http://www.computerweekly.com/Articles/2007/07/27/225807/business-continuity-the-expert-view.htm By Rebecca Thomson 27 July 2007 Business continuity is about expecting the unexpected and preparing for a system failure. Business continuity aims to prepare for natural disasters, accidents, transport problems, security threats, hacking and other e-crime, as well as problems such as avian flu. A business continuity plan spells out how you restore normal service in the event of one of these risks becoming a reality. It differs from disaster recovery, which is about getting systems up-and-running following a system failure. In contrast, business continuity is about whether an organisation can carry out its core business functions in any circumstances - this is about people, processes and policies, as well as technology. The business continuity committee must first identify which of a firm's activities are the most critical. In the event of a disaster, some services must be restored quickly (such as customer service and payroll), while less critical services (like the staff canteen) could be restored over a period of days or weeks. Once the core business processes are identified and prioritised, continuity experts advise a risk analysis, to assess how vulnerable the company's processes are. There are lots of audit tools to help with this process. Once the risks are identified, the business should consider whether to eliminate or mitigate a risk, rather than planning to recover from a problem later. Technology can improve business continuity with, for example, data-mirroring, off-site back-up and "battle boxes", which ensure companies always have access to a safe copy of critical manuals, processes and software licences. The key questions The Business Continuity Institute recommends businesses answer the following questions when creating their business continuity plan. What if: * Our electricity supply failed? * Our IT networks went down? * Our telephones went down? * Key documents were destroyed by fire? * Our staff could not gain access to the building for days, weeks or months? * There were casualties? * Our customers could not contact us? * Our suppliers could not supply us? * Our customers could not pay us? * We could not pay our suppliers? Recipe for a sound plan * Consult throughout the business. * Use non-technical language that everyone can understand. * Make it clear who needs to do what, and who takes responsibility for what. You should always include deputies to cover key roles. * Use checklists that are easy to follow. * Include direct instructions for the crucial first hour after an incident. * Include a list of things that do not need to be thought about until after the first hour. * Agree how often, when and how you will check your plan. Update it to reflect changes in your company's personnel and the risks it might face. * You will never be able to plan in detail for every possible event. Remember that people need to be able to react quickly in an emergency: stopping to read lots of detail may make that more difficult. * Plan for worst-case scenarios. If your plan covers how to get back in business if a flood destroys your building, it will also work if one floor is flooded. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Sun Jul 29 2007 - 23:24:44 PDT