Business Disruption Adaptability Plan
In today’s volatile business climate, disruptions to the business operations is a disappointing experience for customers and business partners. Sudden stoppage in the flow of information and unable to transact business can be overwhelmingly disadvantageous to a business organization. However, if a business organization has a business continuity plan in place, it can help limit business disruptions which in today’s business climate is a strong competitive business differentiator. As Brooks, Leung, Mirza, Neal, Qiu, Sing, Wong, Wright (2007) emphasize about having an effective business continuity plan, “These processes can withstand unplanned outages for a day, or even several days, without severe adverse consequences (in other words, a business tolerance level to outages)” (Brooks et al., 2007, p. 4).
The primary emphasis of this research paper is on the elements of good data backup planning, good disaster recovery planning, and good business continuity planning. These are written procedures, checklist, and a map that will serve as a quidding principle for a successful business continuity strategy. When we say, “good elements”, based on my understanding, these are effective essentials that when included as part of the disaster preparation plan and the organization carry out conscientiously, they can easily adapt to sudden change. The organization can resume their business operations in a timely manner more efficiently. Henceforth, able to achieve business resiliency in the midst of disaster. Brooks et al. (2007) clearly explained the meaning of the Business Continuity Plan and Disaster Recovery plan and why those processes are so important:
Business Continuity is the ability to adapt and respond to risks, as well as opportunities, in order to maintain continuous business operations. There are three primary aspects of providing Business Continuity for key applications and processes: High availability, Continuous operations, and Disaster recovery. While Disaster Recovery is the ability to recover data and is only one component of an overall Business Continuity Plan (Brooks et al., 2007, p. 2).
Elements of Good Data Backup Planning
A data, in general, pertains to soft assets often referred to as digital assets such as system data, critical business information, and enterprise data and software images. Organizations can protect these assets through a reliable Data Backup which can help mitigate data loss, system and data corruption, and compromise due to intrusion and hacking. Barnier (2008) explained that with a good Data Backup Plan helps the organization to “reduce the risks associated with critical and proprietary data loss while helping to reduce complexity, manage costs and address compliance with regulatory data retention requirements” (Barnier, 2008, p. 9).
The organization ought to consider elements of good Data Backup Plan to ensure a very reliable data preservation so that when the time comes that data recovery is necessary, the data that will be recovered is also very reliable. Other than the list of Backup Methods that were discussed in our class, such as Full Backup, Incremental Backup, and Differential Backup, there is some element that I also wanted to mention which are worth considering such as the following:
Choosing the Right Software
Backing up critical business data helps a reliable data recovery that is why choosing the right software to manage the protection of the company’s sensitive data that has a different level of data protection like data encryption or bit-locker is very important. One of the suggestion that when “selecting the solution that’s best for your operational model with a militaristic level of data safeguarding” (Ward, 2018).
Backup/Restore User Access Control
Sensitive data should be handled by a Backup Management Software that provides User Access Control Backup and Restores security feature to make sure that only authorized personnel who can perform such tasks. The software can also log who initiated the backup or restore, including the date and time the task was carried out. It is very important to easily identify who “should workers be accessing files and sharing documents, make sure user access controls are available to prevent unprivileged users from meddling with other files” (Ward, 2018).
Automated or Scheduled Backup
Another efficient way to perform data and system backup is through scheduled and automated backup operations that automatically initiated on a specified schedule defined. Making sure nobody is using the system when a continuous backup operation takes the system down before initiating the scheduled backup plan. Brooks et al. (2007) have explained that:
Sometimes you must take important applications down to upgrade them or take backups. Fortunately, technology for online backups has improved greatly in recent years. However, even with these advances, you must at times take down applications as planned outages for maintenance or upgrading of servers or storage (Brooks et al., 2007, p. 93)
Recovery Distance Considerations
Another very important thing to consider is the distance of the satellite locations where to safely keep the media such as tape, external hard disks, compact disks, universal storage bus, and flash drives, used to store the backup. The location of recovery proximity distance is something of a big consideration to take because “this will be influenced, among other factors, by the risk assessments of the local geography (for example, earthquake fault lines, the likelihood of hurricanes, and so forth) and regulatory requirements” (Brooks et al., 2007, p. 61)
Elements of Good Disaster Recovery Planning
In today’s volatile business climate, a government regulatory compliance requiring business organizations who belong to critical sectors such as in Healthcare, Information Technology, Transportation, Banking, Utility, etc. to establish a Disaster Recovery Plan. Business organizations ought to have mature Disaster Recovery and Business Continuity programs to prepare for and minimize disruption and to leverage best practices and proven guidance template to effectively manage their company’s Disaster Recovery Plan.
Disaster and Outage Assessment
An outage assessment and business loss impact assessment must be first performed by management when an outage has occurred. Because identifying and documenting the impact is critical when to declare and perform disaster recovery. All personnel who are assigned and appointed to carry out the Disaster Recovery Plan should be fully trained and aware of the organization’s capability and has sufficient knowledge of the tools that are available at their disposal. Data Recovery personnel must be fully aware of the location where the information system outage has started to occur. According to Brooks et al. (2007), when an outage has happened in the central computer facility, that personnel responsible for Disaster Recovery should understand how to differentiate and measure two things:
Service restoration RTO (recovery time objective). Service restoration represents the elapsed time that is experienced from the moment of outage up to the moment when the system has been recovered. This time to recover is typically specified as the Recovery Time Objective (RTO).
Data loss RPO (recovery point objective). Data loss represents the actual loss of data that is experienced or how much data has to be recreated after the system is recovered to reach the same level of data as before the outage. (Brooks et al., 2007, p. 61)
Information System and Data Integrity Assessment
Assessing the integrity of restored Information System Infrastructure that pertains to hardware, software, and data is very important because the state of these components will define if they can resume business operation from the sudden stoppage. Brooks et al. (2007) explained that “Hardware data integrity is not the same as database integrity. The storage and servers cannot know what the logical database relationship is between multiple data blocks in the database. Therefore, when the first stage is complete, the transaction integrity recovery must next be performed by the applications staff, on the application and database” (Brooks et al., 2007, p. 62).
Elements of Good Business Continuity Planning
The main goal of the Business Continuity Plan is to make sure that employees and company assets are safe when a disaster has occurred. While the elements of a good Business Continuity Plan could vary from personnel and asset safety first, good communication, high availability, continuous operation, and disaster recovery.
Personnel and Asset Safety
In a good Business Continuity Plan, the most important element should be the worker’s safety before anything else. Putting the employee safety should come first and should be treated in the highest priority by making sure that personnel is not at any risk. Then secondly, securing the company’s assets is the second highest priority. According to Brook et al. (2007), “a goal of Business Continuity planning is to ensure the safety of personnel and assets during and following a disaster, another important aspect of the current Business Continuity assessment is to identify and assess the preparedness and preventive measures and controls in place at any point-in-time” (Brooks et al., 2007, p. 60).
An initial impact assessment that affected the normal operations or any power outage should be completed and communicated immediately to the management during any disaster situation. Then the most senior person or high ranking official in the organization should immediately “communicate to all the workers through the designated focal for the remote Technology Support Services center and Company Crisis Management Support the status of the disaster” (Cochairman, 2009, p. 22).
Disaster Recovery is a process for recovering data center to another site which is not at the location as the primary data center. The process is invoked when a disaster destroys the primary site or otherwise the primary site is considered inoperable. As it was discussed by Professor Nandikkara during our class “Disaster recovery is responsible only to IT Infrastructure” (Nandikkara, 2018), The main objective of a disaster recovery process is to resumes data processing to a different site. Data and software are restored on different hardware.
After assessing the impact and the areas of high exposure to the organization are identified, preemptive actions and controls that are considered for implementation can be carried out to provide “access to applications regardless of local failures, whether these failures are in the business processes, in the physical facilities, or in the IT hardware or software” (Brooks et al., 2007, p. 2). Assessing the organization’s preparedness is equally important by identifying preventive measures that will potentially cause data and system operations loss.
Continuous operation purpose is to keep things running when everything is working properly; it is a process capability where “you do not have to take applications down merely to do scheduled backups or planned maintenance” (Brooks et al, 2007, p. 2).
The importance of Business Continuity in today’s information technology-centric world is critical to business success especially in situations of natural or man-made catastrophes including various failure in Information Technology operations. Business Continuity is a management process which goal is to “restore and sustain business essential functions” (Nandikkara, 2018). Organizations can achieve successful business continuity by establishing a good Data Backup Plan, a good Disaster Recovery Plan, and good Business Continuity Plan. The three plans are interdependent. According to Professor Nandikkara those plans “go hand and hand together, one cannot succeed without the other” (Nandikkara, 2018).
Business Disruption Adaptability Plan