Best Practices for Creating an Effective Business Continuity Plan
Your business continuity plan must focus on three elements: people, infrastructure, and processes.
By Dr. Mark Campbell
The goal of a business continuity plan (BCP) is to minimize operational risk in the face of a natural or man-made disruption. There are three key components to creating an effective BCP – people, infrastructure and processes -- and we'll take a look at each in this article. Although all three pieces are equally important to the BCP puzzle, it is critical that you first focus on your people.
Many backup and disaster recovery vendors start with IT infrastructure -- don't fall into this trap. One of the most important first steps you can take is assigning a "business continuity owner" who is responsible for both the creation and ongoing maintenance of your BCP. A comprehensive BCP serves as an action guide for the company and its employees in the event of a disaster or unforeseen event. Tasking someone with the responsibility of keeping the program current and effective can go a long way in maintaining business continuity and providing business value.
Next, identify key operational personnel -- those people without whom your business can't operate. Create and maintain a comprehensive contact list of these employees and partners, taking into account that the list will be used during emergencies where normal communication may be difficult if not impossible. The more information you can include, the better off you'll be. Don't forget to include external contractors, vendors, or other companies that are critical to your business' operations.
Identify key operational infrastructure -- those parts of your infrastructure without which your business can't operate. Data protection solutions should be at or near the top of your list. Make sure you have backup and recovery protection not just for data but for the systems themselves because backing up data is only helpful if you have a system upon which to access it.
Additionally, if you do not protect your computers at a system level (e.g., bare metal), it can take hours and even days to re-install computers and recover critical data.
Other tips to keep in mind include:
- Identify your recovery point objective (RPO) and recovery time objective (RTO), making sure your data protection solutions can meet these requirements.
- Ensure that your data protection isn't confined to your premises. Having your backup at the same location as your systems doesn't help you if your location is destroyed.
- Prioritize off-site backup. Electronically keep a version of your environment at a contingency location and replicate system data onto it. If you lack a full-time contingency location, or just don't have the bandwidth to electronically move information, keep backup data off-site physically with disks or tapes.
Identify key operational processes -- step-by-step guidelines for who does what in the event of a disruption. Performing periodic tests is always a good idea. Although they can be time consuming, tests are a necessary step to validate that your BCP will work when you need it to. You don't want to find out too late -- and after a disaster -- that your BCP is not effective.
A Final World
Downtime and stalled operations can result in serious financial and reputational losses. Creating a comprehensive BCP that focuses on people, infrastructure and processes is a great first step to maximize uptime and keep your business running smoothly -- despite what may be happening around you.
Dr. Mark Campbell is the chief strategy and technology officer at Unitrends. Prior to joining Unitrends, Mark co-founded mindAmp Corporation, which provided high-technology business and software development consulting. He has also worked as the senior vice president of the systems management business at Legent Corporation as well as vice president at NCR Corporation. You can contact the author at Campbell@unitrends.com.