Triware Networld Systems 

19 Years Of Around The Clock Superior Network Systems Service & Support!

 

Home
Solution
Technology
Service
Support
Client
Partner
Career
Events
News
   Back ] Up ] Next ]
 
   

 

Business Continuity Plan

When most companies hear “Information Technology (IT) disaster recovery,” they think of data recovery and off-site data storage. And even while most companies do not even have a sound data backup or off-site data storage, having both is only the beginning of disaster recovery.

While it is critical to have a sound backup and off-site data storage strategy, it takes a lot more to recover from a real disaster like Hurricanes Katrina and Rita.

Recovering from a major disaster is like building a new company from the ground up in an expectedly shorter period of time – short enough so that the business still has a chance of keeping its customers.  Detailing the entire scope of a Business Continuity Plan would take up more time than we have, so we are going to concentrate on the most vital aspects of major disaster recovery as they relate to small- and medium-sized businesses.

A major disaster implies the destruction of all major infrastructures of a business including but not limited to its IT infrastructure.

According to Gartner Group, an industry consulting firm, two out of five companies that experience a catastrophic event or prolonged outage end up shutting down for good. And of those that do, one out of three goes out of business within two years.  That means a full 60 percent of all organizations affected by a major disaster go out of business for various reasons, including the cost of trying to resume operations and losing the goodwill of customers.

One of the most unfortunate realities is that most small- and medium-sized businesses do not consider IT as a critical part of their business, judging from how IT is being managed in most of them – always from a cost standpoint.  IT should really be viewed as a competitive advantage for any business, specifically from a revenue standpoint.  While IT in itself cannot make the business, a well-run IT operation can and has delivered the difference in any successful business operation.

The point here is to have a successful IT disaster recovery strategy and involve IT planning from the very beginning of a business operation, not as an afterthought.  The real question one must ask is: what would it cost the business if all IT-related operations ceased to exist one day.  The same is true with any IT design, operation and decision-making; disaster recovery should be part of the life cycle of any sound IT operation.  IT disaster recovery certainly is not the entire Business Continuity Plan but, without the IT aspect, most Business Continuity Plans would not be complete.  And increasingly speaking, for certain businesses, having a sound IT disaster recovery plan alone may keep it running or at least provide enough operational support to buy time for other aspects of the operation came back in line.

So what kind of disasters are we are talking about here?

Well, below is a list of the possible disasters published by Agility, a disaster recovery firm. I have also added a few of my own. And as you can see, not all of them are featured on the Weather Channel:

A/C Failure
Acid Leak
Asbestos
Bomb Threat
Bomb Blast
Brown Out
Burst Pipe
Cable Cut
Chemical Spill
Telco's CO Fire
Condensation
Construction
Coolant Leak
Cooling Tower Leak
Corrupted Data
Diesel Generator
Earthquake
Electrical Short
Epidemic
Evacuation
Explosion
Fire
Flood
Fraud
Frozen Pipes
Hacker
Hail Storm
Halon Discharge
Human Error
Humidity
Hurricane
HVAC Failure
Hardware Error
Ice Storm
Insects
Lightning
Logic Bomb
Lost Data
Low Voltage
Microwave Fade
Network Failure
PCB Contamination
Plane Crash
Power Outage
Power Spike
Power Surge
Programmer Error
Raw Sewage
Relocation Delay
Rodents
Roof Cave In
Sabotage
Shotgun Blast
Shredded Data
Sick building
Smoke Damage
Snow Storm
Software Error
Software Ransom
Sprinkler Discharge
Static Electricity
Strike Action
Sun Storm
Terrorism
Theft
Toilet Overflow
Tornado
Train Derailment
Transformer Fire
UPS Failure
Vandalism
Vehicle Crash
Virus
Water (Various)
Wind Storm
Volcano

So when do we begin to plan for any kind of disaster? Now and today and every day!  The Chinese have a saying: “If one does not have anything to worry about today, one will have a lot to worry about tomorrow.”

Just think for a moment about what would happen if the office you are in right now is no longer available tomorrow.  Will you still be able to operate your business the way you are today?

For most companies, the answer is a resounding, “No.”  Then, the next question is do you care?  If the answer is, “Yes,” then read on.

Almost all companies need certain tools, data, communication means, employees and facilities they need to function as an organization and carry out their mission.  Last but not least, a business requires a well-defined and communicated emergency procedure that everyone within the organization fully understands and is capable of carrying out.

Having backup data is not going to do the company much good if there is not a server to restore it to and a place to store the server and an IT engineer who knows how to restore the data and bring the server back in line.

Business Continuity Plan Key Elements Matrix

 

 Key Elements

 

 

Examples 

 

Facilities

 

 

Data center, call center, work area, warehouse, office, etc.

 

Communication Means

 

 

Phone lines, T1/PRI circuits, DSL lines, satellite links, wireless Connections, including cell phone connections, etc.

 

 

Tools

 

 

Computers of all kinds, printers, copiers, laptops, fax machines, PBX, phones, etc.

 

 

Data & Information

 

 

Customer database, financial database, payroll information, HR information, etc.

 

People

 

 

People of all skill levels that are needed to keep the organization functioning. People within the organization know how to use the communication means available to reach each other.

 

 

Procedures

 

 

A well-defined and communicated procedure and playbook for the organization to follow in the event of disaster.

 

Below, is the same Digital Information Protection Matrix we’ve published with our white paper titled Digital Information Security.  It shows how certain levels of disaster recovery plans are possible for an organization to recover from a major disaster.

Digital Information Protection Matrix

 

 

Security

 

 

Backup

 

Remark

 

Digital

 

ü

 

û

Firewall, Authentication, Encryption & Ongoing Audit

 

Physical

 

ü

 

û

Human Resources Screening, Physical Access Protection & Ongoing Audit

 

Local (Hot)

 

 

û

 

ü

Local Hot Backup Resource For Immediate Recovery

 

Local (Worm)

 

 

û

 

ü

Local Worm Backup Resource For Quick Recovery

 

Local (Cold)

 

 

û

 

ü

Local Cold Backup Resource For Recovery

 

Remote (Hot)

 

 

û

 

ü

Remote Hot Backup Resource For Immediate Recovery

 

Remote (Worm)

 

 

û

 

ü

Remote Worm Backup Resource For Quick Recovery

 

Remote (Hot)

 

 

û

 

ü

Remote Cold Backup Resource For Recovery

Hard Copy (Local & Remote)

 

û

 

ü

Local & Remote Hard Copy Resource For Recovery

In the Information Technology business, we must always be prepared for the worst. And our Information Technology infrastructure, design and procedures should reflect a similar value, while keeping in mind our day-to-day needs, regulatory compliance, disaster recovery abilities and resources.  There is no perfect Business Continuity plan, nor is there perfect digital information protection. But we should give ourselves the best chance we have of surviving small- and large-scale disasters, manmade or natural.

The question is no longer whether it will happen but when it will happen.  And the answer is: when we’re least prepared.

Just ask the Federal Emergency Management Agency (FEMA). FEMA predicted that three types of disasters would hit the United States: (1) A terrorist attack in a major US city, (2) A Category 4 or 5 hurricane hitting New Orleans, and (3) A major earthquake hitting California.  FEMA even ran simulations on some of the scenarios, including the hurricane in New Orleans.  So far, two of the scenarios have proven true, and we have all seen the same results. We’ve all heard the reports of lives lost and properties destroyed.  But what is less visible and underreported is all of the digital information lost during Hurricane Katrina.

Now, consider a major terrorist attack on the Internet or another technical breakdown in the Internet infrastructure. This may be more likely to occur at some point than other disasters.

So, are we ready?

By Benson Yeung, Senior Partner

Benson Yeung Biography

Since 1991, Mr. Yeung has consulted on IT and business related issues to over 300 small, medium, and large Bay Area organizations. He also contributes articles to the Loral Computer Special Interest Group, Microsoft Project, Silicon Valley Computer Society monthly newsletter and other nation-wide publications. During the past 20 years, he has spent a significant amount of time in IT security fields and has a deep understanding of the state of IT security issues and has developed frameworks and best practice methodologies for the field.

Mr. Yeung’s client list includes Flextronics, HP, Levis-Strauss, Loral, NeXT Computer, New York Life, Stanford University, Symantec and many other companies. Mr. Yeung also works closely with various VC firms and startups in the Bay Area as a Technology Advisor, IT & Operations Consultant. Mr. Yeung has a B.S. degree in Computer Science from Arkansas State University. He is also a Microsoft Certified Trainer (MCT) & System Engineer (MCSE).

Back to Top

Information Request Form

Sign up for TNS News Letter

Information Request Form

Select the items that apply, and then let us know how to contact you.

Request a Senior Partner contact me
Request a Web Meeting and / or Web Demo
Subject
Name
Title
Company
Address
E-mail
Phone

Business Partners

     

© Copyrights Triware Networld Systems, L.L.C. ® 1991-2010