As someone who has been in the game too long to admit how long, I can assure you the rules of proper business resilience planning has NOT changed. The demands on the plan have clearly changed but not the need to have and maintain a plan. The traditional method of write-it-once, put-it-on-a-shelf and check it once a year is long gone.
Today, to meet the demands of the issues facing your business, the plan must be fluid and more importantly actionable.
For those who know me, I am a framework and patterns person. I see business challenges as repeatable patterns. To address this, I am a firm believer in building frameworks to address these patterns in an effective manner that can be actioned. See a Problem, Fix a Problem is my mantra.
Business resiliency is more than just a buzzword. Look at the sheer number of organizations today under tremendous stress for they did not have an adequate plan to execute. COVID-19 may be unique as a pandemic, but it is very similar in pattern to being denied access to your buildings from mould, vandalism, structural stress, etc. This is NOT to make light of how serious COVID-19 is. It is real, please wear a mask and adhere to public health guidelines.
For many years I have followed a methodology for business continuity. Over the years I have tuned it and tweaked it to meet the needs of the organizations I was engaged to assist. What I had found was if a framework was deployed and leveraged, responses to incidents become less stressed, more focused, and with a much higher rate of success. The post-mortems become, truly lessons learned and not “witch hunts”.
During any crisis, proper crisis management should be leveraged and that is a topic for another post. We as business leaders forget at times that to resolve a problem, we need to engage our staff. Our staff are humans that must be cared for and protected as such during a crisis. The mitigation of the issue becomes the focal point, then after it is resolved proper remediation needs to be engaged to improve the next response to an incident.
Now on to the framework. Refer to the graphic above as a guide.
Business Continuity Plan
The Business Continuity Plan is responsible for business interests as a whole entity.
The Business Continuity Plan is the overarching plan to support business interests. It covers elements of staff, buildings, communications, and stakeholders. The components of the BCP include.
- approach
- team compositions
- classification of business services
- physical addresses
- contact trees
- stakeholders
- communication plan
Before you declare a disaster, you refer to the BCP to ensure the executive team is engaged and an appropriate level of approval has been obtained. It can be as quick as a phone call or it may involve calling in financial and legal teams to confirm the severity of the declaration along with appropriate messaging.
The Business Continuity Plan also refers to business internal and external stakeholders.
Disaster Recovery Framework
The Disaster Recovery Framework is guided by the Business Continuity Plan and is the actual process to follow.
The Disaster Recovery Framework becomes the execution model for specific Disaster Recover Plans. It is a structured approach to defining the scenarios in both terms of impacted areas, and execution plans but also the definition of completion.
By allowing for a structured approach to recovery, your organization is well-positioned to have a consistent, measurable, and successful recovery from the many different types of technical disaster recovery declarations.
The goal of the Disaster Recovery Framework is to confirm what type of scenario has occurred. A scenario could be one or more of the following.
- Cyberattack
- Pandemic
- Weather/Environmental
- Fire
- No access to business
- Systems failure
- etc.
Scenarios
As part of the Disaster Recovery Framework, scenarios become the structured approach to a specific Disaster Recovery Plan.
The format of each scenario is consistent to provide for improved success while executing the specific plans.
The major areas of each scenario are;
- Description – A brief description of the event
- Scope – The definition of what is in and potentially out of scope for the event. This allows for containment for the recovery plans.
- Impacted areas – This is a comprehensive list of all applications and/or components involved in the scenario. Similar to scope but specific to applications and components.
- Impacted clients – Who are the stakeholders, action item holders, consulted with groups, informed groups both at the business and technical areas.
- Resources – Who are the resources both internal and external required to complete the plan.
- Recovery Overview – This is the high-level description of the major checkpoints during a recovery plan.
- Major recovery stages (Project Plan) – This is a breakdown of phases with associated tasks to be completed by the plan. It may or may not refer to technical recovery plans.
- Recovery success determination – What is the definition of success as it relates to the recovery.
Disaster Recovery Plans
The Disaster Recovery Plan is the actual plan to follow wrapped in a specific communications plan.
Typically, this is a formal document, but it can also be a digital tool that lays out the plan to be executed along with a communication plan to keep all stakeholders informed and engaged. I am a firm believer the plan should be digital and in the cloud. That way it is always current and accessible and more importantly, it can be audited.
The contents of a plan may look like the following.
- Control
- Introduction
- Systems and applications
- Execution Plan
- Milestones
- Work Instruction(s) to be followed
- Contact List
- Teams
- Results and Findings
Work Instructions
Work Instructions are very detailed instructions on the actual recovery steps for a specific application and/or component. This is the knowledge base to recovery from a component element all the way up to larger application functions. They may be a small or a very large document that is to be followed.
The instructions should be very complete and NOT rely on internal undocumented knowledge. These Work Instructions are reusable across many Disaster Recovery Plans for they are specific to applications and components. By leveraging a consistent method for these technical instructions, fewer errors are encountered, and a higher level of repeatable success is observed.
The work instructions are potentially used frequently by operations outside of a recovery process. These instructions need to be complete so the individual using the instructions has all they need to complete the task.
Recovery Flow
The recovery flow is as follows.
- BCP deals with the business
- DRF is the process to follow
- DRPs is the actual execution plan to follow
- Work Instructions are the actual instructions to be followed
Conclusion
Plan the work and then work the plan. Your plan is the guide to follow. The plan will likely need to change during the execution but not the need to have one. The Disaster Recovery Framework provides a process to follow to ensure all the needs of the business and its stakeholders are accounted for during a recovery event.
Tim Lalonde
Tim Lalonde is the VP of Technical Operations at Mid-Range. He works with leading-edge companies to be more competitive and effective in their industries. He specializes in developing business roadmaps leveraging technology that create and support change from within — with a focus on business process re-engineering, architecture and design, business case development and problem-solving.
With over 30 years of experience in IT, Tim’s guiding principle remains simple: See a problem, fix a problem.
Other Articles
Announcement: Service Express Acquires Mid-Range
December 19, 2024
Service Express, an industry-leading data center and infrastructure solutions provider, announces the acquisition of Mid-Range, a managed…
Job Opp: Senior Technical Specialist (IBM i)
November 21, 2024
Deliver technical support and services to Mid-Range Managed Services customer systems in accordance with their contracted agreement. This position…
Job Opp: High Availability Technical Specialist
November 21, 2024
Deliver technical support and services to Mid-Range Managed Services customer systems in accordance with their contracted agreement. This position…
Job Opp: Intermediate to Senior Technical Specialist (Expertise JD Edwards Development Tools)
October 16, 2024
Deliver technical support and services to Mid-Range Managed Services customer systems in accordance with their contracted agreement. This position…
Choosing the Right Path: VMware, Virtualization Alternatives, or Cloud?
October 8, 2024
The acquisition of VMware by Broadcom has introduced significant changes to the virtualization landscape, prompting organizations to reassess their…
7 Key Reasons Why You Need Veeam Backup for Microsoft Office 365
July 15, 2024
Discover the essential reasons why Veeam Backup for Office 365 is crucial for your business. Protect against accidental deletions, internal and…
The Looming Skill Gap: How IBM i Users Face a Retiring Workforce and a Talent Drought
February 9, 2024
Debunking common myths about cloud migration to unlock its potential. Simplified processes, robust security, cost savings, and performance…