ITEXPO begins in:   New Coverage :  Asterisk  |  Fax Software  |  SIP Phones  |  Small Cells

Does Your Contact Center Have A Business Continuity Plan?

By Catherine McNair Avaya


Imagine for a moment that you get a call in the middle of the night. There's been a fire at your building and the entire data center is destroyed. There's no question that this will have a significant impact on the functioning of your business, but planning ahead and developing an overall business continuity plan can help reduce that impact. Recent events have highlighted the fact that every business should have plans in place to guide people through the chaos, towards recovery.

In today's world we are increasingly dependent on rapidly changing technology. Planning ahead for potential disruptions can make the difference between whether your business quickly gets back on track, or as in some cases, whether it even endures. This is particularly the case in situations where your business or contact center has recently grown rapidly and new servers, applications or telephony equipment, along with backups and data, could be lost.

However, whether or not your business has a contact center, there is an increasing focus on business continuity and disaster recovery efforts in businesses today, with and without contact centers. The high cost of downtime plus the loss of valuable information and equipment mean that many businesses don't survive a major catastrophe. Business continuity planning can help reduce those costs, and may be what keeps your business in existence.

What Is Business Continuity?
The terms 'business continuity' and 'disaster recovery' are often used interchangeably, since both terms refer to efforts a business makes to protect against the impact of a disruption. It is important to first understand the subtle differences between business continuity and disaster recovery, however, before discussing why this has become so important.

Business continuity refers to the planning and processes an organization puts in place to mitigate risk, prevent disaster and protect operations. It includes development of a disaster recovery plan. Business continuity planning occurs well before disaster strikes with the intent to reduce any impact if and when it does. Disaster recovery refers to the plans and activities to be engaged if a disaster occurs which move an organization toward recovery.

Business continuity planning involves many different activities that typically follow a general path. Most business continuity planning activities start with a risk assessment and business impact analysis, which then proceed to documentation of the disaster recovery plan. Finally, the plan is tested and employees are trained on their roles, responsibilities and procedures if an unexpected event with the potential to impact business occurs. It is also critical to review and update every business continuity plan at least once a year to update contacts and other pertinent information.

A risk assessment and a business impact analysis are initial information-gathering tools designed to understand where there is exposure to risk and the impact to revenue generation. A risk assessment may look at the entire business and its processes, including the physical environment and the technologies supporting it, to identify all possible areas of exposure. Examples may be obvious, such as a weather-related event, or somewhat more obscure, such as discovering there is no backup to critical data stored on a particular server.

A business impact analysis reviews the business operations and the criticality of each with the goal of identifying where a business would be most affected if a failure were to occur. A business impact analysis specifically helps identify three important items for business operations: the recovery point objective (RPO), recovery time objective (RTO) and recovery scope objective (RSO).

The recovery point objective identifies from what point data can be recovered; essentially, the longest potential period since a backup was done. For instance, if customer data are backed up nightly, but only rotated off-site every other day, the RPO is approximately 48 hours because it may be necessary to recover from the point of the last off-site backup.

Recovery time objective is a measurement of how soon a business task or process must be operational following a disaster. For instance, if your contact center operates with service level agreements that require agents to respond to a request in two hours or less, your RTO for the contact center is two hours.

Recovery scope objective refers to what data, applications, processes or other critical business functions must be recovered and the priority for each in the recovery process. The contact center may have the highest priority to ensure a continued stream of incoming revenue or customer service. The applications and technology associated with the critical functions the agents perform will be included in the RSO.

Once the data gathering is completed, documenting a disaster recovery plan begins. Often, part of this process is fortifying the business to mitigate risk, such as upgrading or adding to the technical infrastructure. Disaster recovery plan development is followed by either a full-scale test of the plan or a tabletop exercise and making appropriate adjustments. Employees are then trained: several may have specific tasks to support recovery efforts, while some will need to understand only who to call or what will happen in the event of a disaster.

Why Is Business Continuity So Important To A Contact Center?
A contact center must use multiple systems and technologies to operate and compete in today's global economy. Businesses today are heavily dependent on systems that enable functions to be done in a short amount of time and over vast distances. A few of these critical systems are the telephony equipment and telephones, the customer database, applications accessed each time a contact with a customer is made, and more. The following is an overview of how the increasing dependence on technology heightens the need to create and maintain business continuity plans.

Emerging technologies. When contact centers were merely call centers, the main concern was making sure the phone system and lines were up and working. Today, companies must ensure the health of not only the phone lines, but also e-mail and voice mail, Web servers, databases, contact center management applications, voice recording equipment, telephony servers, customer interaction applications, Blackberry servers, and more.

Global workplace. Our economy, our workplace and our customers are global. If a contact center is disrupted due to a regional disaster, the customers in that area may be sympathetic because they know the conditions under which it is operating. Customers across the globe may not know about a regional disaster, however, and may call a competitor instead.

Many companies have more than one location, and those locations are geographically diverse. The business continuity implications of this are two-fold. First, it means that a single location may not present a point of failure ' if something happens to interrupt business at one location, the other location, if properly prepared, can take over operations temporarily. The other location, however, must be far enough away to ensure that it will not be affected by the same interruption. Second, it means that planning to protect business operations is more complex because the planning has to encompass all locations. The benefits of maintaining more than one, or several, locations far outweigh the costs, however.

Reliability. It is much harder to maintain reliability with today's technology. Technology advances rapidly as a result of competition and customer demand. Many developers no longer have the luxury of spending years creating a product that is bug-free before it comes to market. Contact center managers have many choices in emerging technologies and gadgets to increase efficiency, but inherent in the newest of these is a potential disruption because of an unforeseen problem, use, or lack of capacity.

Security. Hacking and other security-related disruptions are increasing concerns as well. Security threats come in many forms, and when your applications are open to the public on the Internet, your business is open to a significant risk. Some businesses hire security auditors, analysts or other professionals to assist them in protecting assets. These professionals spend a significant amount of time and effort protecting against potential threats, and must constantly strive to stay one step ahead and safeguard mission-critical applications.

911 regulations. People will always be the most important asset, and their protection comes in the form of safety and emergency response procedures that prevent loss of human life. Lately, E911 calling is getting a great deal of attention due to new IP-based communications that may not efficiently provision emergency calls and response.

Businesses in large buildings or campuses and businesses using IP telephony must take measures to ensure that a person calling 911 can be located by emergency services ' the main thrust of E911 requirements. In large buildings or on campuses using IP telephony, this may not be automatically apparent depending on which vendor's system is installed. In addition, the mobility of users enabled by IP telephony means that a caller could be physically located almost anywhere. Hence, 911 calling must be tested, with appropriate procedures related to 911 calls put in place and included with disaster recovery documentation.

Industry regulations. Over the past several years, broad publicity surrounding several adverse events has resulted in a number of industries creating regulations that require the following: that client information be secured, that data backup procedures are instituted so information can be produced at any time, that security protection to prevent intrusions and disruptions be implemented, and that companies develop business continuity/disaster recovery plans. Depending on the industry, regulations such as HIPAA, Sabanes-Oxley or others may be important considerations in such plans.

Service level agreements. Service level agreements (SLAs) are becoming more common and more demanding. Your customers must also protect their business, revenue and assets, and one way to do so is to set up an SLA with a vendor to provide some assurance that they can count on your business to be available, or there will be financial penalties. Penalties for not fulfilling an SLA must always be considered as a potential cost of downtime when developing business continuity plans.

Increased demand on worker's time. Not too many people today have the luxury of a single job responsibility. With multiple responsibilities cast over time that is increasingly stretched to the limit, the most pressing needs are dealt with first, while other efforts go to the back burner. Planning for a 'might happen' becomes a low priority. In addition, with so many people pressed for time, it is easier to make mistakes ' either by creating an incomplete business continuity plan or by creating the disaster itself. Some estimates indicate that about one-third of network outages are a result of human error.

Dependence on many vendors. The number of vendors a business depends on has increased in past years as well. Not only do businesses have SLAs which require a certain level of service, those businesses in turn must make requirements of their own vendors as well. If a disaster happens at your business, you need to know how much you can depend on your vendors in recovery efforts.

Evaluate Your Business And Contact Center
At this point, the question is: 'How prepared is your business?' With some of these ideas in mind, how your business or technical infrastructure has changed could increase the need to develop or review business continuity plans. Often, the best time to plan is when the infrastructure is being changed or upgraded. It is most cost-effective to build in protective measures as you go, rather than build on to an existing infrastructure after it is in place.

Even if the technology is secure, in the absence of written plans, that technology can't be used to its best ability. It won't do anyone any good if the equipment and capability are there, but no one knows what to do with them.

While business continuity planning may seem like a daunting task and the time better spent on more current critical needs, the day after a disaster should never be a starting point to reflect on what should have been done. Plan now to protect what has been so carefully built to produce revenue and provide needed services to your customers. CIS '

Catherine McNair is a Senior Business Continuity Consultant with Avaya's Business Continuity Practice, which offers consulting in business continuity and disaster recovery. She assists organizations with all areas of business continuity planning, prepares articles on business continuity and speaks on the subject at conferences and other engagements. Contact her at [email protected] for more information.

[Return To The Table Of Contents]

| More