The constructive road to business continuity

Interruptions to the smooth flow of business are things that happen to someone else. Until it happens to your business. Then, the finger-pointing and assignment of fault can begin, and time can be wasted appointing blame rather than fixing the underlying problems. It would be much better spending a portion of this time up front to ensure the business is prepared and capable of handling any situation as it arises.

Too frequently, department managers and corporate executives look to information technology management (IT) as both scapegoat and savior. In exploring the constructive road to business continuity, it will become clear that business continuity is a shared challenge, demanding shared solution-building. IT is an essential building block, but only in partnership with other business stakeholders.

Sarbanes-Oxley has been in place for a number of years for US organisations as well as for companies who do business within USA. In EMEA, we are now seeing a similar protocol appearing through various standards which challenge the Information Technology function with requirements that impact day-to-day activities. In addition, an increasingly litigious business environment with heightened regulatory oversight means new and potentially costly challenges to Information Technology. In spite of the risks, however, many enterprises have yet to adopt best practices, policies, and procedures to ensure the successful management of enterprise electronic business records.

There was a time, before the advent of 24 x 7 business availability, where businesses could handle business interruptions with a variety of workaround procedures. But workarounds are certainly not "business as usual". Improved IT and data communications have made most businesses an "always available" proposition. Companies that do not address business continuity as a core requirement stand to sacrifice productivity, profitability, legal certainty that they have met stringent regulation, their reputation for reliability and their competitive standing in the market.

One Size Does Not Fit All

Adopting a business continuity plan and making it a part of a corporate culture is a process. Like all processes, the plan will differ from enterprise to enterprise based on size. Larger organisations may have to dedicate personnel and invest in special IT resources. Smaller businesses may be able to accomplish the same goals with little more than a management policy direction. Published standards, regulatory statutes and codes of practice will apply unevenly.

Since business continuity management (BCM) is a process or programme, support from top management is indispensable. Top management is ultimately responsible for setting corporate scope and objectives, as well as establishing a corporate culture. From this scope and these objectives, the nature and direction of the BCM processes are derived. The involvement of senior management in leveraging time, talent and resources also signals that BCM is not merely a shield against disruption, but an advantage over competitors not similarly prepared. This especially shows up where customers require assurances from vendors of preparedness.[1]

Pursuing BCM

There are a number of essential steps in analysing the BCM process in preparation for the creation of a plan.

Identify the Stakeholders-Who is impacted by a business disruption? What are their reasonable expectations under normal conditions, and disruptive ones? Stakeholders scale by the organisation's size and BC managers need to judge whether a special meeting is in order to nail down those expectations.

Business Impact Analysis-Identify key functions. Will disruption make a high impact on the delivery of products or services? Medium? Relatively low? The analysis can also be a planning tool for setting up a Recovery Time Objective and identifying which resources need to be marshalled.

IT and BCM

BCM is unarguably a whole-enterprise discipline. But IT is also arguably the first among equals in needing and adopting plans against business disruptions. Information and its ready accessibility are probably the most mission-critical of all business assets.

IT downtime should be part of the business impact analysis. For these reasons, rightly or wrongly, IT is looked upon as a key catalyst in driving all of BCM in a company.

But IT Continuity is its own challenging programme. Astute IT management builds resilience at the front end, during normal operations. The goal is to minimise time to recovery and resumption, in real-time or near-real-time terms.

Any number of replication and redundancy technologies is offered in the marketplace to support data centres in meeting Recovery Time Objective goals. But over the last six years or so, one recovery strategy has gained significant traction: continuous data protection.

International Data Corporation defines it this way:

"Continuous data protection (CDP) pertains to products that track and save data to disk so that information can be recovered from any point in time, even minutes ago. CDP uses technology to continuously capture updates to data in real time or near real time, offering data recovery in a matter of seconds. The objectives of CDP are to minimise exposure to data loss and shorten time to recover."

Specifically, CDP is a cross between disk-based backup and replication. CDP continually captures all changes made to a file and engages in tagging (versioning) objects so that they can be specifically rolled back to a particular point in time. The business value of CDP lies in the ability to restore data objects to a point before a data corruption or interruption event takes place. If you experience a data loss at 12:34:14 am, a storage administrator in the data centre can restore back to that particular time, or somewhere very close.

Committed to IT Continuity

Vision Solutions www.VisionSolutions.com is committed to IT continuity in the data centre. Vision Solutions offers an entire suite of solutions to help companies eliminate downtime and protect their critical data, applications and business processes. Perhaps best known for High Availability and Data Recovery solutions, Vision has a complete portfolio of products in furtherance of their customers' IT continuity goals.

Author:

Anna C. Hobey has been the Marketing Manager for Vision Solutions for nearly 4 years. She graduated from Glamorgan University with a Masters of Science in Marketing as a part time course while working for some well know blue-chip companies including BT and NHS.

[1] www.forrester.com/Research/Document/Excerpt/0,7211,47201,00.html