Although network security and information security are the new sexy terms in information technology, they are not the only terms to consider. Business continuity may be the non-sexy sister, but without a business continuity plan, a business may be only one disaster away from ruin.
A catastrophic loss of data can occur at any time due to circumstances beyond your control. Natural disasters and theft can leave companies without critical business information. In minutes, a company can lose everything. All computers, gone. External hard drives for backup, gone. CDs that were burned in case the hard drives failed, gone. Paper documents that were stored, gone. In essence, mission critical tools, such as accounting, customer lists, marketing plans, everything can be gone with no hope of recovery in a physical form. Employees can be scattered making it difficult to provide assistance or begin the process of rebuilding.
In the aftermath the physical offices can be a total loss with no site access for months as cleanup is underway. For the vast majority of businesses, there is little that can be done other than starting over from the beginning.
Business continuity preparation goes far beyond simply ensuring that hard drives are backed up remotely. The goal of business continuity is to ensure critical operations can continue. How will the business survive if everything inside the walls of the office goes away? If business operations must stop for a significant length of time, clients are lost and debts go unpaid.
Business continuity planning begins with a thorough audit of the company, its data infrastructure, supply chain management, inventory policies, and the information necessary to run the day to day business processes. There is information that is static and simply stored for record keeping purposes and there is data that is frequently changing. There are also paper records that must be available in some format. Knowing which data is most crucial to day to day operations allows a better process design should the unthinkable happen.
What steps will you take should there be a catastrophe? Is your system based on a comprehensive, enterprise-wide people, process, technology and facility risk assessment and mitigation approach? How long will it take to get your business processes online should you be required to start without your physical materials? You will want the process to be as quick and simple as possible so you are able to both deal with the disaster as well as recover as quickly as possible. The longer the delay, the higher the cost and loss of potential revenue. Clients need to see stability and recovery as quickly as possible.
Recovering data is not the only purpose of a business continuity plan. While important, regulatory concerns must be a part of the business continuity plan. Depending on the industry, companies must adhere to specific guidelines and laws in terms of record storage, privacy, and audit trails. Medical offices are bound by HIPAA as well as regulations on records retention. Schools require storage for a set amount of time. Financial institutions have their own set of regulatory requirements.
In times of disaster, crisis-mode thinking is often the only mode available. When danger to life is concerned, few have the time or clarity of thought to consider how the company is going to continue. The only thought is of personal safety and safety of others. Even those who consider the business are faced with the reality that now is too late. If a business continuity plan is not in place, there is nothing more that can be done other than grabbing a laptop and running for safety.
Photo Courtesy of bknittle