Business continuity planning isn’t not the sexiest of tasks for people in IT, but if a disaster strikes and there’s been no planning, it can make the headlines.
Despite the implications of not having the right solutions in place (and the Y2K preparation done several years ago), a survey released at the end of March shows that nearly a third of the medium-size businesses surveyed don’t have a business continuity plan.
The survey, commissioned by Hewlett-Packard and conducted by GCR Custom Research, shows that 18% of large organisations surveyed — and 31% of medium-sized businesses — don’t have a business continuity plan (BCP).
HP says the common obstacles cited were things like securing the finance necessary, a lack of buy-in from management, as well as “critical problems that lie in the nuts and bolts of planning and implementation”.
The top obstacle, according to survey participants, was the lack of an agreed technology solution. Others included not having enough time to implement it, a lack of data to create a true business case for implementation and inexperienced internal resources.
However, the survey also found that more than 80% of those surveyed viewed business continuity and availability as an increased priority for this year and most were planning to spend more on it.
HP says overall, the results show a shift to a strategic approach for many companies which traditionally have taken a reactive approach to unplanned downtime.
“In today’s global marketplace, any amount of downtime can be devastating, if not terminal, to a business,” says HP business continuity and availability solutions worldwide director John Bennett.
He says there is a “dramatic” return on investment when companies build a sound business continuity plan.
Writing on Computerworld.com, Virginia Robbins says that working on business continuity planning is unappealing because it’s human nature not to think about the problems that could occur.
“And when you start singling out what parts of the business may fail, you have to admit to the weaknesses in the people, processes and technologies that you rely on every day. It can make you feel insecure — who needs it?”
She says it can also be hard getting funding for BCP projects because projects which directly make money (through increased sales or decreased costs) are more appealing.
She says a better alternative to manufacturing a disaster to prove a point is to show how BCP can save money.
“You can do this by calculating your revenue losses for the most likely natural disaster outage and documenting how your key customers and their businesses would be affected.”
Convincing the powers that be of the need for a BCP is obviously crucial, but sometimes it’s getting buy-in from non-executive employees that’s the problem, writes Shamus McGillicuddy on SearchCIO.com.
He interviews experts who say busy people find it hard to find the time to address business continuity when there are other critical issues fighting for their attention.
In an article on CIO, Carrie Mathews outlines some best practices for BCP from members of the CIO Executive Council.
She says “business continuity is not about IT, it’s about the business”, so someone from the business should be the owner “of this significant undertaking”.
However, she says coordination should stay with IT, providing templates, reviewing the plans and coordinating overall processes.
Mathews also recommends that business members be encouraged to understand and document core business processes. “It’s hard to write a business-continuity plan if you don’t understand all the details of your business.”
Process improvements should be made where necessary as part of the plan and plans should be tested before a disaster strikes, she says.