The natural disasters that have plagued our world in recent years have proven just how crucial it is for organizations to have a business continuity plan. According to statistics released by The Federal Emergency Management Agency (FEMA), more than 40% of businesses never reopen after a disaster. Among those that do, only 29% are still operating two years later.
Why your business needs a Business Continuity Plan
Traditional backup methods are no longer sufficient. Your business needs data backup, recovery and business continuity whether it be for physical, virtual or cloud-based environments. Failing to prepare can mean millions of dollars in losses and major headaches while trying to recover. A proactive and circumspect approach is key.
We think about “Business Continuity” as a series of answers to all of the “What if” questions on the continuum of unforeseen circumstances. Business continuity planning is crucial to ensure your company can still operate after a natural disaster, a blackout, or other serious disruptions. Businesses need to protect systems and data against disasters of all types and document them for all stakeholders.
Whether your company is reexamining its existing plan or building one for the first time, you will want to position your company for optimal resilience in the event of the unexpected.
Writing a Business Continuity plan for the first time
Think of business continuity planning the same way you would when responding to a family emergency. Something all-consuming occurs and you want to ensure the safety of everything precious to you. The same basic questions that arise in the event of a family emergency have parallels in disaster recovery for business:
1. What happens when a key member of your business is on vacation or out sick? Do you call him/her if something arises?
2. Have you documented procedures/processes in the event of an emergency?
3. What if you have a water pipe burst, a fire, or an encrypting virus (which is the IT equivalent of a family emergency)?
4. How thoroughly have you trained employees to identify a phishing attack before they fall for it (and subsequently comprise the company)?
Each of the above simple scenarios could have a major impact on your business. Without an answer or a well-documented plan, your are placing your most valuable assets in jeopardy.
If every journey begins with a single step, do not wait until it is too late and disaster strikes to ask, “How resilient is my business?”
“When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential.”
U.S. Department of Homeland Security
How do I know if my Business Continuity Plan is good enough?
In the event of a natural disaster, your company won’t likely be asking if its continuity plan is “good enough.” You’ll be looking to ensure the safety of all employees and facilities, trusting your IT service provider will provide status updates on data backups, system functionality, and other critical functions.
A more precise answer to the question of “good enough” for business continuity can be found within the Recovery Point Objective (RPO) and Recovery Time Objective (RTO).
Do you know your RPO and RTO? Are they where they need to be for optimum recovery?
The RPO answers the question, “When was the last backup made?” It focuses on data and the amount of data loss that your company can withstand.
The RTO answers the question, “When can my business be back up and running?” Simply put, RTO takes in consideration the time your company needs to recover your business operations after an interruption has occurred.
The following diagram shows the RPO/RTO past/future relationship to backup and recovery in the event of a disaster.
Graphic courtesy Datto
The RPO is the age of the files recovered from backup storage that are necessary for normal operations to resume. RPO focuses on the past. For example, if the RPO is one hour, backups are made at least once per hour. This means in the event of a disaster, you would potentially lose up to one hour worth of data. How much data you are willing to give up?
The RTO is the maximum amount of time that a system can be down. RTO is thinking about the future. When can my business be back up and running? Every minute of downtime means critical data, customer, or revenue loss. How long can you afford to be in the dark?
Don’t know your RPO and RTO?
A Recovery Time Calculator can help.
Looking to Improve your RPO or RTO?
Your company may already have a continuity plan in place. However, if you have added new systems, new data centers, or created new processes, you may want to revisit your plan to ensure it addresses the full critical business infrastructure. Your change management process should incorporate your business continuity plan.
Some particular areas you may want to give attention:
1. New risks - especially posed by the Internet of Things.
2. Data Center Interconnectivity - especially for companies that maintain them in multiple geographies.
3. Testing and documentation - When done regularly, they can save companies from preventable failures.
Making sure your backup and disaster recovery plan executes smoothly and efficiently is the key to ensure that the lights stay on, productivity remains high, and business continues to flow.
How Strong is your Business Continuity Plan?
Power Outages cost the U.S. economy $20 billion and $55 billion annually and continue to increase each year.
How should business continuity factor in when hiring an IT service provider?
Hiring an IT Managed Services Provider (MSP) can empower your business with specific strategies. Your MSP will document your processes and protect your data and systems. Further, your can benefit from their defense-in-depth strategy and resources to provide continuity of services. It empowers your company while empowering your customers as an extension, granting access to your business offerings, even if a key employee is away.
The decision to hire an IT service provider that provides first-rate business continuity solutions should be made for the following reasons:
- To position an organization to be stronger, even after disaster strikes
- To provide extra assurance for every level of the organization
- To ensure access to an evolving set of backup methods
Businesses that invest in their preparedness cannot prevent the storm winds that blow, but will be poised to recover when they do.
Does your organization want more peace of mind in protecting its IT assets?