SmartAdvice: Planning Ahead Means A Disaster Needn't Wipe Out Your Business - InformationWeek
01:08 PM
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

SmartAdvice: Planning Ahead Means A Disaster Needn't Wipe Out Your Business

Planning ensures a business will have in place a road map and people to give direction, The Advisory Council says. Also, managers have to work on 'soft skills' to get ahead.

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers two questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to

Question A: What should be included in a "state of the art" business-continuity plan?

Our advice: A comprehensive business-continuity plan must enable you to survive as a legal and financial entity in case of disaster. To do this, the plan must address all of the key assets that are necessary to continue operations -- people, process, information, and facilities, as well as technology.

At the executive level, lines of succession should be included in your corporate charter and board of directors meeting minutes, so that there's no question about who is empowered to make what decisions.

Related Links

SmartAdvice: Disaster Recovery Plans

In the case of major disasters, you should have access to a detailed organization chart with job descriptions for every position. This should be accompanied by an employee file containing training levels and certifications for each employee. Should some personnel be unable to perform their tasks after an event, this can be used to fill key positions quickly. Businesses can use an in-house or outsourced call center to notify employees of immediate and ongoing status.

Finally, plans should include training and drills in the continuity plan itself.

All business processes should be documented. Should the need arise to train new employees, well-written processes will accelerate that training. If it should become necessary to outsource an operation while you're rebuilding your infrastructure, the processes can be used to train outsourced staff as well.

Much of the corporate information required to maintain the enterprise as a legal and financial entity is still paper based, requiring appropriate document-image backup technologies. If you have questions about the documents that may be vital to your recovery, you should discuss them with your corporate counsel or law department. This typical Records Retention Schedule [] can be used as a starting point.

Computerized information generally protected includes customer and supplier databases, bills of material, financial databases, and human-resource databases. But key information some manufacturing companies forget includes engineering drawings, product specifications, and equipment specifications and settings.

The business-continuity plans of many enterprises deal with physical facility protection as just that -- protection. A state-of-the-art plan, however, should include having agreements in place for occupying other locations from which business can be conducted for an extended period of time.

Most businesses have plans in place to back-up essential data. And most, if not all, have installed firewalls to prevent unauthorized access to their systems. But recognizing the vulnerability of data centers to physical damage, businesses should establish relationships with outsourcers that provide disaster-recovery hot sites.

Backup facilities should be on different power and communications grids than your data center. To protect your day-to-day operations, you also should have redundant network connections, through different service providers. Authorized employees should have access through a virtual private network not only to E-mail, but to business applications.

A final word: Having any plan is better than having no plan at all. But no matter how simple or complex your plan may be, test it. That's the only way you will know if it meets your needs.

--Ron Bleiberg

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll