The Business Continuity Institute is kicking off its annual Business Continuity Awareness Week (BCAW) this week, from May 14-18, which aims to help organizations and professionals address emergency preparedness. For this reason, we want to give you an inside look at some of the touch points we have with our clients about business continuity.
The topic of business continuity is a vast one and encompasses a unique set of variables for each and every client. If you’re evaluating your company’s continuity plan, you may be wondering if you have all your bases covered. Here are some questions to guide you:
Question 1: Do you have a strong sense of your business’s greatest threats to prevent costly downtime?
Many small-to-midsize businesses put off data protection because their physical location or data centers are far removed from the threat of natural disasters (tornadoes, hurricanes, earthquakes). Yet, they have often grossly underestimated the bigger threat to their data. That threat lies within their company, not the great outdoors.
Human error accounts for 58% of downtime by data volume in a file or database, versus 42% from network outages (Symantec). As it turns out, businesses should be more wary of their own employees and less of natural disasters.
Question 2: What is at risk for your business in the event of a disaster?
The answer to this question may take some time for companies to fully assess, and with good reason. They are wise to make a careful inventory of all the servers, desktops, laptops and mobile devices that they manage, as their assets may have expanded since last they took stock of everything.
An added layer of complexity in this inventory is the cloud. If your business hosts applications through a cloud service, make sure you have a copy of your service level agreement. As a recent column in InformationWeek points out, it is imperative that companies that use a third party to manage their cloud can count on their service provider to provide adequate IT protection in the event of a disaster (or against attacks).
Question 3: Are your RPO and RTO good enough?
Synthesizing all the information gathered from Questions 1 and 2, we can better determine whether your plan will serve the company well in the event of a disaster.
For example, if your server suddenly dies, you wouldn’t be able to resume work if you only had file-level backup. You would first need to replace your server, re-install your software and data, and then reconfigure your system with your settings and preferences. This process could take days. What kind of financial impact could this pose for your business -- especially if, e.g. you are in the midst of developing a new product or service?
When talking about building a plan to deal with a major disruption, we think in terms of Recovery Time Objective (RTO), and Recovery Point Objective (RPO). For a more detailed picture of RPO/RTO, read more here.
By calculating your desired RTO, you have determined the maximum time that you can be without your data before your business is at risk. Alternatively, by specifying the RPO, you know how often you need to perform backups. Depending on how your business operates and what it requires, you may have an RTO of a day, and an RPO of an hour. Calculating these numbers will help you ascertain what type of data backup solution you need as well as how detailed you need to be in documenting all of it for the appropriate parties.
Does your company measure up?
Although the annual global BCAW event is only five days long, companies strive every day to ensure they will be resilient in the face of disaster. Take our free Business Continuity quiz to see how your company measures up.