By Michel Coric, Easynet Global Services
Investment in business continuity must always be proportional to the potential risk. Many different theories have been put forward over the years as to how to go about calculating risk, but to my mind the most effective of these is still the simplest: Risk = Seriousness x Frequency.
Both of these factors (‘seriousness’ and ‘frequency’) will vary in each individual business and in relation to each situation encountered. For example, the frequency of flooding at a business located below sea level will be far higher than at one above sea level, whilst the effects of such an event would likely be much more serious at a company producing perishable goods than at a firm offering services. In addition, these two variables are likely to be inversely proportional (the more serious an event the less frequently it is likely to occur) and may change over the course of the day, month or year.
What must also be considered is the relative importance of different aspects of business operations and making sure that this is represented within the Business Continuity Plan (BCP). The priorities of the Business Continuity Plan, it is worth noting, may differ markedly from those of the Disaster Recovery Plan (DRP), which usually covers only the first 24 hours after a major event. Within some organisations, alerting one’s supply chain may be the first action required, whilst in others making the premises hospitable again will be the first priority. What is not in question, however, is that the importance of the IT function to business continuity is now greater than ever, for businesses of any size.
Whilst the improved quality of managed networks has meant that the frequency of IT failures has significantly decreased, companies’ reliance on them means the seriousness of any potential problem has, in turn, shot up. With businesses conducting more of their trade online and, perhaps more crucially, placing more of their confidential data in outsourced data centres, the stakes have been raised. Contingency planning for a company’s IT is, in most cases, only one small part of a wider BC plan, but it is increasingly becoming the most crucial element of all.
In addition, bolstering a company’s IT to enable more effective Business Continuity Planning will bring wider benefits to the business. Bolstering connectivity and implementing redundant network infrastructure could open the door to new technologies and working practices, such as remote working or telepresence conferencing, which can bring immediate, tangible benefits to the business.
Implementing plans for remote working or installing telepresence technology, for example will be of use in the event of a disaster, but can also drive immediate benefits in employee productivity and travel expenditure.
Furthermore, Business Continuity Planning requires effective collaboration over large distances, and it is those companies whose employees are able to achieve this over the network which will gain the most. Businesses and employees well-versed in planning for every eventuality will be better-prepared to deal with any commercial challenge which may arise.
Assessing potential risk and the relative importance of different areas of the business are arguably the two most crucial aspects of the business continuity planning process. As a rule, the larger the company concerned, the more important the IT function will be, and the greater expenditure it will require. Yet, such is the role that IT can play in aiding business both before and after a major event, that this expenditure should be seen as an investment rather than simply a cost. More so than ever before, CIOs must communicate the value of IT not only to contingency planning, but also in the here and now.