Flashlight and batteries. Water and food. Medications and first-aid kit. Radio and more batteries. Cash, cash, cash.
You might have a grab-and-go bag in the coat closet in case of wildfire or an emergency box under the sink in case of hurricanes. Wherever you live, some kind of disaster is bound to strike, and you should be prepared for it.
But what if disaster strikes at work? What emergency box must IT specialists have ready to help a company make it through unexpected downtime?
That emergency box is your business continuity plan. And for those in IT, following that plan ensures that your company is ready for anything, be it a systems failure, a natural disaster or human error.
WHY DO YOU NEED A PLAN?
A business continuity plan prepares you for “what-ifs … ,” and what-ifs cost money, resources and time. In the past five years, more than half of all companies have experienced a downtime that lasted longer than a full day. According to the Ponemon Institute, the average cost of IT downtime in 2016 was close to $9,000 per minute, or more than a half a million dollars an hour. For a Fortune 1,000 company, that cost could rise to $1 million or more — per hour.
What kind of disasters are we talking about?
- A major blackout affects your city
- An email is hacked
- A hurricane hits
- A cyber attack freezes your system
No matter what the disaster, having a plan — a predetermined, tested response outlining various scenarios and the steps your business will take to get back to normal — avoids the consequences of the unexpected. A plan reassures your employees, customers and vendors that you are prepared in the event of an emergency. After all, the ability to communicate information to others is vital, and for the IT specialist, it means having systems in place and current.
WHAT IF …?
A business continuity plan is the face of your company’s resilience — your ability to recover from setbacks. From an IT perspective, a business continuity plan should include backups, alerts and reviews.
- Backups: Where are your databases stored — on premises, co-location, cloud? How are you securing your co-location data? In the event of an onsite failure, what will the backup systems provide? What, if anything, will be available to the public or your customers through the backup?
- Alerts: How does information — and not rumor — get to the right people at the right time? What alert systems do you have in place? How will employees know what to do?
- Reviews: How do you evaluate each situation and update procedures accordingly? How do you stay vigilant?
And don’t forget your vendors and remote workers. How can your IT department keep them productive when the home office is down? When Superstorm Sandy hit New York and New Jersey in 2012, businesses across the country also took a hit. Those working remotely for enterprises located in the storm’s reach might not have been affected by the physical storm, yet their work was interrupted and communication came to a standstill.
WHAT COMES AFTER THE PLAN?
Finally, you must regularly update your business continuity plan. You’ve spent hours with colleagues working through various what-if scenarios — systems disasters, natural disasters, human-error disasters — and drawing up plans. You’ve considered the best way to back up your systems and how to communicate with your employees. At a minimum, each year you should review your systems, your points of contact and backup contacts and your recovery strategies with all relevant colleagues and departments.
And continually encourage everyone to ask, What if …?