Business continuity, undoubtedly, is at or near the very top of every IT organisation’s list of strategic initiatives, considering the dramatic costs and implications of downtime. Paul Timms, Managing Director at MCSA Group Ltd, addresses the key questions organisations should keep in mind when designing and implementing a business continuity strategy.
What are the risks to your business?
Every business is different, but an IT system is often imperative to running a business. The implications of a ransomware attack will vary according to the organisation and will impact how a business prepares for business continuity. Always consider your sector and your business size when planning how to allocate your resources and where to focus your priorities. Ultimately, the risk to your business will depend on your attitude to downtime, verses cost and resources.
Have you planned for all eventualities?
It is critical that your business looks at all aspects of a business continuity event. To properly plan for disaster recovery, evaluate the risks and the impact. How can you mitigate these? If, for example, you have a power failure do you have a way to reroute your office phone number, and does your team know who will implement this and how? Essentially cover all risks to define a solution that ensures you can still function in the event of a disaster.
Are the blocks built in and have they been tested?
To allow you to plan for risks and solutions in a functional way, build and test your IT solutions in blocks. These can then be tested in a rigorous way with likely scenarios to drive out and validate (or not) assumptions on management during a business continuity event.
Are you prepared if the cloud goes down?
You’d be mistaken for thinking that the cloud solves all your problems, as this is not the case.
For example, a businesses’ cloud-based office365 environment can still get a virus and become corrupted. If you have not set-up the IT systems to back-up that data, then it will be lost. If the cloud goes down, you need to consider a fail-over system. The interesting part of this is that the public cloud doesn’t go down very often, but when it does it is impossible to tell you for how long. Businesses must therefore consider when to invoke disaster recovery measures in that instance.
Are your priorities clear within your plan?
Your plan should encompass both the risks to your business and business objectives. There is no upper limit to what you could spend in terms of budget, so instead focus your attention on your priorities. A brainstorming session is a good method of establishing your concerns as a business, to determine the most detrimental factors that may effect your business. Prioritise those with the highest risk and ensure that, should the worse case happen, you have more than one person trained in the business continuity plan.