Going for gold in business continuity

Business of IT: London 2012 has the potential to bring serious disruption to some companies, making now a good a time to update business continuity plans.

As one IT director put it, there is little point in having IT systems running at full tilt in a backup datacentre if staff cannot use the main office, because there is no catering, and no-one to clean the toilets.

This does not mean that every company should have to comply with a detailed business continuity planning standard, such as the recently-launched ISO22310 (formerly BS25999). For some smaller suppliers, the level of work involved cannot be justified. But enterprises and public sector organisations do need to pay as much attention to their supply chains, as they do to their own continuity and recovery plans.

Floods to 'flu: non-IT threats

It is also a mistake to see business continuity only as an IT issue. Basic IT backup and recovery is important, and no organisation can afford to overlook it. But businesses also need to anticipate a wider range of threats, especially those that affect staff.

A few years ago, pandemic planning was top of the business continuity agenda. More recently, UK businesses have been forced to react to transport disruption, and to floods. Companies have also had to deal with supply chain problems, following the earthquake and tsunami in Japan.

"You should not look for a single business continuity planning solution. Multiple strategies are valid. You can contract to have a workplace recovery site, and you can build in processes to make users, or the IT organisation, more BCP aware," he advises.

And you can nurture working from home programmes. The important point is to have a framework."

Businesses should, he says, start by assessing their risks, and listing their most critical systems and operations.

Some people, and some IT resources, will be critical to the company's operations in an emergency, and some will be vital for the business to trade. Those should be recovered first. Other, less critical systems can come back online later, and some staff may be able to work from home for longer.

What matters is to have a plan, to test it, and to ensure that everyone knows who will be in charge. The best person to run an emergency response team might not be the CEO or MD, and it might well be the head of IT.

"For most companies, it is a question of tiering applications," says Sungard's Tilley. "You probably won't have 100 per cent availability of all systems; there will be some that are needed fairly quickly, and others you can manage without for a few more days."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Most Popular

SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021