From the beginning of time, where there is people and especially people who conduct business, there is an opportunity for financial loss due to some type of business interruption. In ancient times, businesses could be impacted by war or plague. These seemed to be the worst case scenarios. However, when these events happened they affected millions producing a severe impact on both those ancient societies but in particular the business communities at the time.

Fast forward several thousand years. We enter the industrial revolution and the information age. There is more knowledge now than any time in history. Communications has never been so instantaneous with the use of the internet, science innovation is exploding, people are living longer than any time in history. There is also more political dialog between all nations on earth. Yet we still can’t see the obvious. At some point, your business WILL be interrupted by some type of catastrophe. Whats even worse is we spend very little time protecting the institutions that pay our mortgage or put our children through college, the time or money necessary to protect the continuity of the businesses in the event of a disaster.

Granted there are many types of disasters. Some measure a disaster by how big the D” (for disaster).  Some look at the small d”s as not consequential. Some say they only care about the big D”s that globally affect the organization. This is a matter perception. Business continuity is certainly not a cliche. This is a term that has a lot of meaning for modern businesses today that will decide if, in the event of an emergency, if your organization will survive or not.

Business Continuity (BC)

So the question is what is business continuity? Not to be confused by disaster recovery (DR) which we will talk about in a different article; Business Continuity is a proactive approach which in simple terms is the ability of your organization continue normal operations if the event of some type of interruption to the business.  In IT terms, this is the ability to ensure the continuance of applications that drive business revenue. Some say these are mission-critical applications. These are usually local recovery these applications in which the data center is still functional. So this would require protection from application issues, hardware failures, and human errors.

“If no revenue is assigned to an application, can it be considered mission critical?”

Some will debate the validity of this statement, but even if it is said…a medical application that keeps people alive at the hospital may be considered an intrinsically mission-critical application. At some point, that application can be traced back to revenue.  Keeping people alive is what hospitals do as a business to generate revenue. They are not doing it for free. So revenue generation from systems are directly tied to revenue or have intrinsic value are what needs to be protected. Therefore direct revenue is not always a means to determine the value of an application. So my point is, you have to look at all IT systems across the business to determine if an IT Business Continuity plan is required for them.

How to Implement Business Continuity?

Its usually comes in the form of an IT Business Continuity Plan (BCP). Business Continuity incorporates a plan that assumes that at some point the end will come at least some IT systems by some accidental or nefarious events.

Now some Business Continuity events can be planned. This means we anticipate an event happening and we actively planned to shut down IT systems to accommodate the incident. A good example of this is the installation of a new UPS system or generator into a DC. This type of event could require the that IT systems be shut down which they are wired into the new power system.

Other events are not so predictable despite in some cases millions of dollars of proactive planning. The average corporate IT environment is ridden with disasters of various dimensions and severities. These are just facts of life. Let’s now consider a few.

Loss of Data Due to Human Error

I worked for a large manufacturer many many moons ago. I was the email architect at the time for them. They ran cc:Mail back in the day (I’m probably showing my age). It happened that one day one of the infrastructure administrators accidentally deleted the share that had 28 post offices on it. This obviously created a major service interruption for many hours where no email was flowing across the enterprise. They restored the post offices from backup. This, in fact, was a Business Continuity event.

Financial Loss to Hardware Failure

Not so long ago a customer of mine was a not-for-profit NGO. They received most of their revenue was via a web server that took online donations to a sum of seventy thousand dollars per day. One day they had a total hardware failure and the website was offline for three days culminating a loss of two-hundred and ten thousand dollars not to mention a loss of credibility to their clients. This, in fact, is a Business Continuity event.

Critical Systems Offline Due to Application Configuration Changes

There was a client that had a mission-critical application that manages a critical communications network infrastructure. Even with planning, they made a full network change that causes a major outage that affected thousands of customers. It took a few days to figure out what software change caused the issue and return the network to normal operating conditions.

These examples are just a few Business Continuity events that happen every day. So the question becomes, what can an IT organization do to protect itself against these types of events? PLAN, PLAN, PLAN and then TEST, TEST, TEST!

A Business Continuity Plan is the only sane way to manage these types of events. Yes, this is not an easy endeavor when you think about what could happen to your IT organization. That’s the beauty of the plan, it allows you to think of what could happen and produce contingencies for them BEFORE the next the event happens. It takes a commitment from an organization to do this in terms of time, effort and money.

A future article will discuss how to implement and IT Business Continuity Plan.

Leave a Reply

Your email address will not be published. Required fields are marked *