business continuity planning guide
DESCRIPTION
This documents provides helpful tips to nonprofit and higher education organizations regarding disaster preparedness and business systems continuity. It is only a guide and should not substitute comprehensive business continuity planning.TRANSCRIPT
An Insurance Policy for Your Organization
For additional information, please refer to the following resources:
http://www.ncsu.edu/ehs/BCP/pandemic/
http://provost.uiowa.edu/docs/reports/PanFluResourceKit.pdf http://www.continuitycentral.com/
http://www.csoonline.com/article/204450/Business_Continuity_and_Disaster_Recovery_Planning_The_Basics#1
http://www.londonprepared.gov.uk/businesscontinuity/makingplans/big.jsp http://www.londonprepared.gov.uk/businesscontinuity/
Business Continuity Planning:
Disasters happen all the time.
Whether it’s a fire, flood, or some other natural disaster, you need to be prepared. You know the statistics about organizations that face a disaster; according to the U.S. Department of Labor, 40% of businesses never reopen
after a disaster. So, what can you do to avoid becoming a statistic?
The answer is obvious, prepare!
Disasters don’t have to be devastating. Here are 6 general steps to help you prepare for the next one.
1. Identify and evaluate business requirements.
• Employees/volunteers
• Location
• Technology infrastructure
• Services you provide
• Time sensitive processes
• Special equipment
2. Protect your data.
Do you perform nightly backups? If you know a disaster is coming, you should back
up your data more often.
3. Analyze possible threats and risks.
Both internal and external. 4. Document the BCP and educate staff. 5. Test the plan. Test Everything:
• Your Staff
• Hardware
• Software
• Systems
• Services
• Processes
• Procedures
• Security, etc.
6. Re-evaluate and update your Business
Continuity Plan each year.
Think of a Business Continuity Plan as an insurance policy!
Business Continuity Planning is all about preparing your organization for the unexpected disaster, so you can
continue your normal operations as quickly as possible.
First you must know exactly what you’ll need to make
that happen. Identify all the business requirements and
rate them in order of importance. Keep in mind the
many different types of disasters and how each one
may have an impact on your organization
Analyze the requirements and the resources necessary
to fulfill the requirements and maintain operations from
a secondary office space or from home. Can any processes be put on hold, and how do they affect your
overall operations?
Data backups should be performed nightly to ensure your data is always up-to-date. Backup files should be
stored off-site in a secure location, preferably a secure
data center with redundant power supply. Without the
key information your organization relies on every day, there is little hope to recover from a disaster.
Disasters can come in many forms, and your
organization should be prepared to handle each of them in a different way. E.g. How you manage a natural
disaster like a tornado should be different than how you
handle a health crisis.
Risks may include operations performed by just one person with the necessary skills and knowledge. What
will you do if that person is unavailable? While
developing a BCP, it’s a good time to perform a Security
Audit to evaluate all your security risks.
Having a well thought out BCP is a good start, but it
won’t help you recover from a disaster if your staff isn’t
well informed. An educated staff will be more likely to buy-into the plan, and they will be better prepared to
enact it if disaster strikes.
Communication with your staff is key. They should be educated on the Business Continuity Plan well before
disaster strikes as you will not have time and may not
have the communication resources to do so afterwards.
Inform your staff what needs to be done and what skills
are required for a particular task. Do not, however, try to
tie a staff member to a particular task in the event that
some of your staff may not be available if the disaster is
widespread.
You don’t want to find out after a disaster that something
in your plan was incomplete. Testing the plan helps you
work out the details that might otherwise be forgotten.
Testing should be conducted on every area of operations
for your organization—not just the technical aspects. Be
sure to test everything. Adjustments should be made, and more than one test may be necessary.
Changes should be communicated to your staff. And
don’t forget to educate new staff as they come on board. Your BCP should be re-examined on an annual basis
since technology, staff, and procedures may change.
Related Issues to think about
While there are many technical aspects to recovering from
a disaster, there are also a number of other related details
to think about. Such as:
• Who has authorization to purchase new equipment
for emergency needs?
• What processes do they need to follow?
• How will you notify your staff (both internal &
external)?
• How will you communicate with those you serve?
−−−− Donors
−−−− Students
−−−− Alumni
−−−− Board members, etc.
Technical Aspects of Business Continuity:
Any Business Continuity Plan is going to center around
your organization’s technological resources. These
include not only hardware and software, but also your human resources to get the technology back up and
running.
A thorough Business Continuity Plan should include updated configuration diagrams as well as the names and
contact information for your technology providers.
• Software applications
• Phone systems
• Hardware
• Telecommunications services, etc.
The BCP should include details on what needs to happen, in the order it needs to happen, and how it will all get
done.
• Network set up: security, redundancy, etc.
• Server set up and configurations
• Load operating systems
• Install application software
• Restore data
• Synchronize database
• Make configuration changes
• Perform follow up checks
• Open service to users
• Set up phone system (if you’re out of your offices for an extended length of time)
• Data backups
• Power backup: UPS, backup generator, etc.
• Document management
Keep in mind, your staff may not be available to help.
Store contact information for several organizations that
may be able to help if you’re short-staffed.
While it’s impossible to anticipate every possible disaster that could affect your operations, having an overall Business Continuity Plan will ensure your staff is able to deal with it in a planned, organized manner. It will help you recover more
quickly and reduce the impact of the disaster on your organization.