Every organisation must address the need for business continuity and disaster recovery planning, regardless of size, revenues, or number of staff. However, many CIOs struggle to convince business leaders to dedicate money and resources to BC/DR regimes and implementing the risk-mitigating strategies. Often this is because the impact to the business of potential downtime is not known. It only takes one major disruptive event to significantly damage an organisation’s reputation and finances. For that reason, whether you use a cloud provider or in-house resources, it’s important that business continuity challenges are faced head on to ensure your organisation is as well prepared as it possibly can be.
A critical first step to define and implement an optimal IT Continuity regime for your organisation is a Business Impact Analysis (BIA), which we explain how to do in our new eBook [download it here]. This identifies the business’ most crucial systems and processes and the effect an outage would have on the business. The greater the potential impact, the more money an organisation should spend to restore a system or process quickly.
Facilitating business/IT alignment
It is important for CIOs to understand – and communicate to executives – that business continuity and disaster recovery is ultimately not about technology. While technology is a key component in making sure BC/DR programs are effective, it’s more about the people and processes, and the planning process should involve all business units. IT should be seen as the facilitator, but is certainly not the only component being reviewed.
A BIA workshop identifies an organisation’s recovery capabilities should disaster strike, defined through Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). These are determined by reference to the impact on the organisation of interruption of business processes (and loss of recently entered data): they are not determined in any way by reference to technology. The technology comes later – it’s what enables the RTOs and RPOs to be achieved. The focus of the BIA workshop is therefore on business processes and risk management. Technology is barely mentioned until the final pulling together of the outputs and mapping them to IT systems. As such, a BIA workshop requires business and IT leaders to work together to determine what kind of plan is necessary and which systems and business units are most crucial to the company. Together, they decide which people are responsible for declaring a disruptive event and mitigating its effects.
A BIA workshop allows the executive management team to see the number and complexity of systems in play, and to have a much deeper understanding of the criticality of IT in enabling the business to function. This is a valuable outcome, both for the IT team and the rest of the business. Aside from the fact that everyone likes a bit of kudos, it makes it more likely that IT will become an integral part of strategic business planning. It will be seen for what it is – a critical enabler of the business. That in turn will mean that the organisation will receive the full benefit of an IT team that is fully aligned with – and a major driver of – the overall direction of the business.