Technology Resilience and Business Continuity

Traditional business continuity management

Most organizations have business continuity management processes for ensuring that the business can recover from a severely disruptive incident. An effective process clearly defines the roles and responsibilities for those responsible for its oversight and implementation and the minimum requirements for compliance, including levels of Technology resilience to disruption and disaster recovery capabilities.

A well designed and well defined process is supported by effective and tested procedures and arrangements that are in place to enable the organization to respond to, continue through and come out of any incident that may severely disrupt its ability to provide the normal level of service to its customers and stakeholders. These procedures and arrangements are the basis of the organization’s technology resilience.

Technology resilience

Technology resilience is defined as an organization’s ability to maintain acceptable service levels through, and beyond, severe disruptions to its critical processes and the IT systems which support them. The question that needs to be answered is, "What the enterprise has to do if technology fails?"

By understanding the seven (7) following factors C-level executives can get a clear grasp of what their enterprise's technology resilience is. They all have to be included in a technology resilience planning process.

1. Awareness is having the knowledge of what the normal business operation requirements are; what dependencies there are on technology; knowing what the criticality of various technology system components and elements are, and the minimum acceptable operational levels and service levels. There must also be an awareness of the recovery requirements in terms of time, system capacity, and performance in the event of severe disruption to, or failure of, IT systems supporting the business processes. These should be identified by an effective business impact assessment/analysis (BIA).
2. Protection is more than having physical and system access and security controls. It also means reducing the risk of system failure, e.g. removing single points of failure.
3. Discovery is to know when a failure occurs. The use of effective means of alerting to problems enables the IT group to understand and address problems before they result in severe disruption.
4. Preparedness means having specific action steps and plans in place to address the effects of a disruption.
5. Recovery focuses on returning services and operations to business as usual levels within defined timescales and with minimal acceptable data loss following an event causing disruption or failure. This will only be achieved by having an effective and tested recovery plan which meets the business requirements in place.
6. Review and Assessment are essential for every technology resilience program, and include post-incident reviews to identify the root causes of disruptions. It is a continual process that aims to enable the IT team and the business to understand potential issues and to assess and implement preventative actions to remove, or at least mitigate, the risk of severe disruption.
7. Improvement is the process of taking the knowledge gained from all the above and taking steps to improve systems and increase resilience and continuously refine disaster recovery and business continuity plans.

It should be noted here that most, if not all, the information required for the above to be achieved successfully will come from effective business impact assessment/ analysis and risk assessment.

Business Continuity Planning Template comes in multiple versions

Order DRP BCP Template  DRP BCP Sample