It’s Not Just an IT Issue, the Five 9s Really Mean Business!
Organizations invest hundreds of thousands of dollars of redundant hardware and software into their data centers to ensure high availability (the five 9s, again) and resiliency. These same companies hire IT professionals with very specialized experience and certifications to ensure their capital investments maintain high availability and data security on a day-to-day basis.
High availability within the organization shouldn't just be identified with a Server failure or outage. Serious impacts to your business can be caused by natural disasters (like hurricanes or floods), strikes, major highway closures, terrorist events, all without a single server ever going down! Loss of sales, regulatory fines, contract penalties, getting employees to your business, loss of suppliers, branding, reputation, can all easily be affected, and for very long periods of time, without directly touching the five 9s.
Yet these very same companies often overlook the fact that these same IT professionals sometimes aren’t trained or experienced in recovering from a disaster and ensuring business continuity. Business continuity planning requires a high-level view of IT, but more importantly, a rock-solid understanding of business processes and the potential consequences of natural disasters, strikes, highway closures, terrorist events (and so on) on the business. FEMA has some very valuable information on Business Impact Analysis (BIA) as well as operational and financial impacts. Ironically, IT doesn't even make the list!
Organizations that invest heavily in the five 9s should, but rarely make the investment in selecting and implementing a sound Disaster Recovery (DR) and Business Continuity (BC) Solution. DR provides an essential level of protection in the event of site-wide outage, as well as natural and man-made disasters.
The role of managing and coordinating a DR/BCP plan should be the responsibility of a credentialed professional or team within large organizations. Other sized companies might also have a single person or split the duties relating to DR/BCP. I have seen the responsibilities divided with the CIO or ISO and Facilities, or solely sitting with one of those people alone.
Regardless of with whom it sits, that team or person needs to be empowered across the organization to obtain and maintain the plans. Ideally, the business departments should have an individual identified that is responsible for updating and maintaining DR/BC plans as the business changes and reporting back to the DR/BCP coordinator. This arrangement also provides a direct conduit to the business unit and exponentially increases awareness of the need for Business continuity, as well as an appreciation that DR/BCP isn’t just about IT.
If you have any thoughts you’d like to share with the group, please comment below. If you found the post useful, please bookmark or share so others can benefit as well.