SunGard Availability Services Addresses Five Business Continuity Myths
Business continuity preparedness means having a living program - which is continually validated, communicated, tested, updated and improved.
Without a business continuity program in place, even a minor disruption to systems, facilities or other key resources can potentially halt operations, impact customers or harm the financials of an organisation, according to SunGard Availability Services.
"It is essential for organisations to understand how an unplanned outage would impact their business and know the steps they need to take to respond effectively," said William Hughes, Director, Consulting Services BC/ DR practice, Center of Excellence, at SunGard Availability Services. "You have to take a holistic view of not only threats to availability but also threats to your business continuity program's continued viability."
"A business continuity program should be built around realistic situations and assumptions, and incorporate preventive and reactive measures. It also should have a built-in means to drive continual improvement and focus beyond just continuity planning – also addressing organisational awareness and preparedness. Some organisations, unfortunately, may have misplaced confidence in their preparedness, which could lead to weaknesses being exposed at the worst possible time – during a business outage or disaster," said Hughes.
In advance of Business Continuity Awareness Week, which takes place March 22 to 26, SunGard Availability Services explores five business continuity myths and the lessons organisations can learn from them. The business continuity myths are:
* It's all about natural disasters. While natural disasters, such as hurricanes and earthquakes, garner the bulk of attention, industry research shows power failures, IT hardware, software and network outages and human error are much more likely to cause business disruption. The lesson for organisations is they need to be prepared for all potential causes of business disruption. More often than not, it will be a ‘quiet catastrophe’ related to hardware or process failure that, over time, generates the most significant threat to your business continuity.
* We have a plan, so we are ready. Creating a business continuity plan is an important step, but not the end state. It takes more than words on paper or a computer screen to enable readiness. Business continuity preparedness means having a living program – which is continually validated, communicated, tested, updated and improved. It means having an organisation that is "situation ready" – with skills honed through training and supported by robust planning tools to respond to a significant business disruption. Your organisation should be so well prepared that it only needs the plan for reference or as a guide, not as the playbook, when undergoing an exercise or disaster.
* Any disaster will be a singular event. Too often, organisations plan for ‘simple’ situations – "my data centre has been disabled" – where the event occurs and all that needs to happen in response is to pick up the pieces. Recent events in Haiti and Chile have shown disasters can be a series of inter-related, changing scenarios that make responding to the situation much more complex than for a singular event. Business continuity programs need to prepare an organisation for a situation that is continually evolving, whether due to changes in the primary source of the disruption, after-effects or new information or players emerging. Anticipating these events will force your organisation to examine closely key assumptions and response constructs, and build in plan flexibility, infrastructure resiliency and contingencies upon contingences to improve preparedness.
* Vendors and customers will come to our aid. Organisations cannot assume vendors will be there to support them or that customers will empathise with the situation. Business continuity plans should prepare an organisation to get through a disaster on its own and without losing customers. To achieve these objectives, it is critical your organisation be customer focused, communicate to all constituents, and have employees know their roles and responsibilities even if they are not part of the "recovery" team.
* We have tested our plan, so we're ok. In business continuity, it's about overall readiness, not the plan. Organisations should always look to improve. A successful test of a plan doesn't mean your organisation can't find room to improve. Every company needs to ask: what level of preparedness did our organisation set for itself? What objectives were set? Was the scope such that the organisation knows it will be ready – or was the exercise just a technology recovery procedure test? And how has the company gotten better over time? Organisations must raise the bar when testing and work to get better – continually looking for ways to fail in an exercise so they find ways to succeed.
They have been asked to submit business continuity plan and disaster recovery policy to Sebi within three months.
Biztech 2.0 spoke to Chinar Deshpande, CIO, Pantaloons and Satish Pendse, CIO, Hindustan Construction Company in order to gain a better insight as to what goes into having a concrete disaster recovery/ business continuity strategy.