Puerto Rico is an island with many natural resources and a zone prone to natural disasters: hurricanes and earthquakes are the natural events most threatening to the zone and their consequences for business continuity tend to be catastrophic.
On the other hand, disasters can also have a more private scale and can simply consist of non-planned power outages, the collapse of a specific information system, a malware infection, financial or personal debacle; or something similar.
In any case, natural disasters as well as collapses of critical systems share a common aspect: they compromise business continuity. And the longer they last, the worse the panorama results for the business in terms of financial viability.
On the other hand, natural disasters nor many of the systems collapses or breakdowns can be avoided. They are events that escape everyone’s control and affect everyone. Nevertheless, we can have contingency plans that help us resume operations soon after the disasters occur in any of the areas and scales, and to guarantee a quick business continuity.
Anatomy of Business Continuity and Disaster Recovery Plans
Many businesses face the panorama of the day after without knowing what to do; nor where to start. There is good news for these businesses: Fusionworks has the solutions and the experience to help them get out of the trance and void that seems to occupy everything in that moment.
Likewise, resistance to development and planning for disaster recovery and business continuity must be attacked from education and construction of a new business culture. Let’s see how.
DRP and Business Continuity
Broadly speaking, Disaster Recovery Plans (DRP) refer to the actions and activities addressed to resume the interrupted operations by the unexpected situations.
On the premises of Information and communications technology (ICT’s), such actions cover from the restoration of security copies of servers and/or mainframes up to the rehab of PBX or LAN to continue with the operations of the business.
In this sense, Business Continuity (BC) like DRP are interchangeable concepts because both take care of the processes and procedures to be carried out for guaranteeing that the string of functions in a critical mission is maintained during and after a disaster.
However, business continuity includes short, medium, and long-term challenges and actions to achieve broadening the knowledge base of human talent that is in charge of guaranteeing the organizational success before disaster situations.
In other words, DRP and BC complement and go together with each other to create a business culture towards success even in the most challenging and complex scenarios; but for this, there must be a guide or macro pattern to follow.
DRP Standards and Business Continuity
To join the list of organizations in Puerto Rico that are prepared to keep business continuity in their ventures and minimize the impacts that disasters leave as they hit; the first thing you need to do is to validate your business through some certification.
The pillar norm to guarantee business continuity is Norm BS25999. Nevertheless, it is merely the first and it does not cover aspects of DRP.
Both include different clauses for the development of management systems for business continuity; and the implementation and operation of management systems for business continuity.
Now, if you have a more complete vision and want to comply with both aspects; then your accreditation plan must also include norm ISO/IEC 24762.
This last one covers the rules and guidelines for efficient provision and restoration of ICT’s to guarantee services. This norm has a generic vision and serves as a pillar of guidance, which is why it works for any business or service provider.
Now, all these norms share the same general outline:
- Define Continuity Strategy
- Business Impact Analysis (BIA)
- Plan Design and Development
- Determine Recovery Point Objective (RPO) and Recovery Time Objective (RTO)
- Tests and Maintenance
DRP Principles and Business Continuity
The main question that both approaches should answer is how to avoid or mitigate the impacts of risks and disasters? Although many other questions stem from this first one, the answer starts in the detection and delimitation of critical factors of the business; and in the training of key personnel to address the emergency.
As experts, we propose to fill these concepts in a starting checklist:
Critical processes and factors that assure business continuity
- Determine business potential risks. These must include micro scenarios (power outages, collapse of critical systems, loss of key personnel) and macro (natural disasters, economic meltdown).
- Organization of the processes of each business unit by level of criticality.
- Prioritize and preserve the business functions in charge of delivering products or services.
- Implement alternate routes and mechanisms for the operation.
- Start with a basic level of service and keep adding more functions according to the chronology of criticality of processes.
- Lessen the economic impact of service interruptions.
Training of personnel in emergency procedures
Once you are clear which is your panorama and possible interruptions that you are potentially facing, it is time to train your key personnel to come out the contingency.
In this sense, there are a few things that you must keep in mind: DRP are fundamentally reactive. In this sense, urgency, precision, and the ability to respond under pressure are, more than concepts, state of mind and mood needed that employees in charge of the contingency and business continuity must have.
Likewise, DRP must establish and comply with these procedures for recovering processes and systems:
- Detect and evaluate real suffered damages, including the real magnitude for the business and what it is seen by the client.
- Make and inventory of the minimum systems, resources, and processes needed to restore the service to the levels before the contingency.
- Activate in an ordered and correct manner each phase of the contingency plan with its respective notification.
- Justify and notify the change of order in the implementation of the plan in case that skipping a previously defined procedure applies.
- Delegate; assign and coordinate responsibilities with other authorized personnel to guarantee resumption and business continuity.
Even though Disaster Recovery Plans and Business Continuity are more complex, they are generally ruled by a 4-step planning framework:
- Impact to business evaluation
- Risk evaluation
- Risk management
- Recovery tests
In other entries, we will be detailing the implications that each one of these steps has for your business.
If you need to know more about one of them, contact us! We will be happy to help you conceive your business continuity and disaster recovery plans. Do not wait until a tragedy occurs to start them.