SmartAdvice: Planning Ahead Means A Disaster Needn't Wipe Out Your Business - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure
Commentary
8/19/2005
01:08 PM
Commentary
Commentary
Commentary
50%
50%

SmartAdvice: Planning Ahead Means A Disaster Needn't Wipe Out Your Business

Planning ensures a business will have in place a road map and people to give direction, The Advisory Council says. Also, managers have to work on 'soft skills' to get ahead.

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers two questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to [email protected]


Question A: What should be included in a "state of the art" business-continuity plan?

Our advice: A comprehensive business-continuity plan must enable you to survive as a legal and financial entity in case of disaster. To do this, the plan must address all of the key assets that are necessary to continue operations -- people, process, information, and facilities, as well as technology.

People
At the executive level, lines of succession should be included in your corporate charter and board of directors meeting minutes, so that there's no question about who is empowered to make what decisions.

Related Links

SmartAdvice: Disaster Recovery Plans



In the case of major disasters, you should have access to a detailed organization chart with job descriptions for every position. This should be accompanied by an employee file containing training levels and certifications for each employee. Should some personnel be unable to perform their tasks after an event, this can be used to fill key positions quickly. Businesses can use an in-house or outsourced call center to notify employees of immediate and ongoing status.

Finally, plans should include training and drills in the continuity plan itself.

Process
All business processes should be documented. Should the need arise to train new employees, well-written processes will accelerate that training. If it should become necessary to outsource an operation while you're rebuilding your infrastructure, the processes can be used to train outsourced staff as well.

Information
Much of the corporate information required to maintain the enterprise as a legal and financial entity is still paper based, requiring appropriate document-image backup technologies. If you have questions about the documents that may be vital to your recovery, you should discuss them with your corporate counsel or law department. This typical Records Retention Schedule [http://www.fileon.com/documents/records-retention-schedule.html] can be used as a starting point.

Computerized information generally protected includes customer and supplier databases, bills of material, financial databases, and human-resource databases. But key information some manufacturing companies forget includes engineering drawings, product specifications, and equipment specifications and settings.

Facilities
The business-continuity plans of many enterprises deal with physical facility protection as just that -- protection. A state-of-the-art plan, however, should include having agreements in place for occupying other locations from which business can be conducted for an extended period of time.

Technology
Most businesses have plans in place to back-up essential data. And most, if not all, have installed firewalls to prevent unauthorized access to their systems. But recognizing the vulnerability of data centers to physical damage, businesses should establish relationships with outsourcers that provide disaster-recovery hot sites.

Backup facilities should be on different power and communications grids than your data center. To protect your day-to-day operations, you also should have redundant network connections, through different service providers. Authorized employees should have access through a virtual private network not only to E-mail, but to business applications.

A final word: Having any plan is better than having no plan at all. But no matter how simple or complex your plan may be, test it. That's the only way you will know if it meets your needs.

--Ron Bleiberg

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll