We all understand the ongoing concerns of keeping your business afloat when disaster strikes. Whether this is the affect of the adverse weather conditions that this winter has brought us or the impact of global warming over the next few years, most businesses are aware of the need to safeguard the operational element of the company.
Having said that it’s the same old story for most of us, we believe business continuity in the event of disaster is important but we only do something about it when disaster strikes (often when the damage is done and it is too late). System process documentation usually occurs after system or network outages and after disasters strike. This is simply too late for a business that is serious about ensuring its continuity.
This years’ abundance of snow in particular, meant that many people could not get into their offices to work. Companies had to either cease operation for the duration of the cold spell or take advantage of home working facilities where possible – this is most certainly not doable for all industry sectors. Those that were unprepared will have most certainly lost a lot of money in the process – The Sun reported around £1bn lost revenue during the cold snap this year.
Using web browser accessible systems that are ideally suited for remote and home working means that service and support operations continue, unhindered by travel problems, which is vital for effective business continuity.
Dealing with Natural Disasters
With the expected rise in the impact of global warming, flooding is certainly one disaster that is increasingly likely to affect more businesses. Every year more and more flood warnings go out due to the concentration of development on reclaimed land, loss of natural flood plains etc. this is all aside from anticipated global warming factors. As a result damage to businesses caused by flooding is becoming more common place. As well as water damage it affects communications and power so disaster recovery planning for replacement equipment, remote working and for office relocation needs to be considered by all low-lying businesses.
Business Continuity record keeping
One thing I like to ask IT Managers when we meet away from their office is whether they have their Disaster Recovery (DR) pack to hand – I’ve never met one that has. Businesses can ensure that their company operates consistently whatever happens by taking some simple steps. Disasters rarely strike when you are in the office so make sure you have a reliable and up-to-date DR pack that you keep outside of the office.
Using a system that has a comprehensive inventory of all of the IT infrastructure components and server recovery procedures is paramount. This should be constantly maintained as part of day to day operations instead of relying on a periodic audit, destined to become immediately out of date. In addition to this, having backup and restore registers and off site media archive registers will help to ensure that data is properly protected.
One of the main areas of risk is getting a service back online quickly after a disaster has struck. This is often a challenge when system outages result from issues such as floods and thefts where equipment is no longer physically available. Adequate records of the equipment type, its role, the configuration, who is responsible for rebuilding and restoring data onto it and the priority that things need to be done in are all essential elements of any disaster recovery system but will waste valuable time that is affecting the whole business if they are only considered after the disaster has struck.
Asset classification and control must be managed efficiently and a person must be made responsible for managing this. Many aspects of the Security Management Standard BS 7799 / ISO 17799 relate to documented control and physical security but other related records are required of these, such as warranty and maintenance schedules and full asset registration and history; all of these must be maintained correctly.
Using a service desk system that includes full audit trails of any asset changes via user request call logs and changes of the allocation, location and direct changes to the configuration is important. This can be achieved by using a system even without other formal documentation controls which are prone to be avoided and regarded as tedious paperwork. These audit controls need to be implemented for compliance to ITIL and even if the full written procedures are bypassed, which can often happen in a busy IT department.
Business continuity is still high priority for many organisations today but the fact is that too many companies act to plug the holes after the event of a disaster causing many hundreds of thousands of pounds worth of lost earnings that could have otherwise been avoided. With the instability of the planet causing more frequent earth quakes, floods, hurricanes and tsunamis disasters are indiscriminately affecting more and more businesses and individuals alike. A re-education and a real shift in the way we manage the whole disaster recovery process is needed if business are to survive the possible hurdles to come