Business continuity is an organization’s ability to ensure operations and core business functions are not severely impacted by a disaster or unplanned incident that takes critical systems offline. Business continuity planning is the interdepartmental process, often led by information technology, of implementing the tactics used to restore normal business in a set amount of time, define the amount of data loss acceptable to the business, and communicate critical information to organizational stakeholders during and following incidents.
Implementing redundant IT infrastructure and contingency plans was once prohibitively expensive for all but the largest of organizations, but new economical, on-demand cloud technologies are putting robust business continuity strategies within reach for millions of businesses.
Common technology services designed for business continuity consist of cloud data backups, cloud-based disaster recovery as a service (DRaaS) for infrastructure outages, and managed security plans that protect against increasingly sophisticated cyberattacks.
What are the consequences of inadequate business continuity planning?
No one can predict when disaster will strike, but business continuity planning is the key to surviving major incidents. Disasters that cause business interruptions almost always negatively impact bottom lines, cooling down the steam that drives business in the digital economy.
This is especially true for businesses that generate revenue through web-based services. Consider this data:
- For larger enterprises, mere minutes of downtime can cost millions. In fact, the average annual cost for enterprises facing availability gaps (downtime and data loss) was $21.8 million, according to the 2017 Veeam Availability Report.
- In the same survey, 66 percent of companies expressed that downtime and data loss badly affect their digital transformation strategies and 40 percent noted downtime negatively affected their brand.
- According to the Ponemon Institute, every minute of downtime averaged $7,900 in revenue lost per minute.
What type of events does business continuity planning guard against?
A variety of events cause digital business disruptions. Just because you’re not at risk of one particular cataclysmic disaster doesn’t mean many other incidents can’t take you offline:
- Disasters: Natural and Local
Data loss and system failure can obviously be caused by natural disasters such as floods, earthquakes and fires, but even a simple electronic malfunction could destroy valuable information. When it comes to data, putting all your eggs in one basket is a perilous risk.
- Network Disruptions
Third-party internet networks can fail. Fiber can get cut. Your in-house local area network can be disabled. If your business needs continuous connectivity, make sure network availability is a top priority.
- Cybersecurity
The prevalence of cybersecurity threats is a global phenomenon that no business, large or small, can ignore. New threats such as Ransomware are predicted to be on the rise. Backing up your data with high frequency is crucial to ensuring such attacks don’t bring your business down plan against data breaches is paramount.
- Human error
Vulnerability points are often located right in the cubicle next to you. Employees or vendors can cause outages simply out of ignorance, due to innocent mistakes, or even as a result of ill intent.
Steps for Building and Executing Your Business Continuity Plan
If your business is behind in disaster planning, you don’t have to catch up alone.
Whether taking on business continuity planning alone or with a third party, follow these three steps to start protecting your company from unplanned downtime:
Step 1: Perform a Business Impact Analysis
A business impact analysis defines what data your company cannot live without and the amount of downtime acceptable in a given period of time. Finding a hosting provider that promises 100% uptime will help with this, but you’ll also need to determine two important numbers key to disaster recovery: Recovery Time Objective and Recovery Point Objective.
Step 2: Perform a Risk Assessment
This step is critical if you manage your own infrastructure. Risk assessments are all about identifying potential points of failure. For example, if you have your data stored in only one location and the location dies, you will lose your data. If a hosting provider is in charge of your servers and data within a data center, ideally you will have everything stored and replicated in more than one location. A service provider with a well-defined SLA will give additional confidence that your risk of downtime will be at a minimum.
Step 3: Manage Your Risks
Once you’ve assessed the risks, you must manage them—whether your data and infrastructure lives in house, with a hosting provider, or a combination of both. Regularly backup your data offsite as specified by your business continuity plan and go a step beyond by adding redundant, offsite infrastructure to your network to ensure 100 percent uptime.
Resources for Business Continuity Planning
- Learn how to convince your boss you need a DR Plan
- Design a backup policy tailored to your data storage needs