Those professionals who deal with your disaster recovery plan and business continuity plan on a regular basis surely know we are living in interesting times. But how many executives and CIO’s are viewing current events and the shifting landscape of threats through the prism of their organization’s disaster recovery plan or business continuity plan?
Disaster Recovery – Having the Wrong Focus
I think most people incorrectly equate a business continuity plan with a disaster recovery plan. Regardless of people seeing them as the same thing or as distinctly different, most people still think the business continuity plan and disaster recovery plan as being those things we use when there is a catastrophic failure in the data center – something IT has to do. That applies to most CIO’s and most IT professionals and we have only ourselves to blame for it.
In our desire to win support for our disaster recovery plan and to secure funding for offsite recovery contracts or the new data storage architecture and hot site to self-perform a disaster recovery we oversold the idea of data center failures and loss of site catastrophes. We neglected to educate our organization on the full range threats from natural, human, and technological sources.
Today’s Threat Sources
So we often find our disaster recovery plan fails to contemplate the growing risks of civil unrest or widespread protest in our cities or around the world which might impact business. Even a state and municipal budget crisis can produce threat scenarios that can be disruptive and warrant consideration. Consider this, what if Occupy Oakland does pull off a widespread regional protest and walk-out of municipal workers on November 2nd?
We don’t realize our business continuity plan doesn’t adequately address the growing vulnerability from a global supply chain or manufacturing operation until it’s too late. So record flooding in Thailand forces us into crisis mode when we realize the connection to our business (Honda cuts production and PC production). Similarly, the real risks to key vendors’ supply chains affected by Mexico’s drug violence remind us our vendor management program hasn’t helped us avoid this critical vulnerability.
We realize our business continuity plan is unprepared for large regional weather disruptions to commercial power and its effects on our workforce. Or perhaps we learn it has had an impact on the workforce of your new SaaS application running in the cloud. This kind of disaster scenario isn’t limited to this weekend’s snowstorm given we have had 11 multi-billion dollar natural disasters in the US this year (floods, tornadoes, hurricanes, earthquakes).
Business Continuity – The Broader View
Every organization, lead by their CIO and senior executives, needs to refocus their disaster recovery plan and business continuity plan by actually broadening them. Today, functional managers must be prepared for everything from a failure of VDI to a natural disaster half way around the world. But instead of modifying their business continuity plan for each threat scenario, they should instead contemplate what the threat source represents in terms of its effect.
Business continuity plans should more generally address scenarios that play out as loss of supplier, loss of access, or loss of site and so on. For public organizations and some non-profits, the business continuity plan should contemplate loss of funding scenarios for major budget cutbacks or other causes.
In the end the idea is to have contemplated in your disaster recovery plan and business continuity plan the broad range of scenarios so you are prepared to adjust your operation with whatever presents itself.