Business Continuity is one of the hottest topics in the IT industry, but why? And what really is it? Business Continuity is a vast and often overwhelming subject which, in the main, has been adopted by the IT Department. At its most basic level it encompasses everything involved in keeping a business up and running during a disaster. Or depending on your business requirements, everything involved in getting the business operational within a set period of time after a disaster. We are not just talking about recovering or maintaining IT functionality, but everything required for the business to operate. This can include the simple things such as paper, pens, desks and chairs.
Before looking into all of this, it is necessary to assess the potential risks affecting your business, the likelihood they will occur and the disruption they could cause. This will aid you in deciding what level of protection is required and may help in determining some realistic Recovery Time and Recovery Point Objectives, (RTO & RPO). Another major factor affecting these objectives will be cost. The cost associated with the loss of a particular business function, be it IT related or not, or the perceived cost of lost reputation or potential revenue.
Now with the way the world is evolving, IT is becoming increasingly important in everyday business and life. The rapid development of the internet has made it easier to reach and communicate with your clients and suppliers, and whether you choose to be an e-tailer or are forced by suppliers to order online, IT functions will probably be at the core of your business. This may be in the form of communications, customer/supplier management or just product/company information. How critical IT functions are to your business is dependent on the business itself but IT is certainly more important today than it has ever been. As the majority of us rely so heavily on email for communication, I challenge anyone who is happy to tell their board of directors that email is not working and “might not be back online for a while”!
So now it becomes at least a little easier to see why, in so many cases, the person responsible for IT ends up wearing the business continuity “hat”. Whether this is the right choice or not is a topic in itself, but in the majority of SMEs it is still the IT Department who end up with the responsibility for business continuity. It is only when we start to look at the much larger enterprises that there are dedicated business continuity professionals (and even they may use outside help).
So what skills are required to be an effective business continuity professional? In my opinion, the first and most important skill is communication. Whoever is given the responsibility must be able to communicate at all levels within the organisation and, more importantly, sometimes with the media. When disasters strike, the media will want to know what has happened, how it happened, whose fault it was, what you are doing to recover and how you are managing the relationships with your clients and suppliers. Giving an inappropriate answer to any of these questions could see your organisation losing face in front of customers and suppliers and ultimately allowing your competitors to capitalise on your own shortcomings.
However, managing the situation correctly will improve your reputation. Secondly, I believe, come organisational skills. Business continuity is a massive undertaking affecting every system, department and person within the business. Everything will have to be documented, in duplicate, and the plan should be executable even in your absence. You are not just responsible for creating the plan and deciding on appropriate levels of protection and recovery methods but also for training your staff. Each and every member of staff must understand their role (or how to respond) during a disaster. Remember these are not the only skills required and I am looking at a fairly basic level, but without these key skills your business continuity plan is unlikely to get off the ground, let alone be effective.