How to create a business continuity plan

Having a plan can mean the difference between recovery and disaster

No one likes to think about the worst thing that could happen to their organisations. But the more complex our IT architectures become - particularly with varying cloud or hybrid platforms - the more essential it is to have a business continuity plan in place in case of downtime.

In the past two years, 95% of enterprises have had to deal with at least one data centre outage, according to Gravic Inc. These disruptions sideline entire data centres, not just single systems. A study from the Ponemon Institute into data breaches in 2018 has shown that the averate total cost of a data breach last year was $3.86 million, with the most costly component being lost business cost. Even a small disruption to business will cost money, so having a plan in place can mitigate revenue losses.

Advertisement - Article continues below

A business continuity plan is more than just making sure critical IT and services are available if disruption occurs, or being able to restore functions quickly. A good plan should aim to keep the complete ecosystem of critical business functions operational in the event of a serious incident.

Why have a business continuity plan?

There are a wide range of reasons why an organisation should have a business continuity plan put in place 

Advertisement
Advertisement - Article continues below

Firstly, it is a communication tool. Having a plan in place means that everyone will know what to do in an emergency. In a disaster, if someone doesn't know what role they need to play, the risks aren't going to be mitigated.

Secondly, it means that your organisation is proactive. When disaster strikes people will know what to do instead of trying to figure out things as they go along. This also helps manage any negative impact on the company's reputation; it may be difficult to avoid data breaches entirely, but demonstrating preparedness will make clients more understanding.

Advertisement - Article continues below

Thirdly, having a plan means that you have a good chance of recovering from disaster. When you protect mission-critical parts of a business, there is a good chance of survival and staff morale will be higher for it.

Not only does having a plan increase your chances of recovering from an incident, but it also reduces the likelihood of you having another one. Businesses that don't have a business continuity plan are 32.3% likely to have a data breach at some point over the next two years, but this falls to 23.4% for businesses with a plan, according to the Ponemon Institute.

Finally, a business continuity plan can reduce the time it takes to identify and contain the data breach incident, especially if staff have a structured plan to follow. It significantly minimises disruption if teams are aware what steps they need to take to keep the business up and running.

What's in a business continuity plan?

A plan should provide a roadmap for employees so they know what to do when things go bad. Such a plan should include the following. 

Advertisement - Article continues below

Threat analysis natural disasters, such as a flood can destroy IT infrastructure, while a cybersecurity hack can put your network offline but not affect personnel. Bombs could kill people and destroy equipment. It's important to cover what to do for all major possible threats.

Who's responsible when disaster strikes, an organisation should have a list of personnel to contact and what they role in a continuity plan will be. An organisation should also keep contact details of external services, such as police, fire, etc.

Plan a backup it is important to have a backup of important data offsite away from where an organisation is based. There should also be consideration given to backup power supplies. In addition to uninterruptible power supplies, one should also consider what to do if the power will be out for a considerable amount of time.

Alternative comms and operational sites if you have no telephones or internet, you need to plan how you will keep in contact with customers, employees and others. A plan should also cover how and where to set up operations in an alternative location.

Advertisement - Article continues below

Increasingly, organisations are putting in place formal disaster recovery (DR) processes as part of their business continuity plans.

A global study into DR processes in 2018 showed that 39% of companies had an automated DR process in place, up from just 16% in 2017. Using automated processes like this to get your business up and running in the event of a breach is a good way to make significant cost savings.

Managing a business continuity plan

Managing a business continuity plan means keeping it up to date, changing details to ensure they are correct. It is also important to review the impact of new processes, systems and technology on a regular basis and add these to the original plan.

Those responsible for the plan should also make sure that all employees that could be affected by a disruption to the business have read and understood the plan, what their role in the implementation is and how the plan will be executed. Even non-essential personnel should be informed about such things as building evacuation measures, as well as emergency locations.

In the event of a breach, the business continuity plan should be reviewed and adapted if necessary to further minimise disruption in the future.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/data-centres/30952/five-business-benefits-of-hyperconvergence
data centres

Five business benefits of hyperconvergence

25 Mar 2020
Visit/digital-transformation/31524/how-to-spot-a-failing-digital-transformation-project
digital transformation

How to spot a failing digital transformation project

17 Mar 2020
Visit/strategy/28047/what-is-digital-transformation
Business strategy

What is digital transformation?

6 Mar 2020
Visit/tablets/21843/best-business-tablets
Hardware

Best business tablets to buy in 2020

5 Mar 2020

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020