Lesson 4: Protecting Business Continuity

Lesson 4: Protecting Business Continuity

The continued survival of a business depends on its continued operation. When a business stops operating for any reason, it loses credibility as well as income. When an extended period of down time is caused by a disaster, whether technological, environmental, or social, in many cases businesses never reopen. Business continuity management is a term that has been coined to describe the review, planning, and implementation processes that a business must perform to keep operating in the face of any interruption.


After this lesson, you will be able to

  • Understand the process of creating a business continuity plan

  • List some of the fault-tolerance measures you can take to keep your business going in an emergency

Estimated lesson time: 15 minutes


To be effective, business continuity management (BCM) must transcend the technological concerns of the IT department and involve the entire company from the top down. Although a relatively minor disaster, such as a hard disk failure in a server, can cause the company to cease operations for a time, the object of BCM is to plan contingencies for truly catastrophic occurrences in which company resources of many different types can be affected.

As an example, what would you do if the building housing your company's offices was destroyed by a tornado in the middle of a workday? If your IT department has a properly implemented disaster recovery plan, you have backup copies of your vital company data stored offsite, and perhaps even servers located in different cities or stored in unaffected locations. However, before the business can be fully operational again, you might need to find new office space, and then replace dozens of desktop workstations, the telephone system, and hundreds of mundane items such as office furniture, stationery, and supplies. In a worst case scenario, you might even have to find replacement personnel.

In the aftermath of a major disaster, people are likely to be overwhelmed by the enormity of the tasks that confront them. Even if they are able to overcome the emotional shock of such an event, they might have a difficult time focusing on what has to be done. The idea behind BCM is to have a comprehensive plan worked out in advance that specifies what has to be done to keep the business operational, who will do what when disaster occurs, and how replacement materials will be obtained.

Creating a Business Continuity Plan

The process of creating a business continuity plan must be sponsored by individuals at the highest levels of the company and encompass the entire operation, not just the IT department. The primary steps of the initial planning phase should include the following:

  • Identify the mission-critical processes that the business must perform to continue operating. Every business consists of multiple processes that together enable the company to produce a product or service and be compensated for it. By listing these separate processes, you can more easily prioritize the company's activities and identify the resources you need to proceed.

  • Identify all of the resources required for the mission-critical processes to operate. The list of resources for each process should include raw materials, tools and other equipment, facilities, fixtures, utilities, and personnel; in short, it comprises everything necessary for the process to continue.

  • Rate the relative importance of the mission-critical processes to the continuing operation of the business. Depending on the nature of the business, your first priority might be manufacturing your product, or it might be taking orders from customers. In any case, there will be certain processes that must continue uninterrupted if the business is to survive, and others that can withstand a temporary interruption.

  • Decide on a course of action to be undertaken for each mission-critical process to plan for an interruption. For crucial processes, the course of action might include moving the process to a branch office or activating a fallback facility with backup equipment prepared for such an eventuality. For less crucial processes, the company might choose to purchase insurance to cover the financial losses resulting from the interruption, rather than take steps to maintain productivity. This can protect the company against immediate financial losses, but the company's reputation can still be damaged. For some processes, the chosen course of action might be no action at all.

The planning phase of the business continuity plan is by far the most complex part of the process. Once you have decided what you are going to do and how, implementing the plan is relatively easy.

For more comprehensive information on business continuity planning, you might want to consult the ISO 17799 document, published by the International Organization for Standardization. This document is available for purchase at a href="http://www.iso-17799.com" target="_window2">http://www.iso-17799.com.

Implementing Business Continuity Preparations

For some of the processes that are essential to the survival of your business, your plan probably calls for the preparation of fallbacks that you can use if your site is damaged. Depending on the nature of your business, on the importance of the process, and your budget, these fallbacks can range from simple backups of your data to preparations for an alternative site where you can conduct business.

Backups

As discussed in Lesson 1 of this chapter, backing up your data is the most fundamental type of business continuity measure. Virtually every resource used by your business can be replaced, with sufficient time and money, except for your data. To prepare for possible disaster, you should back up your data on a regular basis (preferably daily) and make arrangements to store a copy of the data offsite.

High Availability and Fault Tolerance

High availability and fault-tolerance mechanisms are measures that you can take to keep your business operating in the event of a systems failure. Data availability technologies such as a redundant array of independent disks (RAID) enable a server to continue operating without data loss when a hard disk fails. It is also possible to build more comprehensive fault-tolerant systems, such as clustered servers that share a client load, but if one server fails for any reason, the other ones continue operating and take up the slack.

Obviously, these systems can do little good if all of the components are located at the same site, and the entire building is destroyed by a fire or other disaster. For this reason, it is also possible to place mirrored servers at distant locations, connected by a wide are network (WAN) link. For some businesses, having a branch office in another city is a convenient way to create a fault-tolerant organization. You can have not only duplicate computers and technological components at the other site, but a complete office configuration that can keep vital business processes going.

If constructing and staffing a branch office is not a practical alternative for your business, you should plan in advance for how you are going to replace vital resources that could be destroyed in a disaster. To do this, your list of essential resources should include absolutely everything the business needs to operate, including incidentals such as furniture and office supplies. Although it might not be necessary to actually purchase all of these items in advance, you should establish where and how you will get them if you have to implement the plan. For example, if a hurricane destroys a large part of your city, there is likely to be a rush on purchases of new office equipment afterward, along with profiteering by unscrupulous merchants. Cultivating good relationships with vendors in advance (preferably large vendors that won't have their entire stock destroyed in the same disaster as the one that claims your office) might mean that you will be a preferred customer later.

Although it might be difficult to contemplate, you should also consider that people are a vital company resource as well. A good relationship with an employment agency could make it easier for you to engage temporary replacement personnel, if needed.

Utilities

The are a number of services such as electricity, running water, and mail, that are essential to keeping a business running. However, these services can be interrupted. If your business absolutely must keep running, no matter what the circumstances, your business continuity plan should include fallback measures that enable you to compensate for interruptions in these services.

The uninterrupted power supply (UPS) units that people commonly use to protect servers and other equipment from power spikes and brief power outages are capable of supplying power for only a few minutes. To keep a business running in the event of an extended power failure, you must have either a large array of batteries, or more practically, a generator that is tied into the building's electrical supply lines. Backup generators are frequently equipped with failover switches that enable them to start automatically if the building's power supply fails.

Reliance on mail and other delivery services can be somewhat more problematic. If it is not practical to make deliveries yourself in the event of a disaster that interrupts the local mail and other courier services, it might be better to plan on having an office at a distant location where the utilities are intact, which you can activate in case of emergency.

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson and then try the question again. Answers to the questions can be found in Appendix A, "Questions and Answers."

  1. Name a hardware technology that enables a computer to continue operating despite the failure of a hard disk.

  2. Utilities such as electric power are typically not included as part of a business continuity plan because their reliability rate is so high. (True or False?)

  3. Which of the following statements is true about a business continuity management (BCM) effort?

    1. BCM is a company process that must involve all departments and all levels.

    2. BCM is an IT consideration that is devoted to keeping the company's computer network operational in the event of a disaster.

    3. Each department manager in a company should create an individual business continuity plan for that department.

    4. BCM is a government project that dictates preparatory requirements to individual businesses.

Lesson Summary

  • Business continuity management (BCM) consists of the review, planning, and implementation processes that a business must perform to keep operating in the face of any sort of interruption. BCM transcends the IT department and must involve the entire company infrastructure.

  • To create a business continuity plan, you must identify the mission-critical processes that your business needs to function.

  • After outlining your business processes, you must then decide on a course of action for each process, whether to take steps to keep that process operating under any conditions, insure the business against the losses an interruption of that process can cause, or take no action at all.

  • Backups with offsite media storage are the most fundamental business continuity tool.

  • High availability and fault-tolerance technologies, such as RAID and server clustering, can keep a business operating despite a systems or hardware failure.

  • Utilities, such as electric power, are frequently taken for granted, and compensation for outages should be a part of the business continuity plan.



Security+ Certification Training Kit
Security+ Certification Training Kit (Pro-Certification)
ISBN: 0735618224
EAN: 2147483647
Year: 2002
Pages: 55

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net