News Archive

Guide To Business Continuity Planning

by msecadm4921

Ian Masters, sales director at Double-Take Software, provides a guide not just on business continuity planning, but why it is vital to your company. He discusses that while most businesses are aware of the need for business continuity planning to ensure staff safety and the restoration of office facilities in the event of a disaster, far fewer have considered what can be done to ensure that access to data in the event of a disaster will not be compromised.

While critical information is the lifeblood of every organisation, small companies often spend more time planning their company picnic than they do for an event, which could put them out of business!

Certainly, the threat of terrorism has never been more apparent, and changes to the environment have also meant that unpredictable conditions are virtually the norm – who can have imagined that a sustained heatwave would cause a power outage across central London, for example? But even the simple error of kicking a power cord loose can cause a server to halt and related E-mail and internet access to crash. At best, you could expect to suffer financial loss through the forced downtime. At worst, your business would be forced to close.

Yet, by implementing a few short and long-term solutions, you can help prevent your business from becoming one of these grisly statistics.

Getting started

Getting your data in order by formulating a disaster recovery plan is just one component of an overall business continuity strategy, which can take years to implement. The biggest hurdle many businesses face is simply getting started – like any new regime, the first step is always the hardest! But by breaking the task down into bite-sized chunks, you’ll soon have a solid basis from which to begin.

The business continuity plan has to focus on people first and foremost – while property can be replaced, people cannot – and a viable evacuation plan is crucial. Only when appropriate strategies for minimising the people impact of a disaster are formulated, can you turn your attention to creating a plan for the rest of the business. This must include planning for relocation, establishment of temporary offices, telecommunications, remote access and other necessities to return to business as usual.

In addition, it must encompass information and data, often spread between different locations and remote offices, with the following key considerations:

1) Identify those systems and resources that are critical to your business and protect those first. Set priorities to help bring the business back online as rapidly as possible.

2) Get your data out of the building – even if it requires being restored to a different location, at least it will be available.

3) Calculate the cost of downtime which will help you to set priorities – and remember that ‘cost’ is not just lost revenue, but the overall impact its loss can have on enabling the business to meet its employee, customer, legal and financial obligations.

4) Storing data on tape archives may not be sufficient for all of your applications, and it can be a lengthy process to rebuild a system from tape. Other solutions, by using data replication, can provide near-zero data loss and a rapid return to recovery.

5) Continue to build and test your plan continuously. Allow for different scenarios – from hardware failure through to environmental disaster, ensure that procedures are documented and that everyone knows what their role is in the event of a disaster.

Don’t wait until you have a complete plan in place to start implementing it. The quickest and easiest way to start is to get the data offsite and to a different geographic location. Maintaining an easily-accessible copy of your data at a remote facility will enable you to recover and regain productivity as quickly as possible. You should prioritise what keeps your business going – E-mail, web servers, databases – and protect the most critical first.

Acceptable recovery times

A tape-based replication system may not be enough to enable critical functions to resume and it is useful to analyse both the Recovery Point Objective (RPO) and the Recovery Time Objective (RTO). For some applications, recovering data from yesterday or even last week may be OK – in which case the RPO would be days or weeks – but for others zero loss is acceptable. RTO is the amount of time a system can be down and not available to users or customers – establish whether you can survive for a few minutes or days. Both factors will help determine the right priorities and enable the correct solution.

The limitation of tape back-up is that the recovery point only extends to the time of the last back-up – typically a day or more ago – and recovery time is generally a day or more, as tapes must be retried and data restored. For most businesses, these are not acceptable levels for their systems. Real-time replication solutions provide virtually no data loss and allow for immediate system and data availability. There are various options, including host or hardware-based solutions with asynchronous and synchronous replication. In general, however, host-based replication is often more cost-effective and flexible. According to Gartner, 75 per cent of large enterprises will combine data replication and tape technology for rapid application recovery.

You project plan should be a living document, reviewed, updated and modified continuously as the implementation progresses. Don’t take the shortcut of assuming that everything needs the same level of protection, as this can leave some systems insufficiently protected or simply never be implemented due to insurmountable costs. Testing the plan provides an excellent way of assessing progress and is a useful training vehicle for the entire company – the last thing you would want is for your first test to be when you have an actual outage!

Summing up

It is vital that companies dedicate time to formulating their business continuity and disaster recovery plans – it is after all what amounts to an insurance policy for your business. If you don’t feel that you have the appropriate expertise within the company, outside organisations can be called upon for assistance – the important point is not to delay preparing for the unexpected, it is bound to strike when you least expect!

About the expo

Double-Take Software will be exhibiting at the Business Continuity Expo and Conference at EXCEL Docklands on April 2 and 3, 2008 an event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company’s interests before during and after an incident.

Related News

  • News Archive

    Breach Of Privacy Rules

    by msecadm4921

    The Information Commissioner’s Office (ICO) has served enforcement notices on SAS Fire & Security Systems Ltd and Direct Response Security Systems Limited.…

  • News Archive

    Kitemark Duo

    by msecadm4921

    Distributor ADI-GARDINER (UK) has awarded the BSI SP203 Third Party certification and Kitemark licences/certificates to two North West fire security companies, Oldham…

  • News Archive

    Convenience Date

    by msecadm4921

    At the Autumn Crime Prevention Forum in London on October 12, retailers can expect to hear from industry speakers on issues like…


Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing