The Christchurch earthquake at the weekend and the current floods in Victoria are a timely reminder for IT management to dust off its disaster management plans and ensure they are up to date and effective.
Here, Computerworld Australiapresents the best business continuity advice from some the industry’s best professionals.
Gartner’s tips for business continuity management (BCM)
- Executive management commitment is required for the business continuity management (BCM) program
- Business units must develop their own BCM plans
- BCM plans must follow a standard process and formality and not be done on an ad hoc basis
- BCM plans must be developed to cover a longer outage time frame
- BCM plans must be regularly exercised
- Develop a structured framework of BCM plans
- Keep BCM plans relevant to their purpose
- Provide relevant information in BCM plans to facilitate recovery within defined recovery time frames
- Establish a central repository and administration process for BCM plan maintenance
- Use automaton to mature BCM plan management
Business Continuity: a checklist
Mark Deguara, Emerson Network Power
- Is your disaster recovery location susceptible to the same issue that has caused your requirement for it?
- Has your disaster recovery location got the capability of supporting your IT requirements for an extend period of time?
- Do you test your disaster recovery procedure regularly — both in terms of the critical infrastructure and from an IT perspective?
- Ensure your staff are familiar with the disaster recovery procedures and, if it is an offsite location, make sure they know how to get there and what equipment is there.
- If you have best practices in your main facilities, ensure you implement best practices in your disaster recovery facility. If and when it is needed, it better work (eg cold aisle/hot aisle configuration, redundancy as required, battery autonomy to support the load, precision air conditioning, and so on)
- Monitor, monitor, monitor — as you need to be able to know the status of the DR site as much as you need to know the status of your main site
- Consider managed power rails so critical items can be powered up remotely as well as being monitored
The law, the brand and security
Business continuity plans are not a business differentiator, says Stephen Hopkins, head of security practice at BT Global Services, Asia Pacific. “Everyone has to do it.”
But in some cases it goes further than a good and sensible thing to do; it is a requirement, a compliance issue that you are legally, contractually or morally obliged to perform.
“For some organisations, like essential and financial services, there could be legal and regulatory requirements on top of best practice.”
The legal obligations also extend to the supply chain and customers. Partners and associates both upstream and down expect you to be available to do business, and do it effectively and ethically. “Just because you’re going through a disaster, you can’t start exposing customer records,” Hopkins says.
Dean Redman, Australia New Zealand country manager for IT security hardware and service supplier Sonicwall, points out that there are also brand protection issues.
“You need to ask: how much do you protect yourself? What does it do to my brand and company reputation if I have a disaster, or my plans are revealed? Be careful what you reveal about your organisation and your plans, and who to.
“Social media raise many issues of security and revealing too much about your business continuity planning. Likewise, be aware of phishing to gain background information. All of this can lead to denials of service or worse, cyber terrorism or blackmail.”
Read more about how CIOs approach business continuity in Dealing with disaster