Securing a company’s critical infrastructure used to be about backing up some data and making sure the executive floor had a separate, fast escape route, today things are changing – except for the faster escape route.
Every business in every industry is built on similar principles, but exhibits unique characteristics in the way it takes its products or services to market. A commonality they all have, however, is that there are certain components that go into making a business that they cannot function without.
These components are a combination of people, processes and technology. In every company there is at least one person, certain technology or information, specific business processes and perhaps some infrastructural components critical to the efficient operations of the business. In times of disasters, manmade or natural, if the continued availability of these components has not been catered for, the business could fail.
A disaster could be something as simple as a flooded basement, where your data centre is located. Will you be able to continue operation without technology? It could be a long power failure that sees a food retailer or restaurant losing all the goods in its fridge. It could be crime or terrorism that sees critical employees dead or wounded, or a large part of your staff unable to find transport to work. It could even be a cholera outbreak in a low-income area that kills or incapacitates large numbers of your staff.
In these and many other disaster scenarios, it is crucial for companies of all sizes to have a plan in place to ensure they are able to continue operations with the minimum of downtime. The question is, how does one know what qualifies as critical that needs to be saved?
According to Bradley Janse van Rensburg, solutions design manager at ContinuitySA, the starting point to answering this is to understand your business. You need to firstly know how your company creates value and makes a profit. Then identify the dependencies and enablers supporting these functions and map them to a risk matrix. Once the risks are visible, you are able to make decisions whether to accept or mitigate them.
“Many people in a large number of companies are in a position of not knowing how they fit into the big picture and who they really depend on and who depends on them,” says Janse van Rensburg. “Executives often have a big-picture view on what the company does, but are totally ignorant about how the work actually gets done.”
Know your business
These executives are therefore poorly equipped to undertake a business continuity exercise because they have no idea what people or functionality they need to cater for. Once identified, however, the company can start making plans to ensure its mission critical components remain available no matter what.
Janse van Rensburg advises companies to opt for a third party consultant when developing continuity plans. His reasoning is that business continuity is a complex issue that needs a dedicated specialist to cover all the angles. For example, to make sure a company is never left leaderless, the management team should not be allowed to travel together; single points of technology failure should be eliminated and to preserve business processes, they need to be documented and accessible even if the company’s location is destroyed. An untrained person given the responsibility of business continuity will not know all the options to cover.
It is also critical to document your business continuity plans to ensure they are available to anyone needing them, not only to one person.
“The most important aspect of a continuity plan is testing,” he adds. “Most of the assumptions made in formulating a plan will fail in the first test and need to be tweaked to ensure they work as intended.”
The ideal solution an experienced continuity practitioner can deliver therefore needs to be testable, scalable in both directions to cater for the company’s growth or shrinkage, and it needs to be familiar to staff as they will have to implement it when disaster strikes – sometimes without the support of management.
Paper gold
An often forgotten area when it comes to business continuity is the fate of a company’s papers. Guy Kimble, Operations and IT director of Metrofile says companies store an enormous amount of value in their documents and need to ensure these are not compromised.
As with the larger business continuity discipline, effective document management first requires businesses to know what they have in terms of documents and where they are.
“Corporate documents need to be understood and classified in order to decide where they will be needed and within what timeframes to support business efficiency and effectiveness,” says Kimble. “Corporate documents include intellectual property, patents, contracts, ownership, financial agreements and customer information; all valuable data that cannot be lost due to negligence, disaster or mismanagement.”
Once documents have been classified, the business will be able to ascertain how often they are needed in normal business operations and decide how to store them. It may be that the original documents are archived offsite and only transported to the company in certain instances, while scanned images are used for day-to-day operations; or the digital images are backed up offsite if the originals are needed.
“Document management is more than simply archiving of documents for safekeeping,” says Kimble. “There are many pieces of legislation that demand business documents be kept for certain timeframes, even if not needed by the business. Some of these include the Companies Act, FICA, the Closed Corporations Act and so on. Effective document management will allow companies to archive and forget these documents, but find them quickly if needed, and destroy them when legally permissible.”
Whether dealing with business continuity as a whole or document management on its own, the key for businesses is to understand what they have, what needs to be available and functioning in case of emergencies, and then determine how that is going to happen – and then to test the plan.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version