Final Paper
Created By David A. Kennedy
Business Continuity and Disaster Planning
FES6827
Dr. Lindsey
Be Prepared
Owning a business can have many stressors day to day. When starting a business there is a lot of planning and preparation involved. Many small businesses are owners who have put their own money into the business and look at it as an investment. Unfortunately with all the planning that goes into starting a business, one thing is often over looked. Most of the time the “what ifs”, are not part of the planning stage. One reason for this is that people do not like to think of the bad things that could or may happen. So with all the time and planning put into starting a business why not put some extra thought into a plan B if a disaster strikes? This plan B could be a business continuity plan or a disaster recovery plan. Business continuity plans are an essential part of the modern day business. There are so many potential disasters for small businesses that could seize the production or even close the business down for good. A recent study from Gartner Inc., found that “90% of companies that experience data loss go out of business within two years. It also found that 80% of company owners have not thought about how they would keep their businesses up and running if a data disaster occurs.” According to the Association of Records Managers and Administrators, “about 60 percent of businesses that experience a major disaster such as a fire close
While these situations are not entirely avoidable, an organization’s ability to recover from such setbacks largely depends on how much energy has been invested into identifying and mitigating risk through the use of a well-established business continuity plan. Lindros and Tittel (2013) explain that business continuity refers to maintaining business functions, or quickly recovering such functions in the event of a major disruption, and the lack of planning doesn’t just mean an organization will take longer to recover, but may never recover at all. The first step to developing an effective continuity plan is a thorough planning process in which an organization establishes
“Disaster is an occurrence that disrupts the functioning of the organization resulting in loss of data, loss of personnel, loss of business or loss of time” (Hiatt, 2000). In this case, we are focusing mainly on natural disasters. This makes our focus shift towards the destruction of physical resources more than other types of crises. Before starting the plan, we should be able to secure the necessary support and resources from top management for the plan to be carried out, have a plan development team and have a disaster recovery coordinator (Hiatt, 2000). All companies, especially ones located within areas prone to natural disaster should allocate budget and effort towards disaster preparedness. If the company has special IT personels that are familiar with the matters, it is best. Otherwise, the plan development team should contain members that know about the business network system as well as the company’s operation. These are the necessary steps before making the actual
Good Business Continuity Planning starts with being proactive. That means taking concrete steps to plan for an incident much before it actually strikes. There is no one single approach that fits for all types of incidents as no two emergencies are identical. Much of business continuity planning varies based on the size of the company, company’s line of business, and the locations of the company, customers and suppliers.
The business continuity & disaster recovery is written into the policy to ensure each department knows and has a plan in case of an unexpected event such as a fire, vandalism, and natural disaster that would disrupt normal business. This part of the plan also states that data administrators are the ones responsible to implement procedures for critical backup of data and how long the recovery time would be which is set by the data stewards and other stockholders.
There will be a disaster plan in place for such things as floods, storms, of equipment failure. All customer information will be backed up and on a secure network and system with password protected group policies.
A BCP should cover all of the things that could cease regular business operation. Once that has been establish, then we will need to determine what is required for continue operation during a disaster. Then who are the key personnel and what their job will be in support of the continue operation. Identify the key equipment, storage data area and the secondary location at least 30-50 miles away from your primary position.
Senior management concern in the development of plan helps in creating a more robust plan where every need is met in a more effective way. In case of any disaster recovery or business continuity plan, main focus is always to find a way through which business operations keep on the track. For this purpose, plan should include methods through which workers would interact with each other and carry out their routine
There is a multitude of reasons for an organization to have a business continuity plan in place. The incident does not really matter whether it is natural or manmade disaster/incident but if an incident occurs, it can have a disastrous effect causing the company operation to become unstable and having the inability to contain or control its impact can halt the business routine (Vacca, 2013).
An important aspect I want to review is the disaster recovery plan. This plan is different from business continuity but some features do overlap. A disaster recovery plan prepares the business to recover their IT systems and assets after a disaster. Beginning with Wilma Stone, Margie Nelson, and Gary Thomas as management they need to meet with their IT department heads and perform a risk assessment to identify IT equipment and services that are critical to business operations. Identifying these critical components will give an initial point to recovery. As these are essential to business operations, the chosen IT systems should be priority in prevention, response, and during recovery. Charts and documents will help organize this and inform staff on the involved areas.
Disaster recovery is a subset of business continuity planning, which focuses on non-related aspects of IT, such as facilities, crisis communication, and personnel; whereas disaster recovery planning focuses on the IT-related infrastructure recovery and continuity (Ranajee, 2012). Disaster recovery planning must be a collaborative effort between company executives and IT team. These methods are examples of physical security systems, strict access protocols, and access authorization procedures required by HIPAA. The organization should provide layers of physical security within their infrastructure, such as 24-hour monitoring, biometrics, and higher levels of redundancy, with strong connectivity networks and back-up generators (Ranajee,
In this day and age, a business continuity plan is essential to an organizations risk management. A large organization like Sunshine Machine Works understand that time is critical when it comes to natural disasters or man made interruptions to their network systems. When a system is offline for excessive amounts of time, could mean a loss to the organization. That’s why having an effective business continuity plan is vital to keeping operations for being disturbed during a time of crisis whether it is an attack or natural disaster that could potentially affect Sunshine Machine Works operations, data and networks.
Every business and organization can experience a serious incident which can prevent it from continuing normal operations. This can happen any day at any time. The potential causes are many and varied: flood, explosion, computer malfunction, accident, grievous act... the list is endless.
Disasters have become an inevitable part of businesses and organizations as well. They not only have a major effect on business and organizational continuity; they also result to an overhaul in organizational operational mechanisms (Awasthy, 2009). It is for this reason that many organizations and business resort to preparing business continuity plans and disaster recovery plans that will facilitate better disaster management in future. Effective disaster recovery plans are important to every business and organization (Thejendra, 2008).
As a consultant brought into an organization concerned about business continuity I would recommend to first perform a Risk Assessment Analysis and/or Business Impact Analysis (BIA). Conducting a business impact analysis will allow an organization to know the system or application’s downtime tolerance. The analysis will identify all systems and applications that can experience little to no downtime. Conducting risk assessment analysis will allow the organization to identify all the risks at the beginning and during the life of the organization, and grade the risks in terms of likelihood of occurring and seriousness of impact on the organization. Either analysis is an excellent tool and will result in the beginning creations of disaster recovery and business continuity planning. If using the BIA method a good first step is identifying the business’ most crucial systems and processes to assess what effect the outages will have on the business. All systems or applications should have a back-up location offsite to ensure business continuity. The higher the impact the more money a company should spend in order to quickly gain restoration of their business.
Contingency planners are now asserting that contingency planning is a value-added component that can be a competitive advantage in the marketplace as well a means of helping organizations save money. Processes that are deeply analyzed in terms of continuity will usually be more secure, and new ways of working may emerge to help streamline operations. Contingency planning can be useful when forging alliances with external organizations or during acquisition phases. Contingency planning should be part of an organization’s quality cycle as well. “Business continuity and disaster recovery have gained somewhat in the eyes of top corporate management since the start of the 1990s. As the industry has slowly evolved from what could almost have been called a ‘black art’ to something starting to resemble a disciplined science, basic business principles have begun to become increasingly relevant” (Rothstein, 2003, p. 1).