Is your business continuous?

CIOs should use a business continuity plan to make their organisations less susceptible to outages. Here are a few steps that will go a long way in ensuring continuous operations and productivity in the workplace. by Lakshman Narayanaswamy

Business continuity is about making your business resilient to events that are disruptive and affect the goals of your business. Taking steps to keep your business continuous does not have to be complex and fraught with options and possibilities.

In this article, we introduce the methodology behind business continuity planning and aim to simplify what it takes to make your business more continuous, and how to derive the biggest bang for the buck from your investment in business continuity.

Talking the talk

Business continuity and Disaster Recovery (DR) are two terms that are used interchangeably. DR is an older term that is used for recovery of IT systems. It also connotes a reactive approach to managing recovery. Business continuity is the current usage that connotes a broader scope then just IT. It also suggests a proactive approach in keeping the business available.

The approach to business continuity is common sense, just like having a spare tyre in the car to avoid disruptions from nails on the road, and a second gas cylinder in the kitchen to compensate for delivery delays.

Business owners and management must not dismiss business continuity as an exercise only for the top 100. According to The New York Times 45,000 small businesses ceased to exist after the Sept 11 attack on the World Trade Center as they could not absorb the loss of income and the operational logistics of being around the disaster site.

Know thy business

An effective start to making your business more available is to understand the various activities that connect a customer requirement to its fulfillment. The goal of this exercise is to identify activities that are critical to the running of the business.

Once critical activities are identified, the inputs, outputs and various dependencies must be understood. As an example, in a manufacturing enterprise, the goods production plant is critical for the viability of the business. A key dependency of the manufacturing process could be the ERR system that runs all the machinery in the plant.

The critical activity could be an IT application, for example, ATOM banking and information in a banking enterprise.

Critical to business

When is an activity critical to the business? When the loss of or inability to provide for the activity damages the business. The loss or damage can be a financial impact or a qualitative measure like loss of reputation and customer trust. It is very useful to understand the implication of loss and quantify it.

As an example, banking industry figures suggest that thirty minutes of downtime can translate to a loss of up to Rsv 2 crone. Based on the impact of downtime, the management can determine recovery objectives. A key recovery measure is Recover Time Objective (RTF), the amount of time the business has before it must be available.

Having identified activities that are critical to a business, the next step is to explore the vulnerability of the business to various kinds of events.

Understand your business vulnerabilities

Tsunami and earthquakes make headlines and draw attention, but experience tells us that unplanned events and ‘acts of God’ account for less then five percent of business downtime. Everyday events like software and hardware errors, patch upgrades, configuration changes, network outages and power failure cause over 80 percent of business outages.

A time-tested way to understand your business vulnerabilities is to list all possible events that may occur. These include ‘acts of God’, civil amenity failures, and people- and technology-related events.

For example, a list of events to consider are:

• Fire, flooding, building not accessible
• Power outage, A/C breakdown, water sprinklers going on accidentally
• Telephone line down, computer hardware malfunction, software crash

Against each event in the list, we assign probabilities of occurrence and the potential impact of the event on the business. The management then makes a decision on the kind of events that the business is going to protect against and have a continuity plan for.

By identifying critical business functions and events to protect against, the business continuity plan can address how the critical functions can be made available when events occur.

IT DR plan

IT solutions are an integral part of an enterprise and are often critical to the running of a business. Continuity of IT applications is complex and has several components that must work together. A common mistake is to have data replication in place and assume it is a DR plan for the application. This is far from true.

Replication is one ingredient of a successful IT DR plan. The ability to recover data, ensure application-level data consistency, failover the application and redirect clients of the application is essential for successful IT DR. A very critical part of a successful IT plan is regular testing of the failover capabilities of the solution. Regular test drills ensure that the DR solution will work for you when you need it.

Business continuity is a process and not a technology solution. It is not a one-time effort. A plan that will work for you is one that involves the right people, has processes in place and has IT and infrastructure support to keep the business going.

An effective first step is to invest in a plan that gives you the information you need to make decisions. Also, rather than plan for the whole enterprise in a single exercise, it is effective if each department has its own plan. This can then be tied together from an enterprise point of view.

Investment in a secondary site need not be just an insurance policy. Many enterprises have been successful in offloading several offline activities to a secondary data centre. Data warehousing is a good example of an activity that can be done at the secondary site.

In summary, business continuity is no longer an option, but a necessity. A successful plan has people, process and infrastructure to keep critical functions of the business available.

The author is Co-founder and Chief Technology Officer of Sanovi Technologies Corporation