Speaking at the Business as Usual conference in Midrand taking place from 7 to 9 May 2002, IBM`s Business Continuity & Recovery (BCRS) UK project executive, Alistair Dale, made it clear that a disaster recovery plan is not enough to ensure that businesses can continue to operate after a physical crisis.
"Traditionally, disaster recovery plans only dealt with keeping information technology (IT) and associated communications operational in a crisis.
"They don`t address the need for business processes to be kept operational. Business continuity plans do."
Dale pointed out that responsibility for ensuring business continuity lies with an organisation`s executives and not with their IT departments or suppliers.
"Directors must take responsibility to ensure business continuity at all levels in order to protect the interest of their stakeholders.
"And, at a practical level, only a business owner can decide what financial losses he can afford in the event of a disaster. And only a business owner can estimate accurately what percentage of his loss will come from the effects of a disaster on his staff, his buildings, stock, equipment, transport, infrastructure - quite apart from his IT infrastructure.
"IT departments or business partners simply don`t have that sort of insight into a customer`s business."
A gradual shift in focus from the disciplines of disaster recovery to those of business continuity had been taking place during the late 1990s, but the attacks on the World Trade Centre on September 11 last year accelerated the trend.
Organisations saw clearly that any situation which disrupted their staff or left them without basics such as desks and chairs and office space was of equal, if not a far greater threat to their operations than an outage on their IT technology.
"One can often restore computer hardware and phone lines faster than one can restore buildings and the emotional well-being of employees," said Dale.
"But companies are still shying away from business continuity because it is more difficult to plan for than disaster recovery - especially with globalisation and mobile, wireless technology adding to the complexity of business operations.
"Even so, the demands of sound corporate governance really leave companies no choice but to focus on the difference between recovering their hardware or data and recovering their entire business.
"The best way to do that is to break the business down into crucial business processes and critical operational components. Involve everyone in the process to get maximum buy-in and to get the clearest possible picture of what would happen to your bottom line if a crisis struck.
"And then prioritise the contingencies you need to put in place, based on how long you can afford to be without a given process.
"By doing that, you will have identified your recovery point objective (RPO).
"Then, you can leave your recovery time objective (RTO) - the time it takes your IT systems to recover - to your IT departments and their associated suppliers, who should be continuously working on honing their ability to recover your system in minutes rather than hours or days."
Share
IBM is the world`s largest information technology company, with more than 80 years of leadership in helping businesses innovate. Drawing on resources from across IBM and key Business Partners, IBM offers a wide range of services, solutions and technologies that enable customers, large and small, to take full advantage of the new era of e-business.
IBM can be found on the Web at www.ibm.com/za.
Editorial contacts