Your data center is performing flawlessly. Your network is up and your call center is operating normally. But over the last 24 hours, your company lost millions of dollars of market capitalization. Degradation in the performance of a server, coupled with staff shortages, led to a complete outage of your online business.

Could this disaster have been prevented? Until recently, classic recovery planning focused on how to restore centralized data centers to a minimum functioning state in the event of a natural or man-made catastrophe. It did not address the need for continuous operation of key business processes. While traditional measures remain important, they are not adequate for distributed computing environments. The requirements for continuous operations in an ever-changing environment are even more complex and challenging.

In today’s environments, business continuity is so critical to business success that it can no longer remain a concern of the IT department alone. The time, money, and customer confidence that can be lost due to downtime or business interruption can seriously damage a company of any size – along with the reputation of its key executives -- both short and long term.

The risks are even greater for companies that operate in the 24-hour-a-day, 7-day-a-week global environment. To assure survival, companies must adopt proven strategies to protect both business processes and vital information. They must implement corporate-wide programs for continuity and recovery management.

Trends and directions -- beyond disaster recovery

When disaster recovery emerged as a formal discipline and a commercial business in the 1980s, the focus was on protecting the data center -- the heart of a company's heavily centralized IT structure. This model began to shift in the early 1990s to distributed computing and client/server technology. At the same time, information technology became embedded in the fabric of virtually every aspect of a business. Computing was no longer something done in the background. Instead, critical business data could be found across the enterprise -- on desktop PCs and departmental local area networks, as well as in the data center.

This evolution continues today. Key business initiatives such as enterprise resource planning (ERP), supply chain management, customer relationship management and e-business have all made continuous, ubiquitous access to information crucial to an organization. This means business can no longer function without information technology: data, software, hardware, networks, call centers -- even laptop computers.

A company that supports customers with an around-the-clock call center must be operational 24 hours a day, 7 days a week -- or customers will go elsewhere. For companies with no business tolerance for downtime, the goal is to achieve a state of business continuity where critical systems and networks are continuously available, regardless of external influences. This means thinking proactively to engineer availability, security and reliability into business processes from the outset -- not retrofitting a disaster recovery plan to accommodate ongoing business continuity requirements.

Business continuity: Whose responsibility is it?

Many senior executives and business managers consider business continuity the responsibility of the IT department. However, it is no longer sufficient or practical to vest the responsibility exclusively in one group. Web-based and distributed computing have made business processes too complex and decentralized. What's more, a company's reputation, customer base, and of course, revenue and profits are at stake. The development of a comprehensive business continuity plan requires an inter-disciplinary team that includes executives, managers, and employees.

The same information technology that drives new sources of competitive advantage has also created new expectations and vulnerabilities. Companies have the potential to deliver immediate satisfaction -- or dissatisfaction -- to millions of people. Within ERP and supply chain environments, organizations can reap the rewards of improved efficiencies or feel the impact of a disruption anywhere within their integrated processes.

With serious business interruption now measured in minutes rather than hours, even success can bring about a business disaster. Companies today worry more about their ability to handle unexpected peaks in customer traffic than about fires or floods -- and for good reason. For example, an infrastructure that cannot accommodate a sudden 200 percent increase in web site traffic generated by a successful advertising campaign can result in missed opportunities, reduced revenues, and a tarnished brand image.

Even what was once considered a "minor" problem -- a faulty hard drive or a software glitch -- can cause the same level of loss as a power outage or a flooded data center if a critical business process is affected. More difficult to calculate are the intangible damages a company can suffer: lower morale and productivity, increased employee stress, delays in key project timelines, diverted resources, regulatory scrutiny and a tainted public image.

Planning for business continuity: A proactive approach

Few organizations have the need or the resources to assure business continuity equally for every functional area. Therefore, any company that has implemented a single business continuity strategy for the entire organization is likely under-prepared or spending money unnecessarily.

The key to business continuity lies in understanding your business, determining which processes are critical to staying in that business, and identifying all the elements crucial to those processes. Specialized skills and knowledge, physical facilities, training and employee satisfaction -- as well as information technology -- should all be considered. By thoroughly analyzing these elements, you can accurately identify potential risks and make informed business decisions about accepting, mitigating or transferring those risks. Once you have developed a program for assuring that critical processes will be available around the clock, you should assume that it will fail, and commit to keeping your program current with business and technology infrastructure changes.

A fail-safe strategy assumes that no business continuity program can provide absolute protection from every type of damage -- no matter how comprehensive your high-availability, redundancy, fault tolerance, clustering and mirroring strategies. Today, the disasters most likely to bring your business to a halt are the result of human error or malice, the employee who accidentally deletes a crucial block of data; the disgruntled ex-employee seeking revenge by introducing a debilitating virus; the thief who steals vital trade secrets from your mainframe; or the hacker who invades your network are likely to cause the most harm. According to a joint study by the U.S. Federal Bureau of Investigation and the Computer Security Institute, the number and severity of successful corporate hacks is increasing dramatically -- particularly intrusions by company insiders.

By making an executive commitment to periodic test, validate and refresh your business continuity program, you can protect your company against perhaps the greatest risk of all -- complacency. In the current environment of rapid business and technology change, even the smallest alteration to a business-critical component within your enterprise or supply chain can cause an unanticipated failure to your business continuity. Effective business protection planning addresses not only what you need today, but what you will need tomorrow and into the future.

Business continuity readiness

This simple self-audit can help you with the important task of assessing your company's business continuity readiness. If you answer "No" or "Don't know" to even one of these questions, your critical processes could be vulnerable to a business-crippling disruption.

Can you identify the critical business activities that satisfy your customers' expectations and support your overall business operation?

Can you identify the critical business information needed for these activities to succeed?

Do you have data on the frequency, impact and causes of downtime?

Does this data allow you to identify and rank your most vulnerable business activities?

Are your legacy systems and IT resources adequately protected against unauthorized intrusions and viruses?

Have you developed a checklist, by functional area, of the items that your company will need to continue business effectively in the case of a disruption or emergency?

Have you and your IT colleagues successfully placed business continuity on the board agenda?

Have you worked with your IT colleagues to develop an approved business continuity plan that accounts for all aspects of business continuity and recovery?

Is your business continuity plan tested regularly?

Do you have a change control process in place to keep your continuity plan current with process, organizational and technology changes?

Are you confident that if a disruption or disaster struck this minute, your organization could recover quickly and smoothly enough to prevent damage to your business?

What to look for in a business continuity service provider

Many vendors offer business continuity solutions. The service provider that you choose must deliver support that addresses your company's critical business processes. Some of the key success factors to remember when evaluating a service provider's ability to deliver true business continuity solutions include:

 

About ProTech Professional Technical Services

ProTech is an international leader in information technology education and systems automation consulting. As one of the world's fastest growing business and information technology services providers, ProTech has the knowledge, skills and experience to manage and deliver business continuity solutions.