By Norm Alesi, Co-Founder and Partner for Laurus Technologies

Every business is vulnerable to a variety of incidents, events that can happen in any economy, any climate and at any time of day.

The initial inclination is to think about natural disasters, those weather-related events that draw the attention of the media. A 2004 study published by the Federal Emergency Management Association (FEMA) indicates that since 1976 the US has averaged roughly 35 of these incidents on an annual basis. These are typically catastrophic incidents for which contingency planning consideration should be given; however, the likelihood of their occurrence is quite small for most organizations. There are many other types of everyday risks, though, that businesses should also be prepared for. This extensive list (Equipment & Facilities, Malicious Acts, Personnel, Human Error. Legal, Financial, etc) spans multiple disciplines of the organization, and can be overwhelming.

So contingency planning is a broad arena that addresses the myriad of risks facing the organization. Responsibility for these various programs has broadened as trends hold executive leadership more personally responsible for the wellness of the business that they oversee. While information technology (IT) is a crucial part of any business in today’s environment, contingency planning is a much more comprehensive business initiative.

Still, information technology leadership is often asked to lead the charge in disaster recovery (DR) and business continuity (BC) planning programs. The lines are being blurred.

IT leadership’s role is most appropriately focused on planning for those business risks that are directly related to the provision of data center services. This process involves DR strategy development, DR restoration planning, and BC planning for critical business functions that must be maintained during an outage of IT services.

In the formulation of DR/BC Strategy, IT leadership is being asked to make tough decisions. And, this places a tremendous responsibility upon these individuals. Put in the position of determining which business units are most important, what priorities should exist after a disaster, and how to ensure business continuity, IT leaders can be overwhelmed. Business unit managers and executives must take part. Not only in providing assistance in the development of the appropriate DR/BC strategy, but also in planning for their own survival during an outage of data center services.

This is why IT-Centric Business Continuity Planning (IT-BCP) is an appropriate parameter of accountability for IT leadership in today’s contingency planning environment.

IT-Centric Business Continuity Planning
Overall DR/BC strategy relies on a few main factors including budget, operational priorities, the breadth of risks to be evaluated, the timeframe in which recovery is expected, and what a recovered environment includes. Let’s begin with two key principles that have a significant impact in assisting the IT organization in defining the objectives of its DR/BC strategy:

Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
The RTO is defined as the period of time within which pre-defined business processes must be restored (e.g. “our business unit/process can operate without access to the data center for 2 hours before there is a critical impact”). In some cases, the RTO is nearly instantaneous. Consider financial trading environments, where even a momentary loss of communications or computing systems would have a dramatic customer service and financial impact.

Other processes at the trading company may, however, allow for some degree of outage period, such as the generation of daily reports, the creation of invoices, or the issuance of checks for payments. While inconvenient, these later types of incidents rarely have immediate impact, and the recovery time can be extended over the course of minutes to days, depending on the nature of the system

You do not have flash or javascript support.

Average (0 votes)

Reply