In addition to the challenges of complying with the Sarbanes-Oxley Act, which holds corporations responsible for the safety of their business data, CEOs, CFOs and CIOs face the very real threat they've faced for generations -- disruption of business operations caused by forces outside their control.
Business continuity planning has become increasingly important as business leaders come up with contingency plans for dealing with age-old worries such as storms, floods, earthquakes and fires, as well as new threats including security breaches, sabotage, facility outages, logistical failures, virus attacks and terrorism.
Imagine the damage a 24-hour site outage would cause to your company, or what would happen if a virus deleted or corrupted mission-critical data. Smart companies have considered these threats, performing self-assessments to identify vulnerabilities, anticipate threats and determine how long it would take to recover from disaster.
It is far better to review and test processes to find out if you are adequately prepared to protect critical data than to be forced to figure out how you will recover lost or corrupted information during or after a disaster. If you don't have one already, a business continuity plan needs to be implemented.
The creation and maintenance of a sound business continuity and disaster recovery plan can be managed with a series of simple steps. When making a plan, consider the potential impact of a disaster and your responsibility to be in full compliance with Sarbanes-Oxley.
Teaming up with an experienced business continuity planner will help you formulate the most efficient and effective approach to creating and maintaining a plan.
If you are reviewing your existing plan or creating a new one for your applications and infrastructure, we recommend you ask two vital questions.
1. What amount of data loss are you prepared to handle? Zero hours of accounting data? Four hours of sales order processing? Twenty-four hours of customer service records?
2. How much time can you wait to recover normal operations for these systems and applications? None? A day? A week?
The accompanying chart explains some standard thresholds and the operational implications of these answers.
Partner for security and success
As disaster recovery demands grow more complex, many business leaders choose to partner with experts in business continuity planning who can determine the most effective solution for their particular application and infrastructure needs.
Your answers to the questions above will determine necessary levels of service, technology and infrastructure selection, and the investment you will need to make. As a rule of thumb, the lower your threshold for data loss and recovery time, the higher the service level and investment you will need.
According to The Gartner Group, less than 50 percent of companies have fully tested their disaster recovery plans. That's a frightening prospect. As the value of a corporation's data information grows, vulnerability to new threats such as hackers, viruses and terrorism are too great to leave unchecked, and it's too late if you wait until disaster strikes. Whether implementing your business continuity plan internally or outsourcing, companies today can't afford not to be prepared for a crisis.
Tom Fricano (email@example.com) is a director at BravePoint, a supplier of e-business and enterprise IT solutions to mid-market companies. Reach him at (770) 449-9696.