The Middle Manager

Surviving & Thriving as a Leader

Business Continuation Plans, Pt. 1

We’re moving into the latter half of the year, which for Florida – where I live – means hurricane season is nearly upon us. Other parts of the country have tornados, earthquakes, blizzards, and other natural disasters. Then there are the man-made crisis of malware, ransomware, denial of service, or other malicious activity that can impact our ability to do business.

So how do we deal with these things? The most important thing is to be prepared. Do you have a clearly documented business continuation plan? It’s probably no surprise to anyone that most businesses, including really big ones in the Fortune 500, don’t really have a well documented, effective way to recover from a disaster. I’m going to detail here some of the things that you need to have in place in order to properly respond to an outage.

First, we need to define what sort of event would initiate the business continuation plan (BCP). These sort of events can range from a department outage to a site closure to a widespread issue encompassing the entire company. The recovery plan needs to be able to accommodate any of them, and the response to each would be different.

One way to approach it is to create and define crisis levels. For example:

  • Priority 3 – single-point failure of a key application, mission-critical tool, or business function.
  • Priority 2 – multiple-point failure of a key application, or a single site is entirely down (in a multi-site organization), or a critical process has failed.
  • Priority 1 – multiple sites are down, or a critical app or function has failed across the entire enterprise.

Depending on the size or scope of the organization there may be additional priorities that further break down the severity of an event.

Each of these scenarios would have an associated checklist readily available to a select group of individual making up a recovery team. The recovery team should be made up of people who cross all business and IT functions, have high availability, and be given the ability to make decisions on behalf of the greater organization to address business continuity. The makeup of this group should be reviewed on a regular basis; I would suggest quarterly at the very least.

So what sort of things need to be documented in a business continuation plan? Stay tuned here next week for more on the subject!

«

»

%d bloggers like this: