Don't treat IT as the cure-all for a business continuity crisis, firms told

Over-emphasising the place of IT in business continuity plans could increase the time it takes a department to recover from a crisis, the Business Continuity Institute (BCI) has warned.

Over-emphasising the place of IT in business continuity plans could increase the time it takes a department to recover from a crisis, the Business Continuity Institute (BCI) has warned.

Speaking at an HP-sponsored roundtable ahead of next week's Business Continuity Expo in London, Bill Crichton, HP consultancy manager for European business continuity services and a member of the BCI's executive committee, said that focusing on IT systems that enable data recovery does not in itself translate into immediate business recovery.

As well as making technical provisions for outages, Crichton said that departments should draw up detailed plans, which define clearly the roles that employees would be expected to undertake during a crisis.

Companies should also document the processes staff should follow to ensure continuity of business, he said.

To demonstrate readiness, Crichton advised organisations to regularly audit their business continuity plans against live scenario tests.

"Businesses need to validate the basic assumptions behind whatever plans they currently have in place, and the most basic one is that having a fallback IT resource is all you need," he said.

Martin Atherton, principal analyst at Freeform Dynamics, made a similar point in a report last month published by CA.

"Technology can help with some of these challenges, but only if deployed as part of a broader strategic imperative which combines business leadership, personnel training and flexible processes and policies," Atherton said.

David Bason, IS director at law firm Shoosmiths, who was speaking at the same roundtable as Crichton, said his first-hand experience of scenario testing had emphasised the benefits of defining roles and processes.

He said it was only after Shoosmiths began live testing that it was able to refine its continuity plan to encompass the way staff worked in a crisis.

"In the event of a network failure, some workers might say, 'there is no point me sitting at my desk because I cannot do my work I might as well go home'," said Bason.

By clearly demonstrating that there are productive things that employees can be doing in these circumstances, Bason said business continuity immediately became more effective.

Also present at the roundtable was Jon France, business continuity manager at LexisNexis, who said his firm's experience had emphasised the need to "consider your neighbours" when conducting a risk assessment.

"Our datacentre was cordoned off by police during the fallout from the Buncefield oil refinery explosion in 2005, which meant continuity plans had to handle the situation," he explained.

"There is a myriad of things that can go wrong, but departments should focus plans for the end impact on the business, and at the heart of this is its people and its processes."

 

Comment on this article: computer.weekly@rbi.co.uk

 

Related articles:

Business Continuity Expo

Law firm revamps continuity plans

Stuart King's risk management blog

 




CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close