The SME’s guide to business continuity planning

business continuity planning

It’s no secret that today’s fast-paced world is driving demand for ‘always-on’ services amongst businesses and consumers alike.

However, in addition to being ‘always-on’ and keeping things running in the present, businesses of all sizes must be prepared for unexpected future disruption. From the technological to the economic or logistical, businesses face a variety of threats of disruption, each of which must be incorporated into the business’ contingency planning – otherwise known as Business Continuity (BC).

Mark Wass, Director, Sungard Availability Services explains that BC planning is now high on the agenda for organisations: in October, the NHS booked hotel rooms for patients as part of its “worst case scenario” contingency plans for Brexit, while in the same month, Goldman Sachs set up a disaster recovery trading floor in a WeWork office in central London to enable the bank to continue operating in the event of a major incident.

These examples may give the impression that BC is strictly within the remit of large organisations only. However, in the era of digital business, it’s clear that regardless of your size or who your customers are, it is now imperative to deliver uninterrupted service 24 hours a day, 365 days of the year.

Don’t let size determine BC priorities

As any company (large or small) which has suffered a service outage will contend, the ability to absorb the shocks of disruption and be resilient regardless of circumstance can make the difference between a business that flourishes and a business that flounders. However, small and medium sized enterprises (SMEs) often deem Disaster Recovery (DR) solutions – such as datacentre co-location or server and networking back-ups – too expensive to core operations to fully invest in. Instead, they often settle for what is perceived to be a cheaper, DIY cloud-based platform approach and then assign responsibility for its management to a single individual.

However, an organisation’s core IT infrastructure will be and hugely complex regardless of the size. Even the smallest businesses will find the consequences of disruption become compounded when seemingly esoteric questions are left unanswered: Where are the independencies in the network map? Which applications are hosted in private and public cloud environments? Is the data stored in the cloud protected from corruption or from being blocked by a malicious third party?

With its central role in the basic functioning of all the operations of a modern organisation, from automating payroll to ensuring security, the continuity of IT infrastructure is simply too fundamental to not adequately ensure. Formerly the remit of IT teams alone, knowing the answers to these complex technical questions is now a strategic business imperative. The responsibility for the continuity of core IT must therefore be readily available and proactively shared amongst a number of key stakeholders within the organisation, benefitting both the business and the teams that it comprises with a faster and more accessible route to recovery.

Common DR/BC misconceptions

SMEs may think that, by sheer balance of probability, organisations with a larger IT footprint have a greater chance of one of their systems failing. In reality, an organisation’s scale should never be conflated with its vulnerability to disruption.

In fact, the scale of IT can actually be a boon to an organisation’s BC capabilities via the greater capacity to divert essential operational processes away from affected systems to subsidiary infrastructure.

This goes right down to the operating capacity of individual tools, with a recent report finding that medium-sized datacentres will experience over three downtime events each year, with each lasting over 3.5 hours on average.

There is also the belief that, if the office and/or core IT is hit by disruption, workers can simply log on from home or other remote locations via the organisation’s cloud environment. However, this creates two problems.

Firstly, how can staff work remotely if laptops and/or other resources are left in an office which is no-longer accessible? Secondly, if staff either have their work laptops or can work from their own personal computers, how can the security of data be effectively ensured when using devices or networks separate from core IT?

The most effective way to reduce the impact of a workplace office loss is to instantaneously pick up the whole thing – people, information, management, support structure etc. – and transplant it somewhere else that is equally easy to get to and has the same feel and culture as the original. By taking a holistic stance and incorporating point business continuity solutions such as workplace and IT disaster recovery into a larger resilience strategy, organisations can ensure that the loss of a workplace becomes a minor operational blip as opposed to a full-blown disaster.

Combatting disruption in 2020

Ultimately, SMEs need to be aware of the cross-over between the resilience of IT systems and the resilience of the business overall. With the right combination of having the right DR tools, planning for a diverse set of contingencies, and sharing the burden of knowledge relating to the ins and out of IT infrastructure, SMEs can take the first steps toward ensuring overall resilience and availability of their products, services and operations.

A comprehensive business risk assessment conducted at regular intervals is key to gaining access to the information organisations need to reduce downtime during periods of disruption.

Assessments help identify needle-in-a-haystack components which can quietly take down entire systems, calculate recovery time, and outline the method and objectives of recovery efforts. At the end of the day, regularly testing these small but vital aspects of business operations can be a far cheaper alternative to ad-hoc recovery efforts, which may not succeed in the first place.