|
Midsize
businesses (MSBs) have traditionally underinvested
in business continuity planning, and despite an increased
awareness of the need for it, many continue to do
so. Savvy MSBs, however, will act to assess and mitigate
the risks that endanger their business operations
and take action to effectively manage an emergency,
crisis or incident.
Events
such as those on September 11, 2001 are not the sole
or even the main reason to do business continuity
planning. It’s the hundreds of comparatively
minor vulnerabilities – a sustained power outage,
network disruption, or a simple virus – that
pose the biggest threat because of their greater likelihood
of occurring. The issue is not the absolute scale
of the disruption, but how disruptive and damaging
the incident is for business operations.
Placed
in the broader context of risk management, business
continuity planning enables midsize enterprises to
understand the essence of their business – the
critical business processes and resources such as
people, IT services, facilities, equipment, customers
and partner relationships – and how such assets
are essential to achieving business goals. Mitigating
the risks associated with these critical processes
and resources enables MSBs to be more agile in responding
to any event, and more likely to meet business objectives.
Many
components of business continuity planning cost little
in terms of capital investment, but do require an
investment in people resources and intellectual capital
to think through disruptive scenarios, document critical
resources, and then develop and implement action plans.
Investing in a business impact assessment will help
identify and rank business process and resource criticality,
priority and dependencies, so spending can be prioritized
accordingly. There’s no need to overspend on
preparedness and protection – simply spend in
the right places.
Following
are guidelines that you can follow as you prepare
for potential future disruptions:
• |
Ensure
that your scenario planning process and recovery
plans cover political and terrorist threats to
business operations, in addition to the traditional
scenarios of natural disasters and power, fire
and telecommunications outages. |
• |
Develop contingency plans that cover outages at
major suppliers, strategic alliances, external
services providers, infrastructure services (e.g.,
mail and phone) or transportation services to
ensure that your business operations can continue
even if impacted by an external event to the enterprise. |
• |
Review the business continuity plans of all outside
service providers that your enterprise uses to
ensure that your business operations are covered
by their plans. Ensure the contracts with such
vendors cover the business continuity requirements
of your enterprise. |
• |
Assign someone the responsibility of contacting
all of your customers and trading partners to
let them know that you are in the middle of a
crisis, that you have it under control, that you
are willing to work with the customer/trading
partner to re-arrange schedules, deliveries, etc.
and that you will remain in contact with them
so that their operations are minimally impacted
by your outage. |
• |
Establish personnel assistance programs to offer
medical assistance and other services, such as
grief counseling. |
• |
Maintain a current list of vendors that can provide
contract personnel within a short time period
(e.g., 12 to 24 hours) with skills that match
your enterprise’s requirements, especially
for IT skill sets. |
• |
Focus on the relocation of personnel to alternate,
appropriately outfitted locations (e.g., with
adequate office space, telephones and computers,
fax machines and other office equipment). ). Consider
implementing remote access services to your IT
environment so that employees can work from home. |
• |
Due to the long hours being worked during a recovery
situation, attend to the human needs of your personnel
– ensure food quality and variety, ease
of parking at the alternate processing site, and
provide shower, rest and physical activity facilities. |
• |
Work with local, state and federal authorities,
and emergency agencies to ensure that the enterprise
is planning for and can recover from events that
impact more than the enterprise itself. Include
the contact information for these authorities
and agencies in the business continuity plan and,
if appropriate, include them in your disaster
recovery tests. |
• |
Ensure that you can recover the connection points
of departmental/distributed work areas to the
network and core IT services. |
• |
Ensure that vital records of the enterprise that
are only in paper form are backed up and stored
at an off-site location with transportation availability
to it and the alternate processing site. |
Discover
more affordable and effective actions that you can
take. Learn from Gartner analysts and your peers at
Midsize
Enterprise Summit in 2004. Click
here to qualify to attend as our guest now.
References
Research Note
Preparing for a Disaster: Affordable SMB Actions
Published: March 6, 2002
Authors: Donna Scott and James Browning, Gartner,
Inc.
Research Note
Jump-Start the Business Continuity Plan: A Checklist
Published: September 21, 2001
Author: Roberta Witty, Gartner, Inc.
|
