Business Continuity Planning

The best of companies, systems, IT and people will have problems from time to time beyond your reasonable control. This is where Business Continuity Planning comes in and planning ahead allows for calm response and recovery. It is about having a Plan B and Plan C for forseable risks and strategy to handle any not reasonably forseable.

BCP is something to be considered with equal importance to IT security evaluation and implementation. Working towards our goal of 'sleep easy IT' we need to evaluate a client's BCP plans and help create, document and test these where they are not currently in place.

BCP neccessarily spans business (people) and IT processes, and both are equal in importance for planning.

 

Steps proposed:
 

  1. Review Existing Backup and BCP Policy Document(s) – are there new elements to be covered? Are RTOs (Recovery Time Objectives) and RPOs (Recovery Point Objectives) still appropriate for business needs – ie could things be restored in what the business would regard as a ‘reasonable’ timeframe if there was a problem.?
  2. Address any technical measures needed to set backup on points needed to be backed up but not currently / possibly implement external systems replication / server image backup etc.
  3. Help create basic BCP Plan documentation that covers plans in case of typical scenarios.
  4. Help ensure that staff are trained on the BCP systems / technical systems / measures available. For example making sure that staff (if you have it) have the Mimecast Apps for mobile phone / computer in place and know how to use these (or how to access the Mimecast web portal otherwise).
  5. Help test aspects or full run of BCP systems – ie DR Drills to ensure that everything works as expected and any communications / documentation issues / problems can then be fed back to improve systems.  

 

The above steps involve both Client and Onega’s staff time to find the happy balance on all the above aspects.

Outcomes:

  • You will have a basic documented DR plan that staff know about and which allows for better reaction and control in the case of adverse conditions.
  • Board requirements for DR / BCP planning satisfied.
  • Insurers & shareholders / stakeholders are happier.
  • Sleep easier!

 

Time / Investment:

Possible requirements for enhanced backup software / systems to allow for offsite replication and faster recovery of key systems – these are dictated by the outcome of steps 1 & 2 above.

Regarding Onega time we’d propose a number of good man days of time for the project (for a company with up to 50 users 5 days of time might be appropriate but dependent on complexity). This time is spread out over the period of the project and it is important to allow sufficient time to give this the focus the important task demands.

Summary:

Running through and updating / implementing Business Continuity Plans will improve a client's overall risk profile and preparedness for disasters big and small.

We have not set any exact timeframes here as parts may dictate further actions which should be addressed before the next part is completed.

We’re more than happy to discuss any of the above. Please do get in touch as we are happy to discuss your needs and we'd also be delighted to review existing or third party planning to give an independent perspective and opinion.

As outcomes and during an exercise of continuity planning it may be appropriate to implement measures like Managed Server Continuity if you operate in a hybrid IT environment as many companies do these days, or if already in place to make sure these are adequate and sufficient for needs.