Companies are facing an unprecedented number of exposures from an ever-growing external environment. Internal risks, such as I.T and personnel, also present potential losses for companies. However, these are under the control of the firm, whereas, external factors cannot be controlled. All risk arises due to a level of uncertainty and impacts the achievement of objectives. This impact can be of a hazardous (negative) nature, opportunity (positive) nature, or simply a deviation from what is expected. A business continuity plan is the first step towards mitigating the potential adverse impact of such risks.
Business Continuity Planning (BCP) is defined as a holistic management approach that identifies potential impacts that threaten an organization and provides a framework for building resilient and capable responses that safeguard the interest of key stakeholders, reputation and the brand. Due to the increased reliance on technology and corporate networks for survival, a BCP focuses greatly on continuation of core digital processes, including maintaining networks and other I.T processes.
When a company network fails, all methods of communication with its customers, suppliers and employees also fail. Even worse, access to critical information is lost or may be compromised. Even when presented with these adverse impacts, there are still many organisations that fail to develop an effective BCP and are thus not prepared to deal with adverse events relating to their business and network operations.
Common misconceptions include: employees already know what to do in an emergency, insurance will cover the losses, it is not worth the time and cost. Contrary to this; employees respond differently in an emergency, usually in a manner that adds confusion. Insurance is not a strategy, but rather part of the plan and it does not cover the cost of a loss of data, reputation and customers. Moreover, the time and cost spent on an effective BCP strategy is an investment in the company. Fixed costs must still be payed after the event, therefore it is vital to get the system up and running and return to normal operations as fast as possible, to reduce the negative impact of the event.
The first stage of a successful BCP is to determine all threats that could cease core business activities. Then the tasks that are required to continue such activities and business processes are determined. Details about the necessary tools, information and people needed to continue these operations are stated. Responsibility for creating a BCP should be delegated to various people. All modern organisations rely heavily on a network for their operations; thus, it is vital to carry out regular data backups and a Disaster Recovery Plan (DRP). The latter is an important part of the BCP. DRP is a plan for responding after an event. It deals with preparing for the failure and recovery of a business’s IT systems and controls.
The following are some measures used to protect a company’s network and data, that form part of a BCP.
- Planning for power failures – all critical network components should be connected to a power source that has a very high availability percentage. This should be around 99.999% for a data centre.
- Uninterruptible Power Supplies (UPS) – are connected to emergency power sources to maintain internal communication. These are used when a LAN provides critical services, such as, a bank or hospital.
- Updated BCP – companies are constantly changing their internal processes to maximise growth. It is vital that all changes and upgrades are included in the BCP. Network documentation must be constantly up to date and periodic analysis is made.
- Security – hackers prey on companies that have experienced an event that has weakened their network. They try to breach information and network security of the organisation. Thus, a BCP must ensure that the same level of security for the primary system is also found in the disaster recovery system.
Companies are often better off outsourcing the development and implementation of a BCP. The cost outweighs the huge burden of having to manage offsite backups and a hosting provider can provide a facility that is much more cost-effective and less time-intensive. This also reduces the time and resources that would be wasted in training the company’s own internal staff, by having staff from the external service provider manage all digital services.