Business continuity: the expert view

Business continuity: the expert view
Business continuity: the expert view 

By Rebecca Thomson
27 July 2007

Business continuity is about expecting the unexpected and preparing for 
a system failure.

Business continuity aims to prepare for natural disasters, accidents, 
transport problems, security threats, hacking and other e-crime, as well 
as problems such as avian flu.

A business continuity plan spells out how you restore normal service in 
the event of one of these risks becoming a reality.

It differs from disaster recovery, which is about getting systems 
up-and-running following a system failure. In contrast, business 
continuity is about whether an organisation can carry out its core 
business functions in any circumstances - this is about people, 
processes and policies, as well as technology.

The business continuity committee must first identify which of a firm's 
activities are the most critical. In the event of a disaster, some 
services must be restored quickly (such as customer service and 
payroll), while less critical services (like the staff canteen) could be 
restored over a period of days or weeks.

Once the core business processes are identified and prioritised, 
continuity experts advise a risk analysis, to assess how vulnerable the 
company's processes are. There are lots of audit tools to help with this 

Once the risks are identified, the business should consider whether to 
eliminate or mitigate a risk, rather than planning to recover from a 
problem later.

Technology can improve business continuity with, for example, 
data-mirroring, off-site back-up and "battle boxes", which ensure 
companies always have access to a safe copy of critical manuals, 
processes and software licences.

The key questions

The Business Continuity Institute recommends businesses answer the 
following questions when creating their business continuity plan. What 

* Our electricity supply failed?

* Our IT networks went down?

* Our telephones went down?

* Key documents were destroyed by fire?

* Our staff could not gain access to the building for days, weeks or 

* There were casualties?

* Our customers could not contact us?

* Our suppliers could not supply us?

* Our customers could not pay us?

* We could not pay our suppliers?


Recipe for a sound plan

* Consult throughout the business.

* Use non-technical language that everyone can understand.

* Make it clear who needs to do what, and who takes responsibility for 
  what. You should always include deputies to cover key roles.

* Use checklists that are easy to follow.

* Include direct instructions for the crucial first hour after an 

* Include a list of things that do not need to be thought about until 
  after the first hour.

* Agree how often, when and how you will check your plan. Update it to 
  reflect changes in your company's personnel and the risks it might 

* You will never be able to plan in detail for every possible event.  
  Remember that people need to be able to react quickly in an emergency:  
  stopping to read lots of detail may make that more difficult.

* Plan for worst-case scenarios. If your plan covers how to get back in 
  business if a flood destroys your building, it will also work if one 
  floor is flooded.

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. 

Site design & layout copyright © 1986-2015 CodeGods