ARTICLE | 4m read
April 3, 2020
It’s no fun to think about all the ways your business can be disrupted—hurricanes, tsunamis, snow storms, epidemics, earthquakes, tornados, terrorism, floods, fires, even relatively minor incidents like a failed water main or a planned event like an office relocation. It’s the kind of thing that keeps business execs and IT leaders up at night. The best remedy: a solid business continuity strategy you can count on to minimize the impact and keep your business running through thick or thin.
In an emergency, people shouldn’t have to wonder who’s in charge. Create a business continuity team with members in every part of your organization, in every location where you operate. These individuals will lead the local response to local events as well as the organization-wide response for both local and broader-based emergencies. They should stay involved in planning and testing throughout the year to keep the plan up-to-date and gain the familiarity they’ll need to perform under the pressure of an actual emergency. High-level support is crucial to make sure business continuity gets the attention and resources it should.
Think through the kind of disruptions that could occur in each place where you do business. Assume the worst, then figure out what you’d need to do to maintain your most important operations. Rank your recovery priorities in business terms such as revenue, regulatory implications, brand concerns, customer protection—whatever matters most to your organization—then map these to applications, people, facilities and equipment. Once your business continuity team has come to an agreement on this analysis (which isn’t always easy), it can start to identify recovery strategies and costs around each process. This will also help IT make sure that the most critical applications will be available to the business within an established recovery time objective (RTO) and recovery point objective (RPO).
An out-of-date or ineffective business continuity plan can be worse than none at all, giving you a false sense of security and leaving you to scramble when things go wrong. Review and update your plan at least once a year, and ideally more often than that, to reflect changes in your IT environment, business priorities, operational structure and other factors. Conduct full simulations at least annually as well, covering everything from application recoverability to crisis communications. Supplement these with frequent tabletop exercises that introduce new twists into disaster scenarios to keep you on your toes.
Effective communications can make the difference between panic and smooth emergency response. Create a toolkit that encompasses the full range of communications channels, including telecom, email, public address, intranet, IM, texting and the company website. Draft sample emergency messages in advance so they can be updated quickly during an actual emergency, and make sure you’re prepared to deliver a consistent message to the public as well through press releases, social media updates and interviews with spokespeople.
Nothing is more important than keeping people safe. Local agencies such as the Red Cross, fire department and police department, as well as federal entities, such as the FEMA Community Emergency Response Teams (CERT), can provide emergency response training and other guidance for your program. Tailor your procedures to your workforce, facilities and locations, and review and test them regularly with all employees.
It’s important to keep people working—not just to maintain productivity, but to protect data and make sure your customers aren’t left hanging. Remote access technologies make it possible for people to work wherever it’s safe and convenient, whether at home, in a hotel conference room, at a friend’s house or anywhere else. Organizations that already enable mobile workstyles are way ahead of the game in this scenario. Instead of having to get used to disaster mode as an entirely different way of working, people just keep using the same remote access tools they always do, just in a different physical setting.
Data center continuity is the final element. Most large organizations already have more than one data center for scale and redundancy. If one comes offline for any reason—planned or unplanned—people should be able to switch seamlessly to another to access the same apps and data. Make sure your infrastructure can support this response in terms of rapid, automated failover, load balancing and network capacity.