What is the value of business continuity and disaster recovery plan?

Posted by Roger Smith  /   October 22, 2012  /   Posted in Adaptability, Business Continuity, Business Resilience, General Security  /   No Comments

The basic value to a small or medium business and not for profit organisation in regards to business continuity and disaster recovery cannot be underestimated.   In the event of some type of disaster your business will loose its income and it’s capability to create income but you will still have all of your overheads.

The ratio of income to overheads is the amount of time that you have in a disaster situation to get your business back up to full functionality.   Each business is different but the longer your business is unable to do business the closer to that break line it will be of never reopening again.

Disaster can strike at any time.   There are the large disasters, cyclones and earthquakes, where you have little or no control over what is happening.   The weather man will tell you that you are in the path of a cyclone but no one is going to tell you when an earthquake will happen.

There are also the small disasters.   The accidental virus infection, the failed cloud provider or failed hard drive that can make it impossible for your business to function and for your clients to do business with you.   The question has to be asked, how important is all of that business information that you have collected?

How a business defines its data is as important as knowing what to do and how to protect it.    Any data, information, intellectual property, customer list or inside knowledge is the essence of YOUR business.   That information is critical to you doing business.

In the event of something happening to your business you have to have some level of disaster recovery or business continuity plan in place.   The plan can be one page detailing all of your requirements to get your business up and running again.   It can also be 100 pages finely detailing everything that the management and business wants to do or has to do, how they will do it, who will do it and who needs access to what to ensure that there is no loss of income to the business.

The basic requirement, you have to have a plan.   The more detailed the plan the better, but you still have to have some type of plan.   The next question, how do you come up with the plan?

  1. Define and separate your corporate knowledge into a number of fields.
    1. Really important information – information that is critical to the business and cannot be replicated from scratch.
    2. Important information – information that your business can survive for a short period of time without but if necessary can be replicated from scratch but it will cost money and hours to produce.
    3. Normal information – anything that is non essential to the business and can be replicated from other locations and sources.
  2. Work out what would happen if each level of data was missing in some way?
  3. Work out how to protect that information – look at duplicating data, backing up data and copying data to an off site location.   With each process work out what, where and how often the data needs to be copied.
  4. Now look at every type of disaster that you can think of and how you can make sure that if it happens you still have access to your business Information.

This risk assessment has now created your disaster recovery and business continuity plans.   It has got you thinking about how to make sure that when, not if, that disaster strikes that you are prepared.

Congratulations you are now on the path to making your business more resilient.   The first process for a resilient business is to make sure that your business data is always available to those that need it to do their job.  This adds a depth to your business.   A depth that cannot be affected by a disaster, any disaster.

This type of plan can also be applied to the home.    Australians in most rural areas have some type of bush fire plan.   What to do if a bush fire is threatening your home.   What, when you have 20 minutes to evacuate the area, you want to take with you.   By applying the same process to your critical personal information including all of your memories (digital photos) and electronic information you will ensure that everything that you consider important is never lost, stolen, misplaced or destroyed.

About Roger Smith

Roger Smith is an independent ICT and business security consultant, security trainer, and author that specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations. He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance. This vast experience has given Roger a broad knowledge of hundreds of ICT and Security tactics used by some of the most successful and well protected organisations in the world.

Post a Comment

Your email address will not be published. Required fields are marked *

*

© SME Security Framework