By: Gregorio Chavez, ConvergeSecure® Engineer
Business Continuity Plan
When we begin conversations on Business Continuity (BC) what comes first to mind: “maximum amount of up time possible”; “continued deliverance of product or service provided by the business”; or perhaps “redundancy in all aspects of operations”? When an unforeseen accident or challenge is presented can the business continue to deliver its service with minimal impact in productivity? In order to keep a healthy BC plan a series of processes and procedures must be in place to keep BC in its upmost optimal state of operations this would include a plan for: vacations, holidays, service availability issues, business impact analysis, replacing a staff member and change control management.
The topics and issues mentioned are directly tied to BC. However, I would like to focus on the grey area of BC which is: “what happens when BC cannot be maintained”? Ransomware, internet outages, power outages, natural disasters, floods, fires, unavailable cloud service… and a seemingly endless list of forces working to sabotage business continuity exists. This is where we begin to explore the Disaster recovery plan (DR).
Disaster Recovery plan
Disaster Recovery plans are often overlooked as it gets covered or mentioned in a BC plan. Examples include: having 2 internet service providers which seemingly solves internet outages; having a good backup solution that supposedly solves recovery from data loss or ransomware; having an offsite backup solution that purportedly solves the issue if our building were to become unusable as we can recover from the cloud or work from the cloud depending on the type of solution. These solutions do help with redundancy and can be part of your DR plan, but we must go even more in depth given that a DR plan is vital to your IT department in getting your systems back into normal operations as quickly as possible.
DR planning would include answers to questions like: “what to expect when ‘X’ goes down”; “when can we expect to be back into operation?”; “What should we do as a business during this time?” These are all first things that likely come to mind when disaster strikes. A healthy DR plan should cover these gaps, provide insight on what direction things are headed and estimate how long until ‘we are out of the woods.’
BC/DR planning takes a lot of critical thinking, skills and imagination. During BC/DR planning all decision-making parties and I.T. must be involved. This would aid in presenting a problem and getting direct feed back on what is impacted and what can be done to recover from the problem as quickly as possible.
Healthy BC/DR plans can be integrated into one another as most SMB’s and large organizations have great success with their plans, or they can be separated with more in-depth analysis in corresponding areas of impact.
What exactly is involved in a healthy BC/DR plan?
Download your free-book now!
“4 Business Continuity Planning Essentials”
To obtain a healthy BC/DR plan all areas must be reviewed to make sure we are first, doing everything we can to prevent a disaster. This would include surge protection, fire safety, power redundancy, data redundancy, internet redundancy, chain-of-command redundancy… essentially anything you can make redundant to reduce the likely hood of an outage in equipment or personnel. We should also be looking into a healthy life cycle of critical business equipment. This area is known as Mean Time To Failure (MTTF).
MTTF essentially represents how long software or equipment will run before failure is imminent. It is often associated with end-of-life support of software or an end-of-hardware manufacturer’s warranty. Hardware warranties should be closely monitored and tracked to make sure you are within range for replacement of equipment with a typical scenario of a 24-hour turnaround. Software support from manufacturers should be equally tracked and kept current in case you need one of there software developers to get involved in solving a problem.
A healthy BC/DR plan should also include planned outages. I like to think of them as fire drills where we test failover systems, perform routine test restores and validate that our plan is sound and requires no adjustments. These can be difficult to plan as we are essentially bringing down operations to test the sanity of our BC/DR plan in these scenarios. However, results must be available to be taken into consideration to either validate our plan is being executed as expected or to expose a flaw prior to a real disaster where we would be forced to attempt a recovery ‘on the fly’ and ‘under fire’.
Isn’t BC/DR more for larger organizations?
No, a BC/DR is often viewed as a service only large companies require. However, even a small organization can benefit from a healthy BC/DR plan and minimize the impact of an outage by maintaining the continuance of service and operations. Nowadays small businesses cannot afford gaps in service as the demand for immediate service becomes almost expected from all areas of operations. According to Gartner the average cost of downtime across all size businesses is an astounding $5,600 per minute. However, this does vary considerably across industries and business sizes and you can get a rough estimate of your downtime costs using the calculator on the bottom of our Backup and Recovery page.
BC/DR planning has standardized guidelines set by organizations like the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). More standards like these will continue to surface and or be updated in the coming years.
- ISO 22301:2012: Business Continuity Management Systems — Requirements
- ISO 22313:2012: Business Continuity Management Systems — Guidance
- ISO 22320:2011: Emergency management — Requirements for incident response
- ISO/IEC 27031:2011: Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity
- ISO/IEC 24762:2008: Information technology — Security techniques — Guidelines for information and communications technology disaster recovery services
- ISO 31000: Risk management
- Financial Industry Regulatory Authority 4370: Business continuity for banking and finance
- National Fire Protection Association 1600: Emergency management and business continuity
- National Institute of Standards and Technology Special Publication 800-34: IT contingency planning
- American Society for Industrial Security (ASIS) SPC.1-2009: Organizational resilience guidance
- ASIS SPC.4-2012: Organizational resilience management systems
Does CCC offer BC/DR planning?
Yes, we can help with the design and development of your BC/DR plan. To get even more in-depth information and learn about CCC’s solutions visit our BCDR page.
As always If you have any questions please contact your CCC Technologies’ Representative or reach out to our 100% U.S.-based Customer Care Team at 1-866.347.3780 anytime, day or night.