What Companies Must Do to 'Keep the Lights On'By Bob Violino | Posted 2015-11-03 Email Print
WEBINAR: On-demand webcast
Next-Generation Applications Require the Power and Performance of Next-Generation Workstations REGISTER >
A comprehensive business continuity plan involves technology, processes and people, and it's essential to keep customer trust and avoid financial losses.
A comprehensive business continuity (BC) plan is a must-have for today's enterprises. Keeping operations going after a natural disaster or other event is paramount to keeping customer trust and avoiding financial losses.
"Today, customers have less and less tolerance for any kind of business disruption," warns Stephanie Balaouras, vice president and research director, Security & Risk, at Forrester Research. "They don't care if it was extreme weather, a supply chain issue, cyber-attack or IT failure that caused the disruption. They expect to be able to engage with your business 24X7, and they expect that most mature enterprises will have a solid business continuity plan in place."
Downtime or any major business disruption isn't only about the immediate lost or deferred revenue and the cost of recovery. "It's about the long-term damage to your brand, your trusted customer relationships, and your ability to win new customers and retain and grow existing customers," Balaouras adds.
DLL Group, a global financial solutions provider with partners around the world, created a comprehensive business continuity management (BCM) program in 2009 to replace a decentralized program in which its headquarters and most of its 35 global offices had their own BC plans that were mostly IT recovery plans. They had no real contingencies for business continuity in the event of a disaster or other work stoppage.
"We wanted to change the thinking that disaster recovery was synonymous with business continuity," says Nancy Valente, global business continuity manager at DLL. "Therefore, we separated business continuity—plans specifically about business recovery—and called the IT recovery portion Technical Recovery. BC and TR come together for testing or in a crisis event."
Launching a Business Continuity Plan
The company, a fully owned subsidiary of Rabobank Group, launched a business continuity management strategy that included the BC and TR elements, with TR managed by corporate IT. In terms of IT infrastructure, DLL has twin data centers in the Netherlands where servers and applications are housed to support all countries. Data between the data centers are replicated synchronously for high-availability applications, Valente says.
In the BCM strategy, which is overseen by Valente, each of the 35 offices is responsible for appointing managers who facilitate the planning and testing of BC and crisis management based on the priorities and needs of the office. Larger facilities whose operations have a bigger impact on DLL's business have more extensive plans than do smaller offices, she explains.
The offices, which also have business continuity coordinators who report to the managers, are expected to fulfill the BCM annual activities and to test their plans at least once a year. The offices "document their critical business functions and identify the key components supporting their functions, including people (the roles that perform the function or are key to that function) and technology," Valente reports. The BC manager or coordinator position is a part-time role on top of regular responsibilities.
Valente is responsible for annual BCM planning companywide, including the implementation and budget for the global BCM software and emergency notification software the company uses as part of its strategy.
The BCM software, provided by Strategic BCP, is used to create the various plans. The emergency notification software enables the company to choose a communications method— email, texting, phone or other means—of getting in touch with employees in a crisis.
"We train people who play a BC role to use the software, as well as how to exercise their plans," Valente says. "We have a BCM policy that describes the 'what' and a BCM process document that is more about the 'how.'"