While all businesses need to survive a future disaster and the problems that follow, it’s nearly impossible to predict when a disaster will happen. Businesses will often push cyber and IT security out as an optional expense with an attitude of “if it ain’t broke don’t fix it.” When the disaster strikes (and odds are increasing at a fast pace for both natural disasters and cyber attacks), don’t leave your business unprepared. Planning will help you respond quickly.
An important aspect of your IT and Cyber Security plan is to work with your IT security provider to complete a business continuity plan that includes a complete business impact analysis (BIA). Often, this is the first step to identify critical system and components that are essential to your organizations success. Key questions during the BIA include
- What are your critical systems and functions
- What are the dependencies related to these critical systems and functions
- What is the maximum downtime limit of these critical systems and functions
- What scenarios are most likely to impact these critical systems and functions
- What is the potential loss from these scenarios
Walking through these questions will help you identify key processes and dependencies as part of your overall disaster recovery and business continuity planning. Each step of this plan must satisfy two measurements: Recovery Point Objective (RPO) and Recovery Time Objective (RTO). RPO and RTO are measured in specific time intervals or number of hours relating to the loss of data and service time. It’s important to evaluate each system and application independently to ensure the best possible return on investment. You may need different arrangements for accounting data, your email access or files stored on a shared drive. The plan needs to be very specific and consider every detail of your business.
Next month’s ITEX 365 newsletter will continue this story, covering how long your business can be without service before you incur substantial loss.