The plight formerly-known-as recovering from disaster

"Recovering from a disaster", whether that's a full scale fire or flooding, or just "I've lost my emails", has had 'positive spin' applied to it in recent times and is now conventionally known as Business Continuity. However, the appliance of a little jargon has spawned a whole industry, not to say more than its fair share of acronyms (Business Impact Analysis, Maximum Tolerable Period of Disruption, Recovery Time Objective), turning into a science and even an art according to some claims.

The result is that, at one end of the staff spectrum, there are people who think that knowing where to stand for the fire drill and having heard vague mention of the term 'backup' means that all eventualities are taken care of and everything in their world of insurable disasters is rosy. At the other end, those tasked with actually putting practical plans together are swamped in paperwork and feel intimidated by the monumental size of the job they have taken on.

Planning to plan

The arrival summer (will it ever?) is a good time to look at risk when in-house activity has slowed a bit and calls on IT support time have calmed a little, before the surge in the Autumn when activities start hotting up.

What's needed is a general feel for how much exposure the entire enterprise has to the big day-to-day risks and a plan to take appropriate evasive action.

For instance, if your electricity is really unreliable and subject to failures, some negotiations with the building supplier are in short order and the odd Uninterruptible Power Supply box may help alleviate things short term. Such units have dropped in price and for many have averted the loss of their only router following a lightning storm. However, if it's district-wide, then you can try tackling the electricity supplier, but the ultimate solution may simply be a move. Likewise with anything where evacuation becomes a distinct possibility, such as flood-risk areas.

With the 'pure IT' side, a lot can be implemented relatively inexpensively with doubly-redundant backups, off-site measures, email re-routing in case of ISP failures and ditto for that all important Internet connection. Even entrenching the idea of regular document saving as a staff policy is a simple step forward.

Rest easy, not die hard

Secondary effects to consider further down the line revolve around whether a risk will exacerbate itself. Is your building of a nature such that power failures will plunge you into darkness, cut all the phones off and irrevocably lock the doors? It's not exactly a Die Hard scenario, but it could easily become Suffer Uncomfortably And Unnecessarily For Longer Than We Expected, a film which unaccountably recorded fewer successes at the box office.

Any process like this inevitably asks more questions than it answers, since each situation requires tailored solutions, but our Risk Assessment in a nutshell document is provided as a quick-read template to cover most of the bases, even if it's just to weigh up whether the process will be a fast jog or a long slog for your size of organisation.

Whatever the outcome, you'll at least feel better with a little knowledge under your belt and, most importantly, having made a start.

Contacts

• Risk Assessment in a Nutshell - a template for download in Word .doc format from our Documents & policy section

• What if you lose it all InfoBulletin January 2001

• Does a second ISP guarantee your Internet connection? InfoBulletin December 2006

• How Prepared Are You? - Business Continuity Management Toolkit PDF, from the Government site preparingforemergencies.gov.uk

Learn more about disaster recovery.