Posts Tagged ‘BIA’

Have you outgrown your paper-based business continuity and disaster recovery plans?

Monday, February 22nd, 2010

Your organisation has changed and you are finding that the current “paper-based” planning methodology no longer is fit for purpose. 

If you recognise any of the following items familiar, it may be time to invest in a business continuity software planning solution:

 1.       Are your plans hard to maintain and have numerous areas for updates?

2.       Would the volume of updates and changes be better suited to the functionality of a relational database?

3.       Does your organisation have numerous Business Continuity and Disaster Recovery stakeholders that are required to provide input and updates to the plans?

4.       Is the import of your Business Impact Analysis (BIA) information a manual process taking significant time and effort to complete?

5.       Is it difficult to provide granular reporting to Senior Management and auditors?

6.       Is additional plan security required?

7.       Are some sections of the plans “off limits” to certain groups or business units?

8.       Is Business Continuity/Disaster Recovery exercising and training difficult to organise and complete?

9.       Does your current plan require greater geographical coverage for your branch offices?

10.   Are updates completed in a scheduled manner (or 1 week prior to an audit or test)?

If you answered “Yes” to any of these questions, odds are that a more sophisticated Business Continuity/Disaster Recovery planning tool may be of use to the maintenance and health of your management program.

The best part is that this is not a “throw the baby out with the bathwater” scenario.  Some of the better planning tools allow for the import of completed planning data directly into the software tool, retaining all of your previously completed hard work .

Time spent evaluating a Business Continuity / Disaster Recovery software planning tool may benefit your constantly changing and evolving plans and be of great value to your organisation.

Tags: , , , ,
Posted in Business Continuity Plan, Business Continuity Software, Disaster Recovery | No Comments »

What type of Business Continuity Recovery Site do you need?

Monday, January 11th, 2010

The Recovery site is sometimes also referred to as the Alternate Site, Standby Site or Fallback Site.

Recovery sites can function purely as a standby data centre for your IT systems or they can be for business recovery as well, with desks, phones, desktop computers, meeting rooms and other facilities.

The data centre equipment and also the business recovery seats can be dedicated, by that meaning, totally reserved for your use only or shared, meaning first come first served in the event of a disaster. Which is why the ratio of clients to equipment is important as is the formula for how many clients from a given geographical area they subscribe to their ‘shared’ facility is as well.

One key decision when determining the most effective Business Continuity Strategy for an organization is the maximum readiness level of the recovery site (cold, warm, hot) that is required.

A cold recovery site is a facility that already has in place the environmental infrastructure required to recover critical business functions or information systems, but does not have any pre-installed computer hardware, telecommunications equipment, communication lines, etc. This scenario has the longest lead time to restoring live services because the equipment must be provisioned and setup after the event.

A warm recovery site is a site which is equipped with some hardware, and communications interfaces, electrical and environmental conditioning which is only capable of going live after additional provisioning, software or customization is performed, and the restoration of a database backup into the environment.

A hot recovery site is a facility that already has in place the computer, telecommunications, and environmental infrastructure required to recover critical business functions or information systems. Typically the organization’s data is synchronized to the hot site so that it can be switched across into live operation in a very short time, almost instantaneously in some instances. Because the data is mirroring at the data centre instantaneously or very frequently, the level of data loss in this scenario is usually minimal.

How to determine which type of recovery site is right for you?

Arising from your Business Impact Analysis, the Maximum Tolerable Outage for your business functions will give you the requirements by when the systems need to be up and running. The Recovery Point Objective, or the amount of acceptable data loss will help to inform these requirements as well. The right balance needs to be struck between the cost of the recovery solution and the cost of data loss, delays and downtime if you had to wait days or weeks to recover the systems.

This is why a wholistic, comprehensive Business Impact Analysis, involving the right business stakeholders and sponsored by Executive management is essential in order to determine the business continuity recovery strategy for your organization.

Tags: , , , , , , , , , , , , , ,
Posted in Alternate Site, Business Continuity, Business Impact Analysis | No Comments »

Business Impact Analysis

Thursday, December 3rd, 2009

A Business Impact Analysis (BIA) allows an organisation to identify the criticality of processes, interdependencies with other business units and third party suppliers, critical system requirements (e.g. systems and applications), vital files, network drives and hardware, describe manual work arounds and prioritise business functions during a recovery situation. The BIA forms the basis for the Business Continuity Plans.

A business impact analysis should take into account tangible financial impacts (opportunity cost, increased cost of working expenses, revenue reduction, uninsured asset replacement, capital value and financial viability) as well as intangible, non-financial impacts (reputation, brand and presence, legal and contractual liabilities, quality of product and services, stakeholder confidence and support, staff morale and well being, operational and management control and environmental damage).

A clear understanding of these impacts will help form the justification for the level of business continuity\IT disaster recovery investment required.

Tags: , , , ,
Posted in Business Impact Analysis | No Comments »

Workarounds and the backlog effect

Friday, November 27th, 2009

A workaround is an alternative process used to replace the normal ‘business-as-usual’ process or IT system which may be unavailable during business disruption. When determining the Maximum Tolerable Outage (MTO) for a business function, whether or not there are manual, paper-based workarounds is a factor that can help work out how long you can afford to be offline from your IT systems and possibly allow you to implement a lower cost ‘warm’ or ‘cold’ solution’ instead of a ‘hot’ one.

These workaround procedures define the interim tasks to keep the process going whilst the IT systems or other resources are being recovered.

When considering how long a process can operate manually one area to beware of is the backlog effect. At time of incident, if the volume of work remains constant but the rate of processing is slower because it is manual, an increase in workload eventuates which will result in backlog. This backlog may increase exponentially for as long as you are not processing at full capacity. For each process there comes a time when no matter how much overtime you throw at it, it is very costly or impossible to catch up.

It is important to consider what this threshold may be for your process and what the absolute maximum period of time is that the process can operate manually and still feasibly recover. It is wise to allow some contingency between the MTO you select (when the process needs to be recovered by) and your absolute maximum time operating manually to ensure that you have some breathing space in case something goes wrong with the recovery efforts.

As a result, how long will your area will be able to function using manual workaround procedures should be revisited during your area’s BIA updates and tested as part of your business continuity exercise program.

OpsCentre – Business Continuity Consulting

Tags: , , , , , ,
Posted in Business Impact Analysis | No Comments »