Posts Tagged ‘Business Impact Analysis’

« Older Entries

Key Supplier Resilience as part of Business Continuity Management

Wednesday, March 24th, 2010

It is not enough just to look at the resilience strategies for within your organization, the entire supply chain needs to be considered for your critical business functions.

Are you reliant on a single supplier for any key products or services?

If you have alternate suppliers, are they geographically separate or in other ways diverse from your primary supplier? If your primary supplier was affected by a problem, how likely is it this backup supplier would be too?

Can you build the requirement for these suppliers to have robust and verified business continuity in place for themselves into your supply agreements?

What are your workarounds and strategies if supply of these products or services were cut-off?

All of these questions should be examined as part of a robust business impact analysis of your critical business functions. Having a BCP is more than just a tick in the box for your audit report. It is about having confidence in your organization’s resilience.  What a great selling feature for your clients, if you can confidently state you’ve got a mature and resilient organization that will stay in operation when others may fail!

Tags: , , , , ,
Posted in Business Continuity, Business Continuity Plan, Business Impact Analysis | 1 Comment »

7 Habits of Highly Effective Business Continuity

Friday, January 29th, 2010

1. The Senior Executive actively supports Business Continuity

The CEO\Director\General Manager that believes in and wants a functional Business Continuity program in place is a critical success factor.

To have a senior Executive that is responsible for setting the priorities and vision for the organisation to stand behind BCP and communicate this to the staff is a powerful change motivator. 

2. A Whole of Business Approach

A business continuity program that prioritises the organisation from the Executive’s birdseye perspective as well as analysing business impacts across all business functions in a consistent manner will lead to a better informed business continuity strategy being proposed. It allows the Executive to see the requirements of the business in a single snapshot and make a cost benefit justified decision on the level of continuity required.

3. A Single Point of Business Continuity Management

Someone needs to be responsible for BCP at an organisational level. It needs to be in their job description and a priority for them, otherwise it runs the risk of falling between the cracks. With one person accountable for co-ordinating, aggregating, monitoring the overall Business Continuity program and reporting to the Executive, the program is more likely to stay visible and maintain momentum.

4. Testing, Testing, Testing

Business Continuity should be viewed as an ongoing continuous improvement program. And as such testing is vital. It highlights flaws and validates assumptions in your business continuity plans, giving opportunity to improve them. Testing builds confidence and competence within the business continuity team as it brings home how the strategy would actually work in a variety of scenarios and how the roles will interrelate. An untested Business Continuity Plan cannot be considered viable.

5. Embedding BCP into job descriptions and procedures

The various BCP roles such as BCP Manager, Command Team Leader, Business Unit Leader, etc should be written into position descriptions so that it is very clear that is a part of the responsibilities of the staff members. Procedures for new projects, business changes and IT changes should include provision for ensuring the change has BCP/ IT Disaster Recovery aspects taken into account. All changes should have an impact analysis conducted that includes impact on BCP/IT Disaster Recovery procedures.

6. Starting on the right foot

An induction training package that briefs new employees on the Business Continuity and Emergency Management strategies and plans in place is a great way to start them off on the right foot, highlighting the importance of this to the organisation.

7. Maintenance

The person responsible as BCP Manager should be tasked with ensuring maintenance of the documentation occurs on a regular basis. Outputs from changes and testing sessions all need to be fed into the plans.  Periodically the BIA should be revisited and organisation’s prioritisations and maximum tolerable outages reviewed.

Tags: , , , , , ,
Posted in Business Case, Business Continuity, Business Continuity Maintenance, Business Continuity Plan, Business Continuity Testing, Business Impact Analysis, Disaster Recovery | 1 Comment »

What type of Business Continuity Recovery Site do you need?

Monday, January 11th, 2010

The Recovery site is sometimes also referred to as the Alternate Site, Standby Site or Fallback Site.

Recovery sites can function purely as a standby data centre for your IT systems or they can be for business recovery as well, with desks, phones, desktop computers, meeting rooms and other facilities.

The data centre equipment and also the business recovery seats can be dedicated, by that meaning, totally reserved for your use only or shared, meaning first come first served in the event of a disaster. Which is why the ratio of clients to equipment is important as is the formula for how many clients from a given geographical area they subscribe to their ‘shared’ facility is as well.

One key decision when determining the most effective Business Continuity Strategy for an organization is the maximum readiness level of the recovery site (cold, warm, hot) that is required.

A cold recovery site is a facility that already has in place the environmental infrastructure required to recover critical business functions or information systems, but does not have any pre-installed computer hardware, telecommunications equipment, communication lines, etc. This scenario has the longest lead time to restoring live services because the equipment must be provisioned and setup after the event.

A warm recovery site is a site which is equipped with some hardware, and communications interfaces, electrical and environmental conditioning which is only capable of going live after additional provisioning, software or customization is performed, and the restoration of a database backup into the environment.

A hot recovery site is a facility that already has in place the computer, telecommunications, and environmental infrastructure required to recover critical business functions or information systems. Typically the organization’s data is synchronized to the hot site so that it can be switched across into live operation in a very short time, almost instantaneously in some instances. Because the data is mirroring at the data centre instantaneously or very frequently, the level of data loss in this scenario is usually minimal.

How to determine which type of recovery site is right for you?

Arising from your Business Impact Analysis, the Maximum Tolerable Outage for your business functions will give you the requirements by when the systems need to be up and running. The Recovery Point Objective, or the amount of acceptable data loss will help to inform these requirements as well. The right balance needs to be struck between the cost of the recovery solution and the cost of data loss, delays and downtime if you had to wait days or weeks to recover the systems.

This is why a wholistic, comprehensive Business Impact Analysis, involving the right business stakeholders and sponsored by Executive management is essential in order to determine the business continuity recovery strategy for your organization.

Tags: , , , , , , , , , , , , , ,
Posted in Alternate Site, Business Continuity, Business Impact Analysis | No Comments »

« Older Entries