As CIOs work out their spending and strategies for the year, the annual review of the disaster recovery and business continuity plan will inevitably form part of a lengthy to-do list.
Yet with the ever-increasing threats from both natural and man-made disasters – from the devastating fires and flooding in California last year through to the recent impact of Intel’s chip flaw that opened the door to potential hacking – is there anything more that IT departments can do to perfect how their organization both prevents and reacts to business disruptions?
Surprisingly, more than 1 in 3 businesses admit they don’t have a disaster recovery policy in place, a figure that is even higher amongst smaller businesses where an estimated 3 out of 4 are reported to have no contingency measures at all.
With our increasing reliance on technology and the reluctant acceptance that most technology is vulnerable to potential downtime, the CIO or IT manager is the obvious choice of leader to take responsibility for the whole disaster recovery plan, whether it’s due to a technical problem or other factors.
The ripple effect of abnormal events not only affects the IT department, but can have serious repercussions on all daily operations including: financial management, customer experience, HR and workflow, etc.
Whilst CIOs regularly consult with other members of the C-suite on devising a risk management strategy, there are significant advantages to garnering the support of key employees across the whole organization, on a continual basis.
To ensure your disaster recovery plan anticipates every eventuality it’s essential to get ‘buy-in’ and input from all departments, so you can be confident that your plan is as informed, up to date and effective as possible.
Here are some recommendations on how to maximize the knowledge, creativity and strength you can draw from key players across the organization.
Produce a clear mandate
During ‘business as usual’, a robust process management discipline and a strong process culture provides a firm foundation for teams to document and develop new and innovative ways of working, and can help a company drive competitive advantage and innovation.
However, do employees know what processes to follow when the extraordinary occurs? Whether the Internet or phones go down, sensitive customer data is stolen, or severe weather stops them from getting into the office, clarity and communication of disaster recovery processes is just as important as the plan itself. Every member of staff needs to know when and how to trigger a disaster recovery response, as well as be aware of who else is part of the team.
Part of the CIO’s remit should be to oversee the design and build of processes that are easy and clear for all personnel to find and follow, every day. In a disaster situation it becomes imperative for staff to act with minimum delay, limiting the damage that could result from a disaster.
Build easy to follow checklists
One way of communicating unequivocally is to introduce simple checklists as advocated by US doctor, writer and speaker Atul Gawande in his book “The Checklist Manifesto”.
By getting the basics right, well-designed checklists have been proven to cut through unnecessary complexity and encourage transparency, leading to a 35% reduction in complications in hospital operations. These same fundamental principles can be applied to the corporate world where teams are responding to an emergency or extraordinary incident.
You also need to consider how and where to store this critical process information and make it easily accessible to all key staff.
Stage regular ‘fire drills’
Like most insurance policies you hope you’ll never need to claim on them, but you need to know that you’re fully covered. Regularly testing and modifying your disaster recovery processes will keep them up to date and make sure they work. Set up simulation exercises to rehearse what everyone’s roles are during a catastrophe.
With today’s accelerated pace of business change, a month-old plan may soon become obsolete. Organizations need to monitor changes in general circumstances like impending legislation. They also need to be sensitive to company or market-specific conditions such as when a key person leaves and joins a competitor, a laptop goes missing or perhaps a product needs to be recalled.
As soon as a new threat appears on the horizon it needs to be factored into the overall disaster recovery strategy immediately.
Crowd-source ideas and share responsibilities
With a collaborative and collective approach that encourages everyone to work as a group, it’s simpler to both create and follow agreed checklists so you can minimize the impact of unforeseen circumstances.
Employees on the front-line are often best equipped to advise on what level of impact disruptions may have on themselves and other departments. For example, the service manager can give the most insight on the scale of a spike in customer enquiries after your IP network goes down.
By leading the charge for a proactive, constantly-evolving approach to disaster recovery, CIOs can be confident that the entire operation is fully prepared and protected for when the unexpected occurs. Rather than panic-stricken employees bombarding you with support calls, instead there is state of relative calm as everyone already knows what they should do and can focus on executing an agreed plan.
Putting in the advance groundwork during quieter times not only leads to cooler heads during more turbulent times, but will also make a tremendous difference to your customers, employees and future business performance.