Business disruptions come in all kinds of guises. The Covid-19 pandemic was an extreme example, forcing organisations worldwide to pivot to home-working on a scale previously unseen.
Those that were well-prepared – with the technology and processes to support effective remote working – continued operating relatively seamlessly. Others were forced to identify and implement new ways of working and technologies under extreme time pressure, which doesn’t always lead to optimal outcomes.
Pandemics are thankfully rare, but other disruptive events happen with much greater regularity. Is your organisation equipped to respond to an office or data centre becoming unusable, loss of key connectivity, the sudden unavailability of particular employees, a cyberattack, or some other eventuality no one has yet even considered?
The importance of robust business continuity plans
If a major incident occurs, your business continuity (BC) processes should ensure you continue to operate as normally as possible – or return to normal operations quickly. As someone working in the technology function, much of your focus will be around the disaster recovery (DR) elements of the BC plan: restoring access to the critical data and applications you need to run the organisation.
Reviewing and testing your BC and DR plans probably isn’t the most exciting part of your job. This may explain why it’s not uncommon to find organisations that don’t periodically test, or even have, such plans. But with threats increasing in number, sophistication and diversity, having robust BC and DR processes – and having full confidence in them – has never been more important.
Below, we’ve set out some of the questions IT leaders should be asking themselves and their teams.
Do you have properly documented business continuity and disaster recovery plans?
Are these regularly maintained, to ensure they cover all your operations? Are your plans sufficiently detailed, with key roles assigned to teams or individuals? What happens if those teams or individuals are unavailable? What conditions need to be met to trigger the various parts of your plans?
When were your business continuity and disaster recovery processes last properly tested?
Providing employees with BC and DR training is important, but the processes must also be tested regularly. This is the only way to ensure all employees know what to do in an emergency.
When were your BC and DR processes properly put through their paces? In many cases, this will mean running table-top or live simulations, covering a range of potential major incident scenarios.
Can you restore data from your backups? Do enough people know how? Can you run the organisation from your disaster recovery site?
What happens if employees couldn’t access the office one day? How does the business cope, both procedurally (do people know what to do?) and technically (has everyone got access to the technology they need, or have some people left their laptops in the office?)?
What issues arose during previous testing, and what has been done about it?
Have these been documented, prioritised and assigned to an individual or team to be addressed? Have these issues since been addressed or mitigated? And has the process been re-tested?
It pays to be prepared
As someone once starkly put it to me: The reality is that if you don’t have BC and DR processes that have been tested and you have full confidence in, then you effectively have no business – such is the level of risk you’re operating with.
The good news is that by ensuring you have robust and frequently tested BC and DR plans, your team will be well-versed in what to do, next time you’re hit by some kind of disruption – whatever form it takes.