February, 2014
By, Yosef Beck
The world is an uncertain place – especially in the world of business. Risk is something that managers and business owners must deal with on a daily basis. How much inventory should I stock? What liability must I carry? Will my customers still want my product in six months?
One type of risk that can easily fall to the wayside until it is too late is planning for business continuity. What happens if the CEO of your company dies tomorrow? How will you respond if another Katrina hurricane wipes out your supply chain for months?
Planning for business continuity is a necessity and sadly, often ignored until it is too late. From the probable to the improbable, how do you break down all the possibilities and plan accordingly?
Here is a step-by-step process to help get you started:
Step 1 – Conduct a Business Impact Analysis – take a step back from your business, see the overall business landscape, and answer the question “What are the critical and non-critical functions and activities that my organization does?” For each function and activity, assign a recovery point objective – the acceptable amount of function or data that does not have to be recovered. Then, assign a recovery time objective – the acceptable amount of time that it can take to restore that function or data.
Step 2 – Document the Recovery Requirements for each critical function which you identified in step one. Requirements should include business and technical requirements. These requirements are independent of the potential threat and should deal with how to recover your functionality within the recovery time objective.
Step 3 – Conduct a Threat & Risk analysis to determine if potential threats require any unique requirements for their recovery steps.
Step 4 – Create impact scenarios including the required response, personnel, and equipment. Scenarios should be ranked in order of probability and expected impact. Scenario examples could include loss of an entire building, loss of a floor of a building, loss of key personnel, etc.
Step 5 – Document the comprehensive recovery requirements developed in the steps above for critical scenarios into your Business Continuity Plan. This plan should be disseminated to required personnel.
Once your plan is disseminated, ensure that you audit and test the Business Continuity Plan according to its guidelines. Testing should ideally include a simulation of a disaster scenario to ensure that all resources learn the steps and responsibilities involved.
The list of threats may seem endless but by following these steps, an organization will be prepared and know what to do, ensuring that business continues as usual.