continuity planning

Some things simply stay the same.

I came across a report that highlighted four key areas on which to focus your recovery strategies:
  • Virtualization
  • Cloud Computing
  • Mobile Devices in the Workforce
  • Social Networks
Looking at today’s business climate, these are certainly four areas that can still impact your environment. 

What’s interesting is that the list is from a CIO poll from April, 2012.  A lot of the basic elements of your recovery strategy really haven’t changed in the last five years (if not longer).  Nonetheless, important areas for your planning. 

As you work on your recovery strategies, here are some key points you to consider:

Size does not matter.
Smaller companies are actually easier targets and need to be equally wary of an attack.

The inexperienced are the most complacent.
As soon as business leaders and companies deal with an incident that impacts their business, they are more likely to galvanize the troops to prevent one from making a direct hit.  But the planning needs to be done before the incident, not after.

Educate employees on their roles.
Some people whether employees or customers are often the weakest link in a recovery chain. Training is critical to an organization’s success and resiliency.

Clear communication is critical.
Communicate what you know, when you know it while recovering from an incident that impacts your organization.

Plan for the worst.
When preparing your strategy, definitely discard the rose-colored glasses and plan for the worst-case scenario.

As the title says, some things really stay the same.  The key areas to address, the need for recovery, and the goal of ensuring your business continues to provide product and service.  The biggest thing is to not late complacency be the thing that stays the same.

Starting small works.  Call us now at 651-429-9991 and start with a day’s worth of focus on your recovery strategy.  Remember, our goal is Helping Businesses Stay in Business!

But does your plan work?

“The purpose of disaster recovery testing is to reduce the level of information that a company does not know it does not know.”

-      Dan Muecke, VP Technology Planning, Advanta Corporation

If you’ve made the investment in business continuity and disaster recovery planning, it is imperative that you continue to hold exercises to validate the plan, and to ensure that your strategy is up to date.  If you haven’t had a comprehensive review of your plan, or held an in-depth simulation exercise, within the last 4 to 6 months, you're overdue.

If a company completes their recovery planning without testing, it is very likely to encounter major problems during an actual recovery and then resort to “winging it”.   Clearly, not the way you want to approach preserving the livelihood of your business.

By conducting tests/exercises, you will uncover gaps in your planning and assumptions.  This identifies areas in which more knowledge is needed in order to ensure recovery.  Finding these gaps in a controlled environment (while testing, during a simulation), allows for reasoned resolution and closing of the gaps.  Attempting to do so while under the pressure of a real disaster will certainly be less effective.   So, dust off those plans, define the scenario, and hold those exercises.  That truly is the way to ensure you are Ready For Anything.

Recovery plans aren't just nice. In certain cases, they're required.

About 50% of businesses that suffer from a major disaster without a disaster recovery plan in place never re-open for business

-         American Management Association


That statistic by itself is enough to get one’s attention, but then factor in all the regulations, laws, and mandates that require recovery planning:

 

-    Sarbanes-Oxley act

-    IRS Procedure 86-19

-    Consumer Credit Protection Act Section 2001 Title 1X

-    Foreign Corrupt Practices Act

-    Expedited Funds Availability Act

-    Gramm-Leach-Bliley Act

-    Federal Financial Institutions Examination Council

-    BASEL II, BASEL Committee on Banking Supervision

-    HIPAA

 

-    FDA Code of Federal Regulation

-    FEMA FRPG 01-94

-    FISMA Act

-    NIST SP800-34

-    NERC P6T3

-    NERC Urgent Action Standard 1216

-    Rural Utilities Standard 7

-    Presidential Decision Directive 63

-    Presidential Decision Directive 13010

-    ISO Standards 9000, 22301, 27001, 31000

-    GAO/IMTEC-91-56 Financial Markets

-    FFIEC Inter-Agency Policy

Failing to comply with these standards and regulations for your industry/organization can directly impact your ability to compete in the marketplace, obtain funding, and even bid on certain projects.

As Ben Franklin put it, "An ounce of prevention is worth a pound of cure."    Having a comprehensive recovery strategy helps prevent catastrophic events, well worth the time and effort as opposed to rebuilding your business from a total loss.

Side note - Franklin's quote is the result of him trying to convince the colonial Philadelphians that creating a group committed to firefighting was a good idea.  His agrument was that prevention of a catastrophic city-wide fire was preferable to rebuilding the city from scratch.

Are you ready for anything?

According to FEMA, 40% of businesses do not reopen after a major disaster and another 25% fail within a year.  The US Small Business Administration cites 90% fail within two years of a disaster.

It has been proven having a comprehensive recovery strategy improves your ability to recover.   But there’s more to it than simply backing up to the cloud.  How long it takes you to recover and be back in business is crucial.

It has been estimated that companies lose an average of $85,000 for every hour of downtime. 

Is your business ready for anything, including a disaster?  How long can your business survive if your IT systems crashed and were inoperable?  How long would you remain in business if you couldn’t provide your product or service? How much do you lose due to an hour of downtime?

The survival rate for companies without a recovery plan is less than 10%!

Don’t be part of these statistics.  Start with unsertanding your risks, then develop your strategy for addressing them, and how to recover from them.