This study illustrates why business continuity is more than just disaster recovery. Although business continuity developed from the IT focused world of disaster recovery, it covers a much wider scope. An over concentration on IT can be short sighted, as this case study illustrates.
The subject of the study is a medium sized company that delivers out-sourced services to a number of larger companies. They are dependent on IT systems for the delivery of their services and have spent a great deal of time and effort ensuring that their IT and telephone infrastructure is resilient and capable of delivering the service levels demanded by their customers.
When pandemic flu was threatened last year, the company developed a plan to cope with loss of access to their head office building for a period of time. The plan allowed for key staff to be issued with laptops and then work from home.
In the event, the plan was never invoked; however, you may recall that we had rather a lot of snow at the start of this year, and that some of it came rather suddenly. The result was that, on one occasion, staff couldn’t get into the office. Unfortunately, the laptops that would have allowed them to work from home were in the office. Luckily, the client’s staff couldn’t get into work either so there was no service delivery impact, but that was luck, not planning!
Business Continuity versus Disaster Recovery
This highlights the principle difference between business continuity planning and disaster recovery planning. Disaster recovery planning does exactly what it says on the tin: it answers the question “<expletive>, XXX has broken/been lost, how do we get back and running in the required amount of time”. Business continuity planning answers a different, and broader, question: “what do we need to do now, and be prepared to do when XXX has broken/been lost, so that we can continue to deliver service to our customers?”.
You still need a disaster recovery plan, but the real focus should be on being able to continue to deliver service at an acceptable level whilst you recover from the incident.
How this could have been avoided.
Referring back to pandemic planning: many business continuity plans adopted a staged approach with triggers for each of the stages. For example, the stage 1 plan was triggered when WHO moved the pandemic threat level from 1 to 2. Another plan was triggered when WHO went from two to three, and so on. A similar approach could have been adopted by this company; for example with the stage plans triggered by the forecast weather.
How about you?
Do you distinguish between business continuity and disaster recovery?
How can I help your business? Click Here to see how I can improve your business and protect your data.
Originally posted 2010-09-14 08:56:22. Republished by Blog Post Promoter