Business continuity plans have come to mean instructions or procedures any business should follow in the face of a successful ransomware or other cyberattack. Although IT issues are often the most debilitating when it comes to getting things back to normal, ‘business continuity’ anticipates and includes responses to other disasters, like fire, flood and theft, too.
There are business processes, partners and suppliers, human capital, data and other assets to protect in the event of a disaster. While each dark episode in the life of a company will be unique in certain aspects, enterprise can avail itself of an essential toolkit – the business continuity plan – when things go wrong. Always variable and often unexpected, business calamities demand a strategy for the maintenance of business as usual, regardless of how unusual circumstances might be in the moment.
That strategy will optimise continuity and minimise negative implications, resulting in an overall minimisation of longer-term repercussions on business profitability. It’s often grisly and as often demanding of sudden decisions that are extraneous to the core plan, but the core plan is essential as a guidebook for the promptest and least stressful restoration of business, in order to maintain cash flow and overall profitability. Force majeure events (the Covid 19 lockdown is a classic example), physical destruction or damage to business premises, or a wholesale sacking of company data are all events capable of ending business for good. The stakes are high, and the fittest companies have a ready template of action for such dark moments.
Business continuity plans and Disaster Recovery (DR)
Disaster Recovery (DR) centres on restoring IT systems after a ransomware or other cyberattack. Often confused with a business continuity plan, DR protocols may well be the most important component of a business continuity plan, yet they remain but one component of an overall plan.
With that said, it’s common to modern enterprise that almost nothing can be resolved without IT in place and running smoothly, hence the need to develop a reliable business continuity plan template with IT support well ahead of time. Business continuity is absolutely essential to map out while it’s still completely unnecessary. On the plus side, IT architecture lends itself to backup and security, and with typical Irish zeal and prowess in the arena, a detailed and ultimately successful continuity plan with adept DR protocols can be effectively formulated ahead of any possible disaster.
IT considerations for a business continuity plan
- Storage. Where and how is data stored? What are the alternatives on access and/or storage if that particular access door closes? A company needs to know exactly how it will access what data it needs to roll on without hiccupping in the event of a complete denial of access or loss (removal) of working data.
- Who are the key personnel in making IT continuity happen, and what are their responsibilities? It might seem a stupid question, but do they then have the authority or clearance (with accompanying credentials) to act on their responsibilities? Disaster recovery is a moment of unusual trust and professional performance – everyone needs to understand that, be equipped, and up to the task.
- In the event of hardware damage or loss, where are new machines coming from, what or how much is needed to tie them into current daily operations, and what aspects of the current IT system or systems might snag on replacements of this nature?
Some broader considerations for business continuity plans
- Manufacturing, sales and deliveries or service provision, as well as HR considerations feature in any decent business recovery template. How will normal comms evolve (or dissolve) during recovery? Would majority remote work be best, or perhaps a secondary location should be established that ultimately costs less and facilitates more in the event of a calamity? What functions can be contracted out?
- To answer all the above questions, a business impact analysis will have been tabled and tested for validity way ahead of genuine disaster striking a company. This analysis will identify the most crucial aspects to maintain business continuity. A business impact analysis acknowledges vulnerabilities and doubles down on safeguarding these, while also looking at cost implications on all aspects of the business – what it will cost to put in place and what it might cost when absent. Generally, the latter costs a whole lot more in a typical disaster scenario.
Testing, testing, one two three
Disaster Recovery may be well-sorted by IT support in the event of catastrophe, but any successful, comprehensive business continuity plan has to factor in what happens with people and processes, too. Quite remarkably, the way in which a company performs under such adversity can often enhance client relations and go towards an overall greater profitability in the future. If ever there was a test of a business’ professionalism and real caring, it’s what it does and how it handles its clients in the event of disaster.
Effective disaster management can elevate a company’s reputation and generate an immense amount of goodwill, too. Being prepared and making the best of getting back on track can increase any company’s listed market value, plus boost customer numbers and overall confidence.
Such effective behaviour must include testing. Testing of a mock wholesale collapse of systems, testing of alternative (disaster) protocols, and testing of everyone’s ability to keep the wheels turning in a trial scenario. It might seem silly when everything is going well – much like those school drills that practise fire alarm responses – but testing a business continuity plan is as essential as formulating it in the first place. Companies that discover gaps in their contingency plans while suffering catastrophe are unlikely to be around afterwards. Testing allows for improvements and the fine tuning of the continuity strategy details.
The business impact assessment informs the drafting of the business continuity plan. That plan contains the DR component and goes on to address all aspects of the business. And it’s in the testing – regularly and repeatedly – that an enterprise will ready itself to survive even wholesale shutdowns or failures, and go on to a better future.