No matter the size of your business, it represents a unique and complicated eco-system of people, data, hardware, and software working in sync. It’s facilitated by employees, their capability to work together, plan and organize collectively across departments – distributing tasks and information and delegating job responsibilities appropriately. This, for good business operations, works pretty smoothly for the most part and left uninterrupted can work very effectively.
In the face of catastrophe, how would your business react? What could do it do in order to maintain its current output as best as possible. How could the complex eco-system be transitioned and how smoothly can it be done? This is the job of Business Continuity Planning and Disaster Recovery.
It’s important to recognize, that there is always some element of risk, no matter your business operation, it’s location or sector. There will always be some level of threat, not always existential, but as we have seen with COVID-19 when catastrophe strikes the impact can be global and affect almost everyone and everything on the planet.
Negative consequences, and repercussion that can be detrimental to all aspects of your business include:
• Damaging or losing your data
• Harming your brand or reputation
• Decreasing or nullifying revenue streams
• Lowering of staff morale
It’s not all doom and gloom.
Luckily for business owners, the future didn’t only bring a new wave of cybercrime (thanks a lot WannaCry), hacks, breaches and spying (I’m looking at you Facebook) – it also brought forward the kinds of technological competencies that can be utilized to mitigate almost all risks. In order to make the most of these technologies, you need to understand both Disaster Recovery and Business Continuity and what they mean to your operation.
What is Business Continuity?
Business Continuity is a strategy that provides your business with all the essential functions it needs to continue after a disaster. As well as stabilizing your business, a Business Continuity Plan (BCP) will make sure that your business can startup lost operations as quickly as possible.
A Business Continuity Plan is related to your Business’s Structural Risk and it’s assets. The structural risk is made up of 3 core components: Infrastructure, Natural Disaster, and Fire and it’s assets can include, servers, phones, network connections, drivers etc., You need to consider not only the structural damage and its costs but also loss of access, power and communication outages and potential disruptions in access to these caused by crime. Not all disaster will be catastrophic, you need to consider the full spectrum of disruptive events.
It’s important that your Business Continuity Plan focuses not on the causes, but potential effects. A Business Continuity Plan forms a valuable reference document, that clearly explains the processes that should be undertaken should a disruption occur. Your strategy should outline what risks are the most likely to occur and what would have the biggest negative impact on your business and how these disruptions can be smoothed over.
Business Continuity Plans typically consider 4 key components:
Critical Assets:
- People: Contact information for all employees, customers, vendors and suppliers. All the personnel that keeps your business up and running. You should also have an email alert system that keeps all key stakeholders about your recovery.
- Building: Addresses of all the physical locations your business rents or owns, and as copies of leases and a list of people with access.
- Equipment: This is necessary for insurance, a list of all hardware and software, tools, equipment, furniture etc.,
- Data: Essential documents, accounting and payroll information, data backup locations, passwords to your business websites and social media.
- Inventory: Lists of stock, supplier, materials etc.,
In order to cover all your bases here, many businesses can now simply use a cloud computing solution to store all their essential data and keep appropriate backups in a secure cloud location. Delegate responsibilities to management to take authority over who will update the information and ensure good and regular housekeeping on the data.
Critical Operations:
All critical business operations should be listed and assigned to a member of staff to be responsible for. Each member of staff should then make protocol based on their responsibilities that they would need to restart operations for minimal and extensive disruptions and how they would go about completing that.
Key Supplier / Contractors:
A list of your vendors and suppliers with key stakeholder’s contact information. You may want to build relationships with other suppliers in case your preferred contractor fall victim to a disruption.
Insurance:
The name of insurance companies and agents, the type of insurance with policy numbers. You may want to consider taking out Business Interruption Insurance which compensates you for lost income should disaster occur.
What is Disaster Recovery?
Disaster Recovery involves restoring the vital support systems within your operation. These systems are mostly concerned with communications, hardware and IT assets and minimizing the downtime on getting business operations back to normal. Unlike Business Continuity Planning Disaster Recovery revolves around restoring infrastructure vs making the business operational again.
Because IT systems these days are so critical to the continued success of a business, disaster recovery is a fundamental block in the business continuity process. Disaster Recovery is more preventative in nature than continuity tools which are typically used to smooth over and continue business as quickly as possible.
In order to create a disaster recovery plan or identify the type of software solutions you may need to protect your business; you first need to evaluate vulnerabilities in your IT infrastructure and where things could go wrong. When evaluating it’s important that you don’t approach it from the stance of “Worst Case Scenario” but take a more rounded view of all possible occurrences.
As part of your Disaster Recovery evaluation you should consider business analyses, like:
Business Impact Analysis (BIA): A systematic process to determine the potential effects of an interruption to critical business operations.
Risk Analysis (RA): Build a risk decision matrix that evaluates the likelihood of an occurrence and its impact.
Recovery time objective (RTO): This is the maximum amount of time that you can allow a system to be down before you will be affected by unacceptable consequences.
Recovery point objective (RPO): Is the age of the files that must be recovered from backup storage in order to restart normal business operations.
By thoroughly evaluating the kinds of risks that could impact your business, you can start to make better technology choices on how to mitigate this risk. At the bedrock of any Disaster Recovery process is business-class cloud backup and replication. This will mean all your essential business data can be stored off-site, in the cloud and can be brought down efficiently to reboot your business operations. Depending on the scale of the business interruption, you may need a Disaster Recovery site. On the whole, it’s smart to stay away from physical hardware as much as possible in your DR process, as they will always be susceptible to risks, from natural disasters, human error and cybercrime.
If you feel that the planning, implementing and importantly the maintaining of a Disaster Recovery solution is too arduous, you can speak to Aware Group – about their DRaaS strategies or simply get a BCP plan.
Digital Marketing Manager at Aware Group: Working his way through the world of technology and Thailand as best as he can. Happy to contribute to other tech publications.