Home   |   Resources   |   Avoiding Disasters

Avoiding Disasters

There are steps you can take to lessen your chances of a business interruption. But, in the event that disaster does strike, your response will determine whether your business survives or closes its doors. We look at the practical steps you can take to assess the likely risks and guard against them.

Business Impact Analysis

The first step is to understand your business, how information flows through it and what happens if some or all of that information flow is interrupted. A Business Impact Analysis (BIA) will help you:

  • Determine the critical processes that must be maintained at all costs for continued operation
  • Determine the internal and external services and assets your critical processes require for continued operation
  • Establish the impact in terms of operations, customers, image, finance and staff, should critical functions become inoperable
  • Assess the likelihood of such an impact should critical functions fail
  • Prioritise the recovery needs for critical functions in terms of business assets and technology support
  • Justify an investment in a business continuity (BC) programme.

 

Risk Mitigation

The BIA will highlight what risks there are and the likelihood that they will occur. You can then consider mitigating against these risks, allocating resources according to the likelihood and impact of those risks. For example, power failure is a common cause of disaster so the installation of a standby generator and Uninterruptible Power Supply (UPS) may be justified. Installation of a second generator and UPS to cope in the event that the first fails, may not be justified, but the creation of a switching infrastructure that enables a second generator and UPS to be delivered and connected to the first may be an acceptable compromise.

Risk Prevention

Risk prevention also needs to be embedded within business processes. For example a risk assessment should be conducted as part of a new building procurement process to ensure risks are understood prior to negotiating the lease. This simple and seemingly obvious step is often overlooked; something that is less likely if there is a robust change management process in place within the organisation.

Managing Change

Organisations are constantly changing. When they are small the implications of change are understood throughout the company but as a business grows so do the opportunities for failure if the implications are not communicated effectively.

Change needs to be controlled and business continuity management principles embedded into the business. For example, if a new application is being purchased which is deemed so critical that it cannot tolerate any single points of failure, requires immediate desktop support and an hourly backup regime, business continuity provision should be included in the purchasing process. Moreover, that resource must be appropriate i.e. available within one hour of an outage and tested twice a year.

An ITIL framework, which incorporates change management, disaster recovery and business continuity as core elements, is increasingly being adopted in larger IT dependent companies.

In our experience, human error is responsible for many disasters so change management procedures need to be rigorously enforced, with mechanisms in place to ensure that staff cannot make unauthorised changes.

 

An effective business continuity management programme covers all these aspects.