We all know that downtime is extremely expensive. Disaster recovery has been a common concern for years. However, today, we know that recovering from a disaster may be too long a process and too risky a time frame for overall business success. Business continuity plans, on the other hand, provide some additional information for carrying on in light of a disaster.
The portions of a business continuity plan that you adopt will be based on exposure and available funding and resources. Some companies get together and offer to provide redundant equipment for each other. The newer trend is to outsource a disaster center or a redundant data center. This option, while optimal, is not always fiscally possible.
For business continuity there are important pieces of information and other tangibles that should be stored offsite with your backups. This should include a vendor listing, a listing of all people to be notified, service provider listings, forms that will be needed (including checks), contact information for everyone in the continuity group, all IT personnel, payroll information, etc. The idea is to provide 30 days worth of offsite operations assuming that if your building were completely destroyed, such as in a hurricane, you could find a suitable replacement in 30 days.
Another often-missing component from continuity planning is system logs. This can be a critical component of success when moving forward with continuity operations. There should be several logs including a listing of patches, any problems applying those patches, documentation of all custom code and operating system revisions. This step does not always get the attention needed. For example, you may have enlisted a vendor to help you with a custom solution that was lost after a system restore. Without logs stating who did exactly what, in what order, and what the results are, you are now doomed to repeat the process before you can get your systems online again.
An extension to the need for system logs is documentation of all procedures. The best way that I have found to do this is to have the person performing the work write down each and every task along the way. Then give the written procedures to someone else on staff that is completely unfamiliar with the tasks and have them follow the procedures. When someone has been in a position for a while, they learn how to "work around" the little things that pop up. If you are in emergency mode and this person is not available this area of exposure could cost you. The procedures should include everything from IPL or boot-up to basic troubleshooting. The person that is testing the documentation will be able to identify any missing points. If necessary, hire a temp to follow the procedures (not during a critical time).
Continuity plans should also include security concerns both internally and externally. Bearing in mind that security systems may not be working you will need to protect your assets, including your employees. There may be some overtime involved for security personnel, but you are most vulnerable when you are down. Keeping in mind that most security problems are internal, you will want protection on both sides of your firewall and for all of your systems. Opportunity is all that is necessary – you do not want to give anyone that opportunity.
You will also want some project teams. This is not an IT only task. This is, in my opinion, the greatest area of exposure for any company. Ideally, an IT department is like the Maytag repair man. Regardless of how much work is done behind the scenes and on a day to day basis, if everything is working well, IT is out there, but not very visible. When things go haywire, there are a lot of people that will blame their shortcomings on the IT department. It isn't right, but it certainly happens. Each and every department should have someone involved in the continuity plan. Each department should have tasks, notification procedures, and logging requirements or a company will scramble for days, weeks, or months trying to place blame, catch up and point fingers.
Being proactive is always better than being reactive! For information on how to receive key points for a business continuity plan, attend the Networking Decisions conference. This is a short article making it difficult to cover everything here, but we will be providing more information in the session "10 Things to do to Avoid Downtime", and trust me – these are NOT the things you might already know. Hidden factors, hidden threats and new insights are provided. I look forward to meeting you all there.
Carrie Higbie, Global Network Applications Market Manager, The Siemon Company
Carrie has been involved in the computing and networking industries for nearly 20 years. She has worked with manufacturing firms, medical institutions, casinos, healthcare providers, cable and wireless providers and a wide variety of other industries in both networking design/implementation, project management and software development for privately held consulting firms and most recently Network and Software Solutions.
Carrie currently works with The Siemon Company where her responsibilities include providing liaison services to electronic manufacturers to assure that there is harmony between the active electronics and existing and future cabling infrastructures. She participates with the IEEE, TIA and various consortiums for standards acceptance and works to further educate the end user community on the importance of a quality infrastructure. Carrie currently holds an RCDD/LAN Specialist from BICSI, MCNE from Novell and several other certifications.