Going for gold in business continuity
Business of IT: London 2012 has the potential to bring serious disruption to some companies, making now a good a time to update business continuity plans.
As one IT director put it, there is little point in having IT systems running at full tilt in a backup datacentre if staff cannot use the main office, because there is no catering, and no-one to clean the toilets.
This does not mean that every company should have to comply with a detailed business continuity planning standard, such as the recently-launched ISO22310 (formerly BS25999). For some smaller suppliers, the level of work involved cannot be justified. But enterprises and public sector organisations do need to pay as much attention to their supply chains, as they do to their own continuity and recovery plans.
Floods to 'flu: non-IT threats
It is also a mistake to see business continuity only as an IT issue. Basic IT backup and recovery is important, and no organisation can afford to overlook it. But businesses also need to anticipate a wider range of threats, especially those that affect staff.
A few years ago, pandemic planning was top of the business continuity agenda. More recently, UK businesses have been forced to react to transport disruption, and to floods. Companies have also had to deal with supply chain problems, following the earthquake and tsunami in Japan.
"You should not look for a single business continuity planning solution. Multiple strategies are valid. You can contract to have a workplace recovery site, and you can build in processes to make users, or the IT organisation, more BCP aware," he advises.
And you can nurture working from home programmes. The important point is to have a framework."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Businesses should, he says, start by assessing their risks, and listing their most critical systems and operations.
Some people, and some IT resources, will be critical to the company's operations in an emergency, and some will be vital for the business to trade. Those should be recovered first. Other, less critical systems can come back online later, and some staff may be able to work from home for longer.
What matters is to have a plan, to test it, and to ensure that everyone knows who will be in charge. The best person to run an emergency response team might not be the CEO or MD, and it might well be the head of IT.
"For most companies, it is a question of tiering applications," says Sungard's Tilley. "You probably won't have 100 per cent availability of all systems; there will be some that are needed fairly quickly, and others you can manage without for a few more days."