Friday, January 4, 2008

Business Continuity Planning

Natural disasters like Katrina and the recent fires in Southern California have underscored the need for business continuity planning. According to U.S. government agencies, up to 40% of businesses fail to reopen following a disaster.

Management has a responsibility to recover from such incidents in the minimum amount of time and the least amount of disruption to the business as possible.

Business continuity plans (BCP) are required to ensure that key business functions continue operating in the event of an emergency - not just IT systems. It is the responsibility of each division manager (HR, Customer Service, Manufacturing, etc.) to own and maintain the BCP as it applies to personnel, processes, and business operations within their areas of responsibility.

Business continuity planning has 5 major elements:

Business Impact Analysis and Risk Assessment
Recovery Solution Planning
BCP Testing
Maintaining the plan

An essential element of BCP is the business impact analysis and risk assessment. If this first step is not completed properly the rest of the plan is likely flawed. Business impact analysis and risk assessment involves the process of identifying the critical functions necessary for the organization to continue business operations, assessing potential risks to the organization, defining and measuring controls in place to reduce exposure, and evaluating the cost of such controls.

Recovery solution planning takes into account attributes including the number of locations, distribution of personnel, nature of business, interdependency of processes, disaster scenarios planned for, and requirements for alternative sites. Minimally, your recovery plan should cover personnel, payroll, Accounts Payable and Receivable, and shipping.

Step three is implementation. It includes training the response team, preparing the documentation, collecting and storing supplies, creating emergency authorization procedures, and preparing the alternate work site. Basically, you’ll be doing everything in preparation for executing the next step - testing the plan.

Testing the BCP is often viewed as too much of a disruption to business to be valuable. If you think testing is too much of a disruption to your business, imagine the chaos, impact on customers, shareholder and public opinion, and impact on revenue when you encounter an event that you aren’t prepared for. Testing your plan ensures that your solution assumptions are correct, that the plan doesn’t have operational gaps, and that you have practice at managing through an event.

Businesses aren’t static and neither should be your plan. As your business evolves through mergers and acquisitions, new products, and new suppliers, your BCP should also evolve. Maintenance of your BCP is critical to how well your organization is prepared to handle the inevitable.

Additional resources:

About the author
Rocky Vienna, CISA, is President and Founder of the Vienna Technology Group, LLC. Vienna Technology Group is an IT management and business consulting firm focused on IT Governance, Strategic Planning, IT Compliance, IT Outsourcing, and Business Continuity Planning.

Calling all IT managers, one new thing to add to your list of responsibilities... Surveillance!

Written by: Ryan Peterson, Director of Intelligent Facility, DSW

If you were like me, your world revolved around networks, servers, and the security of those systems. But then the world decided to start converging all of those systems to one cable wire, so we added a new responsibility called VoIP. That ship has sailed and if you haven't been on it, you are missing out on application convergence...very cool stuff...

But now, post 9/11 mentality has brought out major concerns about corporate security which was once a problem only regarded by federal government and defense.

So what now, new names enter the market that you and I have to begin thinking about and talking to. Names like Pelco, Bosch, NVT, Sony, Panasonic, and milestone to name a few with products like IP cameras, Megapixel cameras, matrix switches, baluns, and Digital Video Recorders (DVRs).

If you’re not used to questions like; A). What lens will give me the right clarity for this distance? B). What is the difference between identification placement vs. overview placement, or C). What the process is to get text to overlay on the video, or next to it? Then this new game might stump you... Or at least add a new area to study up on. Either way, expect to start working with your company's security department a lot more.

This might be a good time to announce what DSW is doing to join this conquest. DSW has added an Intelligent Facility practice to our list of offerings. Over many months of planning, hiring the right team, training with the right vendors and doing all of the heavy lifting of research about all of these products, we are now 1 of very few companies certified to sell Cisco's Physical Security products, and coupled with the correct cameras, we can bring to life the best in high quality or low-cost depending on your needs.

It's time to start thinking about how surveillance is going to impact your network, because it will. Quality of Service (QoS) is a main concern as is bandwidth and DVR placement. To learn more, contact your DSW representative today and we will schedule a no cost consultation.