Without a business continuity program in place, even a minor disruption to systems, facilities or other key resources can potentially halt operations, impact customers or harm the financials of an organization. We’ve compiled this slideshow of five helpful tips from SunGard Availability Services to help you think through your business continuity planning at the highest level.
“It is essential for organizations to understand how an unplanned outage would impact their business and know the steps they need to take to respond effectively,” said William Hughes, director, Consulting Services BC/DR practice, Center of Excellence, at SunGard Availability Services. “You have to take a holistic view of not only threats to availability but also threats to your business continuity program’s continued viability.”
“A business continuity program should be built around realistic situations and assumptions, and incorporate preventive and reactive measures. It also should have a built-in means to drive continual improvement and focus beyond just continuity planning – also addressing organizational awareness and preparedness. Some organizations, unfortunately, may have misplaced confidence in their preparedness which could lead to weaknesses being exposed at the worst possible time – during a business outage or disaster,” said Hughes.
Click through to see five common misconceptions about business continuity that can work against your business.
While natural disasters, such as hurricanes and earthquakes, garner the bulk of attention, industry research shows power failures, IT hardware, software and network outages and human error are much more likely to cause business disruption. The lesson for organizations is they need to be prepared for all potential causes of business disruption. More often than not, it will be a ‘quiet catastrophe’ related to hardware or process failure that, over time, generates the most significant threat to your business continuity.
Creating a business continuity plan is an important step, but not the end state. It takes more than words on paper or a computer screen to enable readiness. Business continuity preparedness means having a living program-which is continually validated, communicated, tested, updated and improved. It means having an organization that is ‘situation ready’-with skills honed through training and supported by robust planning tools to respond to a significant business disruption. Your organization should be so well prepared that it only needs the plan for reference or as a guide, not as the playbook, when undergoing an exercise or disaster.
Too often, organizations plan for ‘simple’ situations-‘my data center has been disabled’-where the event occurs and all that needs to happen in response is to pick up the pieces. Recent events in Haiti and Chile have shown disasters can be a series of inter-related, changing scenarios that make responding to the situation much more complex than for a singular event. Business continuity programs need to prepare an organization for a situation that is continually evolving, whether due to changes in the primary source of the disruption, after-effects or new information or players emerging. Anticipating these events will force your organization to examine closely key assumptions and response constructs, and build in plan flexibility, infrastructure resiliency and contingencies upon contingencies to improve preparedness.
Organizations cannot assume vendors will be there to support them or that customers will empathize with the situation. Business continuity plans should prepare an organization to get through a disaster on its own and without losing customers. To achieve these objectives, it is critical your organization be customer focused, communicate to all constituents, and have employees know their roles and responsibilities even if they are not part of the ‘recovery’ team.
In business continuity, it’s about overall readiness, not the plan. Organizations should always look to improve. A successful test of a plan doesn’t mean your organization can’t find room to improve. Every company needs to ask: what level of preparedness did our organization set for itself? What objectives were set? Was the scope such that the organization knows it will be ready-or was the exercise just a technology recovery procedure test? And how has the company gotten better over time? Organizations must raise the bar when testing and work to get better-continually looking for ways to fail in an exercise so they find ways to succeed.