WHY BUSINESS CONTINUITY PLANS FAIL



Similar documents
The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

Top 10 Disaster Recovery Pitfalls

Disaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support

SYMANTEC 2010 DISASTER RECOVERY STUDY. Symantec 2010 Disaster Recovery Study. Global Results

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.

Building a strong business continuity plan

Business Continuity Planning and Disaster Recovery Planning

Disaster Recovery and Business Continuity What Every Executive Needs to Know

Disaster Recovery and Business Continuity Plan

Disaster Recovery. July Specialists in IT Outsourcing and Consultancy

DECIDING WHICH CRM SOLUTION IS RIGHT FOR YOU

SharePoint Project Management: The Key to Successful User Adoption

The 10 Disaster Planning Essentials For A Small Business Network

SharePoint Project Management: The Key to Successful User Adoption

Contents. Introduction. What is the Cloud? How does it work? Types of Cloud Service. Cloud Service Providers. Summary

Data Backup and Disaster Recovery for Business

How To Get Ready For Business

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business.

Mastering Disaster A DATA CENTER CHECKLIST

BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS. Disasters happen. Don t wait until it s too late.

Read this guide and you ll discover:

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Testing, What is it Good For? Absolutely Everything!

Ensuring your DR plan does not Lead to a Disaster

Disaster Prevention and Recovery for School System Technology

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Business Continuity Plan

22 Questions You Should Ask Your Computer Consultant

Could a Managed Services Agreement Save Your Company Tens of Thousands of Dollars Each Year?

Cloud Backup and Recovery

What You Should Know About Cloud- Based Data Backup

Desktop Scenario Self Assessment Exercise Page 1

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

Frequently Asked Questions about Cloud and Online Backup

Backing up your digital image collection provides it with essential protection.

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

The 7 Disaster Planning Essentials

How To Write A Disaster Recovery Plan

IDERA WHITEPAPER. The paper will cover the following ten areas: Monitoring Management. WRITTEN BY Greg Robidoux

Expecting the Unexpected. Disaster Preparedness Strategies for Small Business

Technology Solutions That Make Business Sense. The 10 Disaster Planning Essentials For A Small Business Network

How to Build a Disaster Recovery Plan

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.

Disaster Recovery Strategies

How To Understand The Market For Disaster Recovery

Keys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits

Leveraging Virtualization for Disaster Recovery in Your Growing Business

Business Continuity Planning. Presentation and. Direction

What if your Disaster Recovery Plan were put to the test?

Hybrid: The Next Generation Cloud Interviews Among CIOs of the Fortune 1000 and Inc. 5000

Planning and Deploying a Disaster Recovery Solution

Ensure Absolute Protection with Our Backup and Data Recovery Services. ds-inc.com (609)

WHY DO I NEED DATA PROTECTION SERVICES?

Business Continuity Plan Template

Back it up. Get it back. Simple.Secure.Affordable.

HARVARD RESEARCH GROUP, Inc.

Remote Backup Solution: Frequently Asked Questions

Disaster Recovery Planning

The Art of High Availability

Archiving: Common Myths and Misconceptions

Business Continuity Training and Testing: Narrowing the Gaps

DESCRIBING OUR COMPETENCIES. new thinking at work

Availability and Disaster Recovery: Basic Principles

Local Government Cyber Security:

AnswerNow Guides Why Live Service Matters!

a guide to the cloud Understanding the cloud and recreation management understanding the cloud and recreation management a guide to the cloud 683_14

Which Backup Option is Best?

Portfolio Management 101:

Data Storage And Backup

Disaster Recovery Planning Process

BUSINESS CONTINUITY ASSESSMENT CHECKLIST

ADAPTING SCHEDULE ADHERENCE MEASUREMENT TO IMPROVE PERFORMANCE Product No

Business Continuity Planning in IT

c01_1 09/18/ CHAPTER 1 COPYRIGHTED MATERIAL Attitude Is Everything in a Down Market

5 Steps to Prepare a Disaster Recovery Plan

Avoid the Top 5 Epic Fails of Enterprise Endpoint Backup

Transcription:

WHY BUSINESS CONTINUITY PLANS FAIL 12 COMMON CAUSES AND HOW TO PREVENT THEM By Keith Erwood The ProtectEr, CEO and Principal Consultant The Continuity Co., LLC All material in this report is the property of Continuity Co., LLC. Reproduction or Redistribution without written permission prohibited. Copyright 2012 Continuity Co., LLC All Rights Reserved. Copyright 2013 Continuity Co., LLC Page 2 of 9

Contents 1 Communication Issues:... 4 2 Not Knowing Who is In Charge:... 4 3 Lack of Viable, Defined Contingency Protocols:... 5 4 Inadequate Risk Assessments:... 5 5 Not a Fully Developed Program:... 5 6 Not Sharing Your Plan:... 6 7 Unrealistic Expectations:... 6 8 Not Enough Exercising Of Your Plan:... 7 9 Inadequate Planning Specific to Your Organization:... 7 10 Utilizing a Device or Technology Promising to Deliver Business Continuity:... 7 11 Creating a Single Point of Failure:... 8 12 Not Being Aware of the True Costs of Downtime:... 8 Bonus Not Having Management Involvement:... 9 Copyright 2013 Continuity Co., LLC Page 3 of 9

Why Business Continuity Plans Fail Organizations all over the world develop business continuity plans to have contingencies in place for business disruptions. Unfortunately many of these organizations see their plans fail when the time comes to implement them. I have also been contacted by some organizations that have had their plans fail to help them find the reasons for the failure and to make certain it does not occur again. So, why do these plans fail? There are a number of reasons why Business Continuity Plans fail. Sometimes it is a combination of issues. Outlined below are the top 12 reasons I have consistently come across for business continuity plan failures. Evaluate them against your current plans and make adjustments as needed so your business continuity plan will not fail. 1 Communication Issues: Nothing can derail your business continuity plans faster than a communication issues. Whether those communication issues are caused by misunderstandings, misinterpretations, conflicting orders, or even technological problems caused by a communication outage, simply doesn t matter. To resolve this you need to ensure that you have established communication protocols within your plan and include what should be done when communication issues arise. Establish a protocol for when communications are down, who calls the shots and who takes ultimate responsibility. Also include how you should reestablish communications in the event of a communications outage. Multiple methods should be in place for communicating your message to employees, stakeholders, vendors and clients. However, you should also establish protocols for employees, key vendors, and key clients on how they should handle communications outages during a major disruption or crisis to your business operations. 2 Not Knowing Who is In Charge: When a crisis occurs at your company, who calls the shots? Is it the CEO? Is it the management team? Is it a previously defined crisis team? Now, who is in charge when is that person is not available? What if multiple people from a leadership are missing? Many businesses have some sort of formal proceedings for succession planning. But, what about during a time of crisis and several of the key people in your current succession planning are unreachable? Do you have a formal crisis response team authorized to make temporary key decisions to continue operations and preserve the business? Not knowing who is in charge can cause your business continuity plan to fail during a crisis and bring your recovery to a screeching halt. Define methods ahead of time to ensure that everyone knows who is in charge and when, once a crisis occurs. Copyright 2013 Continuity Co., LLC Page 4 of 9

3 Lack of Viable, Defined Contingency Protocols: Whether it is a power outage or a fire on premise impacting your business, decisions must be made. Often these type of decisions need to be made quickly. In many cases not all the information you want will be available in time to make these decisions. These situations can cause both premature and late activation of contingency plans adding to and or creating additional issues. To avoid these and other issues you should develop a defined set of protocols. Among these should be who can activate the contingency plan, when should plans be activated, should we have employees go home or stay, when do we bring up an alternate site or other contingency, what systems should be turned off or shut down and in what order. For instance a power outage lasting more than four hours may be a key indicator to send employees home. Loss of access to a main worksite may indicate an immediate need for an alternate worksite. Deciding on protocols ahead of time and updating them as needed, will reduce additional potential loss and disruptions to the business. It also reduces the concerns of key employees making a decision that may be incorrect. 4 Inadequate Risk Assessments: Another reason why business continuity plans fail is due to inadequate risk assessments. The name for this inadequacy is called the normalcy bias. The normalcy bias is when people or organizations fail to adequately estimate the occurrence or impact of a disaster. The failure to adequately assess whether a disaster might occur or the impact it may have on your business will most certainly cause delays if not failures to enact portions or all of your contingency plans. Many times risk assessments are not being conducted often enough. In some cases new and emerging threats are overlooked or missed completely. Interestingly, and this is my own observation, businesses often downplay risks that are associated from within their own industry, or an attitude of it won t happen to us or it won t happen now is taken. This can sometime be more dangerous than some outside risk factors. There is a number of things that can be done to address this. The best thing is a second set of eyes that reviews your current risk assessment. This can be internal or external, but it is my opinion that an external set of eyes looking in is the best way to address this. 5 Not a Fully Developed Program: Far too many organizations do the work to develop a plan, place it in a binder and stick it on a shelf. There it sits collecting dust until it is needed. Once it is taken down and opened it is too far out of date to be any good. Missing personnel, operational changes, new vendors, new applications, and processes are all inevitable at any business. Not taking the time to update or maintain your current plan just makes the whole thing for naught. Copyright 2013 Continuity Co., LLC Page 5 of 9

A business continuity plan is supposed to be a living document. Ever changing and evolving as your organization makes changes. In addition to the above issues, too many organizations make the mistake of having their business continuity plans focus on just business processes or on IT specific disaster recovery. Focusing on just these areas does not make for a complete business continuity plan. In addition to creating the plan itself, you need to develop an entire program around the plan. Who makes changes to the plan, who updates the plan, how often if at all do key people discuss the plan. 6 Not Sharing Your Plan: So you ve spent all that time and valuable resources developing your plan and everything looks great. You have plans for what your employees should do in certain situations, including protocols for communicating and many other potential issues. However, you ve decided not to share the plan with employees, vendors, key clients or other stakeholders. You may have the greatest business continuity plan but if you re expecting certain actions to be taken and the key people do not know what those actions are, all your planning efforts are essentially worthless. Yes, your plan may contain important and proprietary information, but certain information needs to be shared with the right people or selected groups. Let all employees know what is expected of them in a crisis. Inform key clients and vendors that you have a plan, and what they can expect. Key employees and other stakeholders may require additional recovery based information. This should all be a part of your planning process and hopefully part of a fully functional Business Continuity Program. 7 Unrealistic Expectations: Another cause for the failure of plans is unrealistic expectations. What exactly do I mean by unrealistic expectations? Well, this covers a wide variety of items and issues and each instance is unique. This may be best shown through example. For instance, your plans may have a recovery time objective of five or fewer days. In reality, your plan might include items that make this recovery time unachievable based on the dependence of vendors or other third parties that cannot meet these objectives. To expand on this further, say you have a vendor that will deliver data backups on tape to your location within 24 hours. First, is your location even accessible in that time frame? Do they have an alternate location they are delivering to? Can that timeframe be realistically met? Once the tapes are delivered, do you have devices ready to accept the tapes? If not, how long will it take to get the proper system delivered? System restoration from tape backup can take from several hours to several days. It is a slow process and inexperience in restoration from tape can cause further delays. Many other areas exist that can cause similar issues. From cable cuts and downed circuits, to employees expected to work from home unable to access the network or applications, to just expecting everything to go smoothly like it does during a tabletop exercise. Being truly prepared also means knowing what to do when things don t go as planned, use your plan as a guide not steps you follow in order. Copyright 2013 Continuity Co., LLC Page 6 of 9

8 Not Enough Exercising Of Your Plan: What is your answer to the question, how often do you test or exercise your plan? If it is once or even twice per year, I can tell you it is not enough. If you are doing only tabletop exercises it is also not enough. The only real way to obtain the real world practice you need for a smooth recovery is to drill, and drill again with functional exercises. Also, it is not enough for just your Information Technology teams to practice, but your leadership teams should drill, your emergency response teams should drill. They should each have their own separate drills, and at least once per year they should all drill together in one big exercise. If you don t take this approach I can assure you, recovery will take longer than you want and mistakes will be made that might jeopardize your recovery efforts. The more your teams practice the better they will become at restoring service and your operations. Handling issues will become easier and that rise as your employees develop confidence. One thing you can never tell before a crisis is how people will react. The more you practice, the better people will handle the crisis when it comes. 9 Inadequate Planning Specific to Your Organization: It is important when developing your plan to develop it with the specifics of your business in mind. Utilizing a template, software application or a plan specifically designed for another business and copying it for your plan is not sufficient nor will it work to recover your operations. Believe it or not this is a common practice in a number of organizations and industries. In many cases you might be able to utilize similar planning templates, risk assessments, and other general information. However when it comes to plan development, process development and fine details you ll need your own organizational information. Without which you will not be able to follow a plan through to complete recovery. 10 Utilizing a Device or Technology Promising to Deliver Business Continuity: Over the last several years many companies offer devices or technology promising to deliver business continuity. The biggest issue with this is there is no single technology that can offer true complete business continuity, especially on its own. Sure, there is technology for continuity of communications, continuity of data, but each is dependent on other technologies, power and having data connections. Not to mention that you can have the best technology and disaster recovery solutions in place, but if your people can t access it or use it, it does you no good. Business continuity cannot be achieved but through the inclusion of your people as well as your technology, processes and other elements. Do not believe that you can achieve continuity through technology alone. Copyright 2013 Continuity Co., LLC Page 7 of 9

11 Creating a Single Point of Failure: While we can t escape certain single points of failure, we must know they are there and have plans for what to do when they occur. This is an essential part of the planning process. Some of the worst single points of failure I have seen some organizations commit have to do with implementing business continuity and disaster recovery solutions that create more issues than they solve. Let me explain what I mean by citing some examples. The first would be to set up a disaster recovery solution for a critical process that resides in the same location. For instance I worked with one company that processed over $1billion dollars in transactions per year. They had their main and backup database servers not only in the same location, but in the same rack. At the time they had no off-site backup solution in place. We rectified the issue by adding an off-site, high-availability solution. The second situation involved a client who utilized a business continuity software solution. While there was nothing wrong with the software itself it has an option to store the plans electronically within the software. Since this was the case all the departments within the business kept no hard-copies or other backup copies of the plan. Believing that having all the information stored within the software application itself was completely safe to do. As a side note the application was having issues after an upgrade and was down intermittently for several hours each day for about two weeks. In this case the fix was as simple as storing hard-copies and additional electronic copies in the organizations EOC (Emergency Operations Center). When implementing a new solution, check for single points of failure and implement the necessary solutions so you do not end up in a situation where you can t recover. 12 Not Being Aware of the True Costs of Downtime: Far too many organizations do not know what the true cost of downtime is to their business. Some can estimate loss of income and losses in wages, but those are generally estimates and many other costs often go overlooked. The problem with this is the true costs can far exceed estimates and often leads to business closure due to heavy and unexpected financial losses. In addition this can lead to inadequate insurance coverage which can lead to penalties making an already bad situation worse. It is important for businesses to know what the true economic impacts of disruptions will be. Having this knowledge will enable you to best prepare for the impacts and set up the most appropriate contingencies. To assist businesses with these calculations we have also put out an app called the Cost of Downtime Calculator. It is currently available on itunes for the iphone, ipad, and ipod Touch. The basic version of this app is free and more comprehensive versions can be purchased. We also can develop and customize it specific to your business if needed. Copyright 2013 Continuity Co., LLC Page 8 of 9

Bonus Not Having Management Involvement: Perhaps the fastest path to a business continuity plans failure is the lack of support or involvement of the businesses management. Getting the involvement of the business owner, manager, or C-suite level for larger organizations is absolutely paramount to long term success. Thank you for downloading and reading our special report. If you need assistance with your Business Continuity or Related Recovery Programs call the experts at 1-877-565-8324. Copyright 2013 Continuity Co., LLC Page 9 of 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information