Tom Olzak

Posts Tagged ‘what is business continuity’

Give business continuity a chance…

In Business Continuity, Computers and Internet, Disaster Recovery, Risk Management on October 16, 2010 at 11:25

Business continuity is the practice of understanding critical business processes and ensuring their availability.  Disaster recovery is a component of business continuity.
Understanding business processes includes answering the following questions:

  1. What are the manual tasks that support the process?
  2. What are the human and technical resources necessary to enable the process?
  3. What other processes feed data to or receive data from this process?
  4. Is it reasonable and appropriate to build redundancy into the system?
  5. What is the maximum tolerable downtime of the process (how long can the process be broken without causing irreparable harm to the business)?
  6. Based on current capabilities, what is the recovery time if one or more of the components is broken or missing (including processes that feed this process)?
  7. Based on current capabilities, what is the recovery time following a catastrophic event (disaster recovery)?

It takes a group representing a cross-section of the organization to answer these questions.  Note that the planning is around processes, not systems.  Processes are enabled by systems and manual tasks.  For example, questions 4, 6, and 7 should include manual workarounds if automated tasks fail.  (A process is something like processing payroll with expected outcomes including checks for employees, tax payments, etc.)

Once the questions are initially answered, a remediation action plan is created to mitigate risk (shorten recovery time).  Risk mitigation takes two forms: interim and long-term.  Interim mitigation includes workarounds to enable critical outcomes while recovery tasks are performed.

When the action plan is complete, the team should once again answer questions 6 and 7.  If recovery times are not shorter than maximum tolerable downtime, additional remediation steps should be identified.  This cycle repeats until maximum tolerable downtime exceeds recovery time.

%d bloggers like this: