10 Lessons to Strengthen Your Business Continuity and Disaster Recovery Plans
August 25, 2011 12:00 AM
Vangelis Thomaidis
Lesson No. 10: You Must Protect Your Sensitive DataNo Matter What the Circumstances
Companies in highly regulated industries such as health care and financial services must protect their sensitive data no matter what the scenario. You must plan for a wide range of situations to protect against theft or loss of any personally identifiable information or other sensitive data. You must encrypt or envelop sensitive information stored electronically or avoid local storage of sensitive data altogether through the use of remote access technologies, such as virtual desktop infrastructure or application virtualization. (Source: Forrester)
Lesson No. 9: Re-evaluate Your Site Strategy
Selecting low-risk geography for the location of corporate headquarters, data centers, and other facilities can often mitigate risks related to weather and geography. However, many organizations continue to co-locate their headquarters with their data center locations even if its not the lowest risk region. Where does your data center need to be? Most companies feel more comfortable with their production data center near their corporate headquarters, but they dont necessarily have a valid business reason for doing so. In the future, companies will need to strongly reconsider the geographic locations of corporate facilities and data centers in order to reduce risk.
Lesson No. 8: Develop Robust Communication Strategies Using Multiple Modes
Many companies, if they have communication plans at all, still rely on manual call tree lists. The effectiveness of manual call trees is questionable even under normal conditions, but they become almost futile if you want to communicate with thousands of employees at a time of crisis when many telecom and mobile services are unavailable. The good news is that Internet access can still be available, allowing calls to be made with VoIP, correspond via email and instant messages, and use social networking sites such as Facebook and Twitter. Forrester recommends using multiple modes of communication and, ideally, automating them, as well as leveraging social media to your advantage. (Source: Forrester)
Lesson No. 7: Remember that Your Employees Are People First, Employees Second
Your plans need to focus on the long-term physical and mental health and safety of your employees, and they must include creative options for short-term staffing. In a major crisis, you must assume that your employees are first and foremost concerned with the health and safety of themselves and their families. Also, even after they have ensured that their families are safe, you cant assume that psychologically, your employees are ready to come back to work. (Source: Forrester)
Lesson No. 6: Form Partnerships With Others in Your industry
Establishing agreements and contingency plans with suppliers, partners, and even competitors in the case of a disaster could prove invaluable. In certain industries, you should consider industry-wide preparedness agreements and partnerships in the case of emergency to help mitigate the loss and business risks associated with natural disasters. (Source: Forrester)
Lesson No. 5: Validate the Readiness Of Your Critical Partners And Suppliers
Third-party relationships can have a massive impact on your BC/DR plans. For example, most organizations have diesel generators for backup power at major corporate locations and data centers. However, most organizations only store enough fuel for two days. Those organizations without another reliable supply chain for fuel can find themselves out of luck. Few businesses work in isolation. Many of Forresters larger clients tell us that they have more than 400 third-party relationships. You should work with your counterparts in sourcing and vendor management during vendor selection and ongoing vendor management to validate a partners BC/DR readiness. You should also consider these partner relationships throughout the entire BC/DR planning life cycle, even including partners in testing. (Source: Forrester)
Lesson No. 4: Prepare For the Loss Of Critical InfrastructureEspecially Power
How prepared are you to deal with the loss of critical infrastructure? Do your continuity plans rest on the assumption that the government and utility companies will be able to immediately restore power? Forrester finds that many organizations write their BC/DR plans with the assumption that critical infrastructureaccess to power, fuel, clean drinking water, Internet, telecommunication services and mobile networkswill be available. Your plan should include contingencies for scenarios in which that isnt the case. (Source: Forrester)
Lesson No. 3: Plan For Risk Scenarios With An Extended Duration
Many BC/DR professionals create plans that address the immediate response to an event, and assume a return to normal operations after several days or a week. However, most companies Forrester interviewed after Japan's natural disasters stated that it took at least two weeks before normal business operations resumed, even in largely unaffected areas. How long could you remain at your alternate site? How long could you operate with reduced staffing levels? Answers to these questions should be part of your BC/DR plan. (Source: Forrester)
Lesson No. 2: Consider Cascading Events When You Analyze Your Risk Scenarios
Your risk assessments should consider not just the probability and impact of the primary risk event, but the subsequent events it might trigger as well, such as transportation disruptions on a large scale, food and energy shortages, etc. Your BC/DR plans will therefore include different recovery and contingency plans depending on how the events