Assessing Your IT Exposure
Few companies, of course, can afford the expense of complete show-up-and-start-working redundancy. Enter business impact assessment, one of the first steps in creating a business continuity plan.
In this processwhich could take a team of senior people several months to completea company prioritizes its systems and processes according to criticalness, and evaluates the effects of downtime for each. Such appraisals can be difficult, but a few standard rules existand they are getting new attention in the wake of the wholesale systems destruction caused by last month's terrorist attacks.
"The first layer [to address] is cash-driven," says Ric Hughes, head of IT architecture consulting at PricewaterhouseCoopers Americas. "Anything that affects cash flow and planning."
The second layer consists of large, enterprise resource planning systems; these are likely to run globally, and require great scrutiny to ensure that all of the network connections can be reproduced and that dependent applications still have access. Next are those systems that don't affect cash flow but are important to operations, such as e-mail.
Hughes also advises companies to research relevant Federal regulations for their industry, and not to overlook communications during an assessment.
"Having your financials on high-availability platforms doesn't help if none of your employees can access them," he says.
To help companies start the business continuity process, Baseline has created a simple worksheet for assessing the importance of corporate IT systems. The questions and weighting system are meant only to identify some of the key areas to address; each company will require questions and weights customized for its own business.
Contingency Planning & Management magazine's Web site offers articles, sample plans and vendor data. Registration is free.