Hard facts on software - a fresh look at business continuity

We will be taking a look at a few more things to consider when setting up your business continuity plan (and again, I take the liberty to quote from Wikipedia).

The entire concept of business continuity is based on the identification of all business functions within an organisation, and then assigning a level of importance to each business function. A business impact analysis is the primary tool for gathering this information and assigning criticality, recovery point objectives, and recovery time objectives, and is therefore part of the basic foundation of business continuity.

It can be used to identify extend and timescale the impact on different levels of an organisation. For instance, it can examine the effect of disruption on operational, functional and strategic activities of an organisation. Not only the current activities but the effect of disruption on major business changes, introducing new product or services, for example, can be determined by BIA.

Good practice indicates that a business impact analysis should be reviewed as a minimum annually, but more frequently in the event of: 1. A particularly aggressive pace of business change; 2. Significant changes in the internal business process, location or technology; and 3. Significant changes in the external business environment - such as market or regulatory change.

In today's global business environment, security must be the top priority in managing IT. For most organisations, security is mandated by law, and conformance to those mandates is investigated regularly in the form of audits. Failure to pass security audits can have financial and management changing impacts upon an organisation.

In large IT environments, personnel turnover is inevitable and must be planned as part of business continuity. The solution to the problems associated with turnover, is complete and up-to-date documentation. This insures that new personnel will have the information they need to quickly become knowledgeable and productive with respect to the business functions they are tasked to support. This also implies that business function related documentation is largely generated (rather than written) from existing systems and managed in an automated manner.

Regulations require that changes to business functions be documented and tracked for auditing purposes and is designated as "change control". This brings a level of stability to the business functions by requiring the support personnel to document and coordinate proposed changes to the underlying systems. As this process becomes more and more automated, the emphasis will be less upon personnel control, and more upon regulatory compliance.

One of the most costly and time-consuming aspects of IT management is dealing with auditors. One of the goals of business continuity is data centre automation, which includes audit management. All modern business functions should be designed with the concept of automatically generating the requisite audit compliance information and documentation as part of conducting day-to-day business. This dramatically reduces the time and cost associated with manually producing this information.