch. However, working with a managed service provider that offers specialized support to entrepreneurs can add the unique touch necessary to get these firms up to speed with all of their recovery and continuity needs.