SmartAdvice: Planning Ahead Means A Disaster Needn't Wipe Out Your Business
Planning ensures a business will have in place a road map and people to give direction, The Advisory Council says. Also, managers have to work on 'soft skills' to get ahead.
Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers two questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to firstname.lastname@example.org
Question A: What should be included in a "state of the art" business-continuity plan?
Our advice: A comprehensive business-continuity plan must enable you to survive as a legal and financial entity in case of disaster. To do this, the plan must address all of the key assets that are necessary to continue operations -- people, process, information, and facilities, as well as technology.
At the executive level, lines of succession should be included in your corporate charter and board of directors meeting minutes, so that there's no question about who is empowered to make what decisions.
In the case of major disasters, you should have access to a detailed organization chart with job descriptions for every position. This should be accompanied by an employee file containing training levels and certifications for each employee. Should some personnel be unable to perform their tasks after an event, this can be used to fill key positions quickly. Businesses can use an in-house or outsourced call center to notify employees of immediate and ongoing status.
Finally, plans should include training and drills in the continuity plan itself.
All business processes should be documented. Should the need arise to train new employees, well-written processes will accelerate that training. If it should become necessary to outsource an operation while you're rebuilding your infrastructure, the processes can be used to train outsourced staff as well.
Much of the corporate information required to maintain the enterprise as a legal and financial entity is still paper based, requiring appropriate document-image backup technologies. If you have questions about the documents that may be vital to your recovery, you should discuss them with your corporate counsel or law department. This typical Records Retention Schedule [http://www.fileon.com/documents/records-retention-schedule.html] can be used as a starting point.
Computerized information generally protected includes customer and supplier databases, bills of material, financial databases, and human-resource databases. But key information some manufacturing companies forget includes engineering drawings, product specifications, and equipment specifications and settings.
The business-continuity plans of many enterprises deal with physical facility protection as just that -- protection. A state-of-the-art plan, however, should include having agreements in place for occupying other locations from which business can be conducted for an extended period of time.
Most businesses have plans in place to back-up essential data. And most, if not all, have installed firewalls to prevent unauthorized access to their systems. But recognizing the vulnerability of data centers to physical damage, businesses should establish relationships with outsourcers that provide disaster-recovery hot sites.
Backup facilities should be on different power and communications grids than your data center. To protect your day-to-day operations, you also should have redundant network connections, through different service providers. Authorized employees should have access through a virtual private network not only to E-mail, but to business applications.
A final word: Having any plan is better than having no plan at all. But no matter how simple or complex your plan may be, test it. That's the only way you will know if it meets your needs.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.