4 Tips to Prove Your Business Continuity Plan

Author: Daniel Lassell
May 16, 2016
hexpattern-2
hexpattern-2

The value of continuous availability doesn’t only extend to servicing customers. It enables employees to perform their job tasks. Simply put, without business continuity you wouldn’t be able to generate company revenue. This emphasizes how important it is to have an IT Disaster Recovery (DR) strategy for your business systems.

As security breaches and system outages have become more common, it has also become increasingly common – and in some cases required – that companies provide solid evidence of an overall availability strategy to auditors, insurers, investors, board members, regulators and customers. Since the major cause of downtime is human error, IT teams are responding to a broader set of risks than their original DR plans were designed to address. This means that leaders often have to change their approach and put their reputation on the line when proving their DR plan actually works – which can be a tough situation for both the leaders and the technology teams doing the heavy lifting.

Bluelock has a wealth of knowledge working with companies on modernizing their recovery strategies every day. Here are four tips to prove your business continuity to constituents:

1. Have the Resources to Maintain Availability

Without the technology and infrastructure to maintain continuous IT systems availability for employees and customers, it’ll be hard to prove you can do so. Not to mention, if anything should happen to where you need to recover your systems, a lack of resources will most certainly result in a slow return to service.

If your business doesn’t already have these resources, a Disaster Recovery as a Service (DRaaS) provider can help. When you outsource DR, there’s no need to purchase new hardware that will quickly become outdated. Plus, you only need to pay for the resources you actually use – which saves money.

People are a commonly overlooked aspect of a DR plan. Technology is important, but without experienced people to perform the recovery of your systems, your DR plan will fail. This was an aspect that one of InterVision’s clients, a financial media conglomerate, was glad to have when Hurricane Sandy struck their business. Because they had a solution running several miles inland with InterVision, their IT staff was able to focus on the safety of their families while our team of experts carried out their recovery process.

For this reason, it’s important to look at the overall aspects of business continuity, not just the technology needed for continuous availability. There are a lot of working parts that contribute to a successful business, and sometimes IT expertise doesn’t receive the focused attention it deserves when planning against possible disruptions.

2. Get Creative with Security Measures

Most DIY environments are out-of-date due to budgets and view business continuity as something less important. The challenge is that whether a business is using its recovery environment at that moment or not, it most likely contains a complete copy of production data. That’s why security for your DR environment is paramount.

Think of some of the recent large-scale data breaches: It’s clear that the intruder community likes to attack systems that are adjacent to production. Because recovery environments are offline 99% of the time, they don’t always receive the same attention as heavily-guarded production environments, making them an easy target for an intrusion.

One of our clients recognized this need for robust security in their business continuity strategy. As a bank, they wanted their website available at all times to service their customers – and if it wasn’t, they feared it would severely damage their reputation. Even if the bank had not been hacked, being offline would send a message that they could have been. For this reason, they leveraged InterVision’s HIPAA/HITECH complaint platform, controls and feature sets. This creative approach to security gave the bank the comprehensive security and accessibility they needed for their customers’ sensitive information.

3. Have Both Parties Confirm Successful Testing

It’s not enough to have copies of your data at a secondary site. You need to test your DR plan to make sure you will be able to failover and return your systems to service within a given timeframe. A single test won’t provide this proof. Only consistently successful tests will prove the effectiveness of your business continuity plan.

That’s why InterVision’s recovery team concludes each test with a testing certificate, which is signed by both InterVision and the client. Clients can then give this documentation to auditors, board members or other constituents as proof of a reliable recovery strategy. A national research firm found this evidence especially helpful when they wanted to gain an insurance renewal with business impact insurance to protect their company revenue in the event of a disaster. Having this insurance was part of their overall business continuity strategy, and this signed testing certificate was the key response to showcase their availability preparedness.

Standard for all InterVision clients, our current and past testing certificates are archived on our client SaaS platform, so that someone can reference the status of their company’s DR capabilities at any time.

4. Increase Overall Visibility

Sometimes, what’s most needed is transparency. A recent IDG survey states that top IT executives expressed confidence in their IT continuity strategies, while those actually implementing these continuity plans were far less confident. Is it any wonder, then, why you see so many IT leaders lose their jobs after a massive security breach or outage? This points to an increased need for dialogue between departments and roles about the true status and capabilities of business continuity plans.

That’s why it’s important to document every measure of your business continuity and DR strategy, so when disaster strikes everyone will know their responsibilities. Don’t just stop at the high-level steps. Plan for the most granular circumstances and different types of events.

InterVision is the only DRaaS provider that offers a Playbook – a runbook on steroids. This comprehensive documentation helps give clear evidence to constituents that you’ve planned how your IT team will perform in an emergency. Furthermore, an easy-to-use platform where you can monitor the real-time status of your systems availability can provide a reality check to over-confident executives and reassurance to uneasy parties. InterVision’s client platform provides high-level visibility with drill-down analytics to manage all aspects of recovery and production environments.

Conclusion

When it comes to proving a robust business continuity plan for your IT systems, sometimes you have to get creative. Overall, the goal is to drive a strategy for better market competition and revenue growth. InterVision specializes in recovery and availability, and we can help you determine what options would best suit your business and IT needs. Reach out to us for a consultation.

Want more tips on this topic?