Clearview Global - Focused Performance. Clear Results.

BCDR:  It’s a big acronym where business comes first

by Ron Williams, Clearview International LLC  Managing Director

Business Continuity and Disaster Recovery is a hot topic today.  And rightly so.  As the Insurance Information Institute notes, the number of declared major disasters doubled in the 1990s compared to the previous decade.  When adjusted for current dollars, the top ten most costly catastrophes in US history occurred since 9/11/2001.

In the decade of the World Trade Center disaster, we’ve witnessed significant upheavals in actual disasters as well as the threat of disasters.  They come in the form of hurricanes, terrorist attacks, blackouts and brownouts, floods, ethics violations, and system failures.  Government has responded with increased regulations and compliance directives:  Sarbanes Oxley, HIPAA, FFEIC, and more. 

Forrester counsels that many of these regulations mandate a company or organization present proof of disaster preparedness to auditors, industry authorities and government agencies.  Proof can’t be a simple insurance policy or an ability to recover from a one-time event, but a disaster recovery framework that sets standards for refreshing business impact analysis, risk assessments, developing thorough plans, testing plans, training employees, keeping plans updated and reporting meaningful metrics.

It’s a tough world today—even for executives

There are many ways to approach BCDR, and there are many decisions to make.  The SEC prohibits making false or misleading statements about internal operations.  Sarbanes-Oxley section 404 requires that enterprises have a security policy and classify data for security, risk and business impact.

Executive and board-level decisions made incorrectly, could mean liability lawsuits.  Disaster Recovery Journal notes, “Senior management decisions don’t have to cause the damage for senior management to be sued, however even if the directors’ and officers’ decisions are exonerated, the company may still have to bear the cost of legal defense.”  That said, can you still afford to look at BCDR as an IT plan?  No.  While IT is absolutely mission-critical to the BCDR plan, it’s the mission of the business itself that should prioritize, align and manage the continuity and disaster plans on an ongoing basis.

What’s your mission?

For most businesses, IT isn’t the mission today or during an emergency.  For grocery stores it’s keeping the community fed.  For hospitals, it’s about saving lives.  For banks, it’s about keeping money flowing.  Granted, there are significant and complex IT plans to support those missions, but maybe IT doesn’t have to recover everything as priority-one, but just those very important things to support the mission.  So how do you assess priority?  By integrating the BCDR plan in with the executive direction of the company that is managed through governance, risk and compliance.

Governance, Risk and Compliance

By looking at BCDR from a governance, risk and compliance standpoint, executives can more easily and quickly gauge and rank the elements critical to maintaining the business mission throughout any kind of disaster.  They can weigh the business’s core mission and risk tolerance against three objectives:

·         To keep the business alive and the brand thriving

·         To minimize the cost of getting back to normal

·         To maintain compliance with regulators

Align that with your core services and your core business processes, and you are on the road to creating a BCDR plan that really does put business first.

The Hard Facts

“A company denied access to mission-critical data for more than 48 hours will be out of business within one year.”—DisasterRecoveryPlanning.org

“93% of companies that lost their data center for 10 days or more due to disaster filed for bankruptcy within one year of the disaster”—National Archives and Records Administration

“25% of all companies that close due to disasters—hurricanes, power failures, acts of terror and others—never reopen.”—Institute for Business and Home Safety

“Every year, hundreds of businesses that carry adequate insurance against direct property losses fail because they are not insured for indirect losses.  After 9/11, 33% of dollars paid out for commercial claims were for lost income and extra expense claims for getting business back on track.”—Insurance Information Institute

“92% of respondents said it was very important or somewhat important for businesses to take steps to prepare for a catastrophic disaster; but only 39% said their company had a plan in place.”—Ad Council.

Ron  Williams is the managing director of Clearview’s Consulting Services Line of Business; focusing on business and IT strategy, business process improvement, and applications selection, implementation, and integration. As the lead strategist, he co-developed the IT outsourcing "go to market" plan for both MCI Systemhouse and Bell Atlantic Business Systems Services. Mr. Williams has extensive call center, data center, and infrastructure management experience. During the past 15 years he has become a thought leader in the area of applying business and IT integration to CRM, ERP, SCM and EIP. He has developed proven and effective models for justifying ROI through business case development and internal executive sales strategy development.  http://www.clearviewfocus.com