In business, as in life in general, it is easy to see the opportunities and miss the full extent of the risks.
A Web service can shut down or be bought. A cellular network can stop working or cease to have adequate capacity. A supplier can fail to meet demand.
Disruptions will happen, and the smart business will be ready for it.
Business continuity planning is the planning against business disruption. This disruption can be from catastrophic events such as hurricane or fire, but most of the time it comes from much more mundane challenges such as a key Web service that stops functioning.
Giving a framework for developing a good business continuity plan is ISO 22301, the international management systems standard for business continuity management. It offers best practices for preparation of operational disruptions, and gives clear guidance and frameworks for the creation of business continuity plans.
The five elements of a business continuity lifecycle, according to the standard, include risk analysis; strategy definition; solution design and implementation; testing; and administration and maintenance.
Busy managers will want to jump right to solution design and implementation, but without the right foundation a business continuity plan will fail to tackle the challenges it is meant to address.
The first step in preparing a good business continuity plan is performing risk analysis. There are various methods of determining potential risks, but no matter which approach is taken there needs to be a thorough assessment of where issues with continuity could occur. If the risks are not clear, countermeasures against those risks cannot be developed.
The second stage is strategy definition. Given a risk, what measures could be taken to overcome the challenge? This could include having a backup communications network for field equipment in case the main network goes down, or it could be defining an alternate supplier or Web service in case the main supplier or Web service unexpectedly fails to meet the needs.
The third stage is, of course, to move beyond the strategy definition and both choosing and implementing tactics such as picking an alternate supplier as a backup or installing a backup communications system such as those offered by out-of-band management provider, Opengear (News - Alert).
But having a business continuity plan doesn’t end with implementation, which often is where the process stops and subsequently falls short. A testing phase also is a crucial, necessary step that far too many businesses skip. There may be alternate servers in case the main data servers go down, for instance, but will these servers actually be able to ramp up, and will data integrity be preserved? Without testing, the countermeasure to a risk might prove hollow and ineffective.
Finally, it is important to prioritize administration and maintenance of business continuity plans. Obviously continuity cannot become the lion’s share of the work a business performs, but like almost anything there is the need for periodic maintenance to make sure the solution is ready when it is needed.
It is not a question if there will be disruptions to a business, only from where it will come and how it will be resolved. A company that has a business continuity plan in place will have a substantial leg up when these disruptions do occur.
Edited by Rory J. Thompson