By Rocky Vienna
Principal
According to the U.S. government, up to 40% of businesses fail to reopen following a disaster. Recent natural disasters such as Hurricane Sandy have underscored the need for Disaster Recovery (DR) and Business Continuity (BC) planning. Here's what you need to know.
Before we delve into the components of BC planning, let's clearly define the difference between Disaster Recovery and Business Continuity. Disaster Recovery refers to the IT plan that assumes that an event (usually physical in nature, such as an earthquake or fire) has occurred, resulting in significant disruption to business computer systems. A Business Continuity Plan is the set of business procedures that enable business organizations to respond to an event that has disabled the company's business systems in part or in whole. Some events, such as the sudden loss of a key service vendor or supplier, do not require DR but still need to be considered for BC.
Management has a responsibility to recover from such incidents in the minimum amount of time and with the least amount of disruption to the business as possible.
Business Continuity plans are required to ensure that all key business functions continue operating in the event of an emergency. While IT may be chosen to be the department responsible for coordination and delivery of the BC Plan, it is the responsibility of each business unit manager to own and maintain the Business Continuity Plan as it applies to personnel, processes and business functions within their areas of responsibility.
Business Continuity Planning has 5 Major Parts:
- Business Impact Analysis and Risk Assessment – If this first step of Business Continuity Planning is not completed properly, the rest of the plan will likely be flawed. This assessment identifies the critical functions necessary for the organization to continue business operations, assesses potential risks to the organization, defines and measures controls that can be put in place to reduce exposure, and evaluates the cost of such controls. A risk-benefit analysis that will guide the rest of the planning process is the outcome of this assessment.
- Recovery Solution Planning – Planning is specific to the particular situation the business unit is in. Attributes like number of locations, distribution of personnel, lines of business, interdependency of processes, disaster scenarios planned for and requirements for alternative sites are all considered when creating the recovery plan.
- Implementation – This includes preparing the procedural documentation, training the personnel selected for the response team, collecting and storing supplies (checks, contracts, etc.), creating emergency authorization procedures and preparing the alternate work site. Basically, you'll be doing everything in preparation for executing the next step – testing the plan.
- Business Continuity Testing – Although testing the BC Plan is often viewed as too much of a disruption to business to be valuable, it's far less disruptive than encountering an event for which you are not prepared. Plus, it makes little sense to spend the resources on preparing a BC Plan if you are not going to test it to ensure that your planning assumptions were correct; that the plan doesn't have process, document or resource gaps; and that you have practice managing through an event.
- Maintaining the Plan – Businesses aren't static and your Plan shouldn't be static, either. As your business evolves through mergers and acquisitions, new products and new suppliers, your Plan needs to evolve with it. Maintenance of your Plan is critical to ensuring your organization is prepared to handle the inevitable.
What Should be in Your Business Continuity Plan?
At a minimum, your Plan should determine how you will address the following:
- Ensuring the safety and well-being of your personnel
- Dealing with public relations issues (for executive staff)
- Processing payroll, accounts payable and accounts receivable
- Taking and fulfilling orders
- Handling customer service
- Communicating with key management and staff
- Taking the business back to a "normal" state
- Testing the plan
In addition, you also need to know who will be responsible for invoking the plan, and what is required for training, preparation and supplies.
Need help with business continuity planning? Give us a call! We're here for you.
About Rocky Vienna
With over 25 years of experience as an IT executive and business consultant for leading global brands, Rocky brings deep expertise in IT Strategic Planning, IT Governance and Compliance, Enterprise Program Management, M&A Integration, Business Process Reengineering and Outsourcing Strategies and Management.
Rocky specializes in high-visibility transformational engagements. He has led enterprise initiatives at an impressive array of Fortune 100s, start-ups, and medium-sized fast-growth companies in health care, technology, financial services, retail, publishing, hospitality and higher education.
About CIO Professional Services
CIO Professional Services LLC is a top-rated IT (Information Technology) consulting firm, based in the San Francisco Bay Area, specializing in strategic IT consulting and business / IT alignment. Companies come to us seeking assistance with their information technology strategy as well as to source interim CIO / CTO employees or fractional CIO / CTOs.