Business Continuity: Will Your Plans Serve the Business When You Need Them?

Despite decades of advocacy by IT and disaster recovery experts regarding the importance of off-site backups, crisis communication plans and other elements of business survival, many companies still don't have a functional plan for business continuity in the wake of a disaster or major disruption.

In fact, the majority of firms don't even have an adequate program for ongoing IT continuity to reduce business interruption. Per the 2013 Ponemon Institute, 86% of firms experience one or more measurable instances of system downtime in each year, with 60% of those instances being attributed to user error.

On the resiliency side, a Sungard Availability Services survey found that 75% of continuity plans are not used in their existing state during either testing or a disaster. Inadequacy of communication protocols is equally disconcerting, with 85% of companies believing their crisis communication plans aren't very effective. At the same time, severe weather events, cyberattacks and power grid overloads are causing an increasing number of business disruptions.

Cumulatively, this state of affairs makes a pretty strong case for well-planned, functional business continuity and resiliency plans, but they don't tell business owners how to go about accomplishing that task. For resource-strapped small and medium-sized business (SMB) owners, the challenge can be overwhelming.

We don't have room in this blog to provide you with sufficient practical advice, but we can offer a few pointers.

• On-site backups are not enough. Although a disaster that destroys your physical location may be statistically unlikely, many other factors–from ice to a nearby SWAT event–can render your location unavailable. Having a remote access plan (including both on-site systems and offsite backups) for employees is a big part of avoiding short-term business disruptions.
• Cloud backups are only as reliable as the data center that houses them. If your cloud backups are housed in a data center located near your office, and a weather event or terrorist attack renders the entire area damaged or inaccessible, the data center could be in peril, as well. Make sure any company with whom you work has redundant data centers in locations far away from your business. During any evaluation process, also ensure the data center follows best practices.
• The KISS rule applies in disaster planning. The old adage, “Keep it simple, stupid” is very applicable to business resiliency planning. A 300-page disaster plan is of little value if no one has read it or knows who is in charge of executing it. It's far better to have a simple, clear protocol for where backups are stored and how they can be accessed, what the chain of command will be if company leaders are out of touch, and which systems must be restored to operation, first. Such a plan is also easier for businesses to develop and manage.

There are many other aspects of disaster and disruption planning that go hand in hand with these suggestions. On the IT side, they include best practices for backup hardware, network management to reduce short-term outages and more. To explore the options and begin taking proactive steps to bolster your business continuity mechanisms (both short-term and long-term) we invite you to download our white paper on disaster recovery planning and give us a call.