By Paul F. Kirvan, FBCI, CBCP, CISSP
For small businesses, just as with large businesses, as an IT professional you want to protect the Big Three: people, process and technology. If any one of these is missing or unable to function normally, the business could be in serious trouble.
Let’s consider some tips and techniques for addressing all three from a continuity of business perspective. First, let’s look at people:
- Cross-train your staff so that if someone is absent, someone else can step in.
- Maintain an up-to-date list of all staff contact numbers.
- Program cell phones, Blackberrys and other devices with emergency phone numbers.
- Establish evacuation routes and post signs in the office showing their location.
- Establish primary and alternate assembly points for the staff to meet in an evacuation; this way you can determine that everyone is safe.
- Ensure that people can work from home, if their work requires it.
- Have two or more first-aid kits available.
- Ensure that employees are trained and certified in CPR and first aid.
Every business uses numerous processes to accomplish its mission. Some are manual and others are automated. Let’s examine these:
- For automated critical processes, such as order taking or service calls, make sure it’s possible to perform these tasks manually if the technology is disrupted.
- Simplify regularly used processes so they can be easily replicated at another location, if the office needs to evacuate.
- Ensure that critical policies and procedures are documented – either in written or electronic form – and stored in more than one location so they can be retrieved quickly.
- Ensure that emergency and business continuity plans are documented – written and/or electronic – and stored in multiple locations for easy access.
- Advances in technology make it possible to remotely manage business operations; be sure to have this capability if possible.
Finally, let’s examine some of the actions we can take to protect technology.
- Back up critical data files and applications and store these assets in multiple locations for easy retrieval.
- Install backup power systems, such as uninterruptible power supplies (UPS) and surge protectors; test them regularly to ensure they are working properly.
- Install IT systems in secure areas to protect them from vandalism and theft.
- Secure equipment racks to walls as well as floors to prevent tipping.
- Locate fire detection and suppression systems to optimize their performance.
- Maintain a supply of spare components, e.g., servers, routers, hubs, cable, connectors, power supplies, circuit boards.
- Utilize network technology to facilitate working from home in an emergency.
- Investigate available options to provide backup data center and data storage facilities.
- Prepare and document a technology disaster recovery plan to help recover disabled infrastructure assets and return to normal or near-normal operations.
- Update and exercise the disaster recovery plan periodically, especially when a change in technology occurs.
Paul F. Kirvan serves as secretary to the BCI USA Chapter.
With more than 20 years of consulting experience in business continuity and risk management for the technology sector, Kirvan has played an instrumental role in over two dozen comprehensive consulting projects for a variety of clients.