Business continuity is not about creating a sense of insurance, but rather to mitigate the risk of catastrophic downtime that may result from any number of possible disaster incidents. As such, it is important to recognize that business continuity is one component of an organization’s overall risk management strategy for emergency/crisis preparedness.
Emergency preparedness consists of three very distinct areas:
- Emergency action is the sequence of steps taken immediately following and in response to an incident.
- For the purposes of this discussion, business continuity refers to the steps that follow to restore the people, places, and/or non-technological resources and/or processes that were affected by the incident.
- IT disaster recovery refers to the steps that follow the interrupting incident to restore the technology-based resources.
Together, these form the three-legged stool of emergency preparedness. If any one of these is underdeveloped or not tightly coupled with the others, the organization will fail to realize the full potential of mitigating catastrophic downtime.
To illustrate: in the event of a network intrusion, the first reactive steps should be driven by the network intrusion emergency action plan. As that action plan is implemented, there is a good probability that one or more business processes will be impacted, activating a corresponding emergency action plan or plans. Should the initial intrusion incident continue beyond a predetermined limit, it may be necessary for IT to declare a disaster and activate their disaster recovery plan. Additionally, business users may find it necessary to draw on elements of their own business continuity plans for the processes and procedures that will allow them to continue operations without access to their IT resource(s).
Too often organizations will develop their emergency action, business continuity and IT-disaster recovery response plans independent of each other, overlooking the need for these plans to ultimately perform as one. It is true that each of the three plans can be very demanding to conceive and produce, and linking the three together can be a somewhat monumental task — especially if the three have been developed by independent departments. The solution to this conundrum is to realize, and accept, that all three are components of the overarching organizational risk management program, and treat them as such by appointing a single person or committee to oversee the overall program that is directed by an organization emergency preparedness policy.
Sirius employs highly certified IT consultants who are experts in business continuity that extends beyond the data center to include your entire organization, protecting your business from natural and man-made disruptions and catastrophes. They can evaluate your preparedness for different types of emergencies, and develop a response plan that includes your IT, HR and physical resources.
To learn more about emergency preparedness program services, workshop, assessment and roadmap services from Sirius, download the Business Continuity Services chapter of the Sirius Services Catalog.