The trend of moving away from disaster recovery toward disaster resiliency is gaining momentum, buoyed by a new breed of business-continuance management software tools.
A typical disaster recovery (DR) plan focuses on recovering an organization's technology infrastructure from corrupt data, lost files or catastrophic data center loss. However, many DR plans that are based solely on data recoverability may create a false sense of security if they don't take into account other important factors such as employees, revenue, supply chain and facility access.
Most DR plans become outdated the day they're completed because the organization lacks an established change/control process (see "10 hidden perils of DR planning"). Disaster recovery plans must be updated regularly to respond to changing risks such as health threats, natural and man-made disasters, mergers and acquisitions, new regulatory mandates, employee turnover, and systems and applications changes.
Today, senior officers bear the brunt of responsibility for complying with government regulations such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA). As a result, senior business stakeholders are the new influencers on an organization's ability to demonstrate "disaster resilience," and it's no surprise that operational continuity is at the top of their agenda. CFOs and risk managers have been increasingly involved in funding and developing business-continuance management (BCM) initiatives that establish recovery priorities based on enterprise-wide assessments of business and IT recovery needs. Because of senior management involvement, BCM has evolved into a lifecycle process that requires collaboration from business units, the storage department, and key storage suppliers and vendors.
|A sampling of BCM programs|
|Click here for a sampling of BCM programs (PDF).|
BCM software tools are instrumental for reducing the time and effort required to develop a uniform method for creating business-continuance plans and establishing a repeatable process for maintaining the effectiveness of emergency response plans (see "A sampling of BCM programs," this page and "How to pick a BCM tool"). During the past 18 months, a number of new BCM software tools have emerged that will help organizations plan and react to business and operational threats. These tools help organizations:
- Automate the workflow of contingency plan development with business and information technology stakeholders
- Assess and quantify the impact of any business interruption
- Manage and distribute business-continuity and recovery plans across all business units and departments
- Automate the BCM plan's change management process
- Respond more quickly to "trigger events"
|How to pick a BCM tool|
Disaster recovery and business-continuance planning has evolved into a lifecycle process that will impact every part of your organization. Business-continuance management (BCM) software tools can help you address the difficult task of preparing for and responding to operational risks. The following tips will help you select and implement a BCM tool:
Uniform disaster response
Once a disaster strikes, the BCM tool serves as an "emergency control panel" that allows response teams to access completed action plans, monitor the communication process and track the progress of recovery efforts. This functionality gives business and IT recovery teams a uniform methodology to collaborate on, for example, impact assessment, data restoration, validation of the recovered data and response team notification (most BCM tools link to standard emergency notification software packages that automatically contact key team members when issues arise).
When choosing a BCM tool, look for these fundamental features:
- The ability to automate the information technology risk-assessment process by identifying "gaps" in the business stakeholders recovery point objectives (RPOs) and recovery time objectives (RTOs) requirements, and noting where systems don't match up with requirements.
- Automatic updates to the business-continuance/disaster recovery plan. An embedded threat database should be included that allows an organization to identify region-specific disruptions such as electric utilities failures, weather, and environmental and man-made threats. This feature typically includes data collected from information sources such as the Federal Emergency Management Agency (FEMA) and the National Oceanic and Atmospheric Administration (NOAA).
- The ability to audit personnel changes and cross-reference them with assigned business recovery tasks and teams. This feature ensures that no task is at risk because an assigned emergency response member is no longer employed by the organization.
- The inclusion of a database of pre-defined recovery tasks based on industry best practices. This helps an organization accelerate the process of creating and documenting its recovery teams and plans.
- The software can reside on your local server and at a remote site. This ensures access to the tool at a time when it's most needed—during an emergency. Many BCM tool vendors offer fee-based hosting services.
By automating the process of business and IT contingency planning—as well as disaster response—BCM tools are accelerating the efforts of many organizations to develop into disaster-resilient enterprises.