Quick question: does your IT department have a business continuity plan? If you don’t or, even worse, if you’re not sure then basically you are going to eventually lose your job. How many of us work in a building that at least once a year has a fire drill? We all look around, stand up and go outside where we mill around for 15 minutes before they let us back in the building (except for those folks who use this as an opportunity to take off for the rest of the day!) Gosh, if we are willing to do that much work to prepare for a fire, shouldn’t we doing at least as much to prepare for something happening to our IT systems?
I suspect that if you talk to any firm that works in New Orleans or New York City, they probably have a IT business continuity plan – they’ve learned the hard way just how valuable one of these is. Now for the rest of us, what are we waiting for – the eventual arrival of Bird Flu?
Once of the big problems that IT has is that we never remember to budget for a disaster plan. It turns out that these things actually do cost money and they take time and planning to put in place. We end up buying more boxs, wireless access points, and PDAs and then the money is all gone and we still don’t have a disaster plan.
So how should an IT department go about creating a disaster recovery plan even if they have very little funding? Simple, assign responsibility to a group of IT staffers and then give them an outline of what they need to create. What they basically need to do is to identify all of the IT processes that your department uses to run the business. Next, they need to prioritize which ones are critical and MUST NOT GO DOWN, or at least need to be the first ones to come back up. The result of this type of internal inspection can be quite surprising. More than one firm has come to realize that the processes that they thought were mission critical were instead nice to haves and the processes that they had not been paying attention to were in reality the ones that they could not afford to do without.
The difference between a disaster recovery plan which everyone gives lip service to and a business continuity plan is that you can take months or even years to implement a disaster recovery plan. However, an IT business continuity plan tells you what you are going to be doing in order to keep the firm’s doors open the day after a disaster strikes. In other words, it deals with a much shorter timeframe. In these darkest hours, everyone in the firm is going to be running around trying to figure out what to do. This is the time that a CIO and an IT team that has planned ahead can really shine.
Everyone will remember you if you have a good IT business continuity plan. Oh, and they will REALLY remember you if you don’t…!
Does your firm have an IT business continuity plan? When was the last time that you tested it? Is it a “living document” or does it sit in a binder on someone’s desk? Leave me a comment and let me know what you are thinking.