Restoring information systems in the event of a disaster is an essential element of risk management, not just IT. But, having IT systems recovered without restoring business operations is of little value. It is equally important to restore key business processes, maintain communication with key stakeholders, and ensure the ability of personnel to work. Business leaders have begun to recognize the importance of business continuity to the enterprise, but consistent implementation appears to be a challenge.
Business continuity planning of some sort is common, but many business leaders still overlook the need for a formal business continuity plan that is continually reviewed and maintained. As shown in Figure 3 from our full report, Business Continuity Planning Best Practices, 87% of organizations practice business continuity planning at some level (the green bars), but only 25% do so formally and consistently.
Business continuity is a comprehensive program designed to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that require access to these essential operations. Many major activities and subsets comprise business continuity planning, including disaster recovery planning, work area recovery, and data backup. To be practiced formally and consistently, business continuity planning should include regular updates to the plan, testing of the plan, a mechanism for introducing changes as business processes or systems shift, and other key factors outlined in the full report.
Business continuity planning is still a fairly new practice, which may account for its consistency challenges. Fortunately, dealing with the most probable incidents is feasible without wasting too much time, money, and resources. Therefore, continuity planning should be a top priority.
“Business continuity planning actually plays a major role in risk management,” said Waynelle John, research analyst for Avasant Research, based in Los Angeles. “So, business leaders should adopt a holistic view of the organization and stop seeing continuity planning as an IT-only exercise.”
Additionally, business continuity plans must be maintained and tested as part of the daily business operations. Failure to do so may result in a complete breakdown of the enterprise, particularly if key personnel have not practiced the execution or if the plan is ineffective under the pressures of real-world events. Even if an organization survives, significant disruption and financial loss are likely. A short-sighted view could result in the successful recovery of IT systems, but the organization may still face the risk of going out of business.
IT leaders should remember that business continuity planning is an iterative activity to determine the methodology for re-establishing key business functions. The plan should be continually refreshed as the business changes. Ideally, the business continuity plan should be seamlessly integrated into the organization’s daily operations, becoming vital to its day-to-day business practices.
In the full report, we first look at adoption trends for business continuity planning by organization size and sector. We also discuss the elements that every business continuity plan should contain and the steps IT organizations should take in establishing such plans.
This Research Byte is a brief overview of our report on this subject, Business Continuity Planning Best Practices. The full report is available at no charge for subscribers, or it may be purchased by non-clients directly from our website (click for pricing).