Just as every business has insurance, so must every business have a Business Continuity Plan. One only needs to remember Hurricane’s Sandy and Katrina to realize that, while disasters affecting many businesses don’t happen every day, they do happen. Hurricane Sandy especially pointed out the vulnerabilities of the electricity grid. So even if a data center is secure and stable, a regional electricity outage could create a disaster for businesses that otherwise might not have been affected. Therefore, a Business Continuity Plan is a requirement for any business.
The netlogx team’s experience with organizational change management is the catalyst to develop and implement the Business Continuity plan. Once the organization is prepared, netlogx business process and technical project managers can facilitate the process to create the plan.
The general process is this:
- Business Impact Analysis – differentiates critical and non-critical business processes/functions and assigned a Recovery Point Objective (RPO) and Recovery Time Objective (RTO)
- Threat Risk Analysis – identifies various risks that may affect the business
- Impact Scenarios – identifying the effect of various risks (e.g., a risk that impacts a data center will have a different impact that a risk that impacts the corporate office)
- Recovery Requirement – needs for recovery are documented for each risk
- Solution Design – with the risks, impacts and recovery requirements documented, solutions can be designed
- Implementation – including, but not limited to, a contract for a disaster recovery site, documented steps for dealing with various threats and educational for employees
- Testing and Organizational Acceptance – depending on the threat and solution, tabletop exercises or larger-scale simulations are typical testing methods
- Maintenance – on-going awareness, training and annual updates are typical needs for continued maintenance
Just like insurance, a Business Continuity Plan can save a business in the event of a disaster.