Best Practices for Business Continuity Protection
The ability to sustain business operations in the face of disaster -- or merely a hardware or network failure or employee error -- requires planning.
You can figure out if the effort is worthwhile by asking and answering one simple (yet scary) question: "How long would my business survive without its computer systems, networks, and applications; without its business data; without its phone system; and without its offices?"
If you conclude that it's wise to think through how your business should respond to events that interrupt its operations, you can begin with the guidelines contained in the DRBC (disaster recovery/business continuity) Framework, developed by Naresh Malhotra and Saby Mitra of the DuPree College of Management at the Georgia Institute of Technology:
- Charter a team. This involves getting commitment from the CEO of your company and establishing a cross-functional steering committee and a core operational team.
- Conduct an analysis of your business. You'll need to identify the goals of your business as well as its outputs, processes and resources, the risks it faces, the potential impacts of those risks, and the roles of those (such as technology vendors) you'll turn to for risk mitigation.
- Define a disaster recovery/business continuity strategy. This must be done at the company-wide level as well as for your business processes and resources; then you'll need to figure out how to pay for it.
- Develop a detailed plan. Define its scope, document requirements in detail, then design it.
- Implement your plan. Steps include getting buy-in throughout your company, developing implementation documentation, assigning roles and responsibilities, training employees, and testing what you've implemented.
- Maintain your plan. You'll need a change management process as well as the ability to monitor performance and benchmark new applications, products, and processes.
This effort may not have to be as complicated as it sounds. Businesses often can, for instance, get help setting priorities at facilitated workshops that conduct risk assessment and business impact analyses. If your business has multiple locations, one site can serve as backup for another. In addition, you can upgrade your IT systems maintenance contracts to get replacement hardware in 24 to 48 hours, which can be drop-shipped to a recovery location where data and applications can be loaded from backup stores.
The key is planning, training, testing, and regular review of the plan. Do this and you'll have the same chances of surviving any trouble that you might encounter regarding your business operations.
For more information on CA's small and medium business solutions, please visit ca.com/smb.
Copyright 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. To the extent permitted by applicable law, CA provides this document "AS IS" without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised of such damages. Inc. and Inc. 500 are registered trademarks owned by Gruner + Jahr Printing & Publishing Co.
This story, "Best Practices: Backup and Recovery Strategies" was originally published by Computer Associates.