The occurrence of accidents and disaster can in most cases be unavoidable. The greatest problem with their occurrence is the fact that they are very unpredictable in nature. This means that due to their unpredictability, it is also hard to exactly know the extent to which they will impact the organization, its assets, personnel and its very existence after it has occurred. This however does not mean that organizations should leave the effort to try to mitigate and recover from such eventualities to chance. In this essay, the learner will take a look at ways and means of planning for disaster recovery. In trying to address this topic, the learner will pay special reference to a video recording that was sponsored by AT&T, which featured speakers like Paul Gillin, Jeff Kaplan and Tim Scannell as they tackled the topic on business continuity with special reference on disaster management and recovery of business activities and their initial response capabilities. In this essay, the learner will address the five phases that can be used in business continuity planning with personal reflections present in the essay and reasons behind such approaches / thoughts.
The five phases of business continuity planning
1) Business continuity planning project scope and planning
The threats that are posed to an organization come in many forms. For example, in the works of Trim (2005) there is address of threats that are posed to the telecommunication and information systems infrastructure (p. 496 +). In the research, it was found out that hackers and virus authors pose a great deal of challenge to an organization and some of these criminals have mastered their threat pattern in such a way that they have resorted in extortion of money from small and medium sized organizations (Trim, 2005, p. 497). On evaluation of the kind of damage that such hacking and viral infection on their system would cost them to clean it, they find it cheaper to pay these gangs and remain safe of these viruses and attacks (Trim, 2005, p. 497). As of 2005, the Pricewaterhouse coopers estimated the amount of damage caused by viral infections amounted to a whooping 1 trillion dollars.
In their argument in the video presentation, Gillin, Scannell and Kaplan grill the ever changing landscape as far as information and communication needs and dependence is concerned. In dealing with the scope of the project, it is important to take into consideration all the business operations and their dependability on one another (Krause & Tipton, 1998) and (Craig, n. d.). In ISO (2005), it is noted that the modern interconnection that exists between the e-commerce and the information systems has become a growing concern and major target hence the need for better scope coverage. There is need for organization of the personnel to deal with a crisis and timing of how to implement recovery processes (Craig, n. d.) and (Krause & Tipton, 1998).
2) Business impact Assessment
The second phase is intended to take a critical evaluation of the impact and the worst case scenario in the event a disaster struck (Craig, n. d.) and (Krause & Tipton, 1998). Ozier (n. d.) asks very crucial questions with regard to the threat event, the threat impact, threat frequency of occurrence in an annualized form and the recognition of the presence of uncertainties. For example, the occurrence of Japan’s Earthquake cum tsunami brought devastation especially on organizations that were located around the region that was worst hit and around the Fukushima Daiichi that, as of writing of this essay, continued to emit radioactive radiations. Some business premise, systems infrastructure and personnel were completely annihilated and such a business may never get back on their feet if they did not have proper mechanisms to deal with the impact.
During Impact assessment, it is important to take into consideration the proportion that such a catastrophe would have on the business (Craig, n. d.) and (Krause & Tipton, 1998). According to Trim (2005), this would be termed as a proactive approach in which the depth and breadth of an impact is considered and proactive measures considered to ensure business continuity (p. 496). In addition to this, there should be consideration of the level of interruption especially on the information systems support to the customers (Craig, n. d.) and (Krause & Tipton, 1998) and thus the need for virtualization of communication services that will ensure moderation of the impact of such damages (Ozier, n. d.).
3) Develop Recovery Strategy
Knowing and estimating the magnitude of impact of a problem is not enough and neither should such discoveries be a source of fear of progress of the organization. In essence, this discovery should be a starting point where people can create a plan either for risk mitigation or risk elimination in the event of a disaster. One thing that should be considered is the resources for which the organization relies heavily on (Craig, n. d.) and (Krause & Tipton, 1998). This means that there is need for a clear definition of all the business units that exists and would be needed to jumpstart the business again (Krause & Tipton, 1998). This also includes the definition of the departmental space that would be required in the process of recovery from the disaster in the event it happens, the sort of resources that would be adequate in the initial recovery process, the technological platform that would ensure continuity of the business (Craig, n. d.).
Krause and Tipton (1998) continue to argue that at times it is good to consider other recovery alternatives and the estimated cost of recovery plan to ensure that the least amount of expenses are incurred while maximizing on business continuity opportunities. These estimations should then be presented to the management for both perusal and approval, which includes recommendations (Krause and Tipton, 1998). This line of thought is well supported in the works of Ozier (n. d.) who argue that there ought to be consideration of the most cost effective way to do business as well as a comparison with the benefit analysis to come up with a viable solution to decrease the risk.
4) Recovery Plan Development
After development of the recovery strategy, the actual business recovery vehicle (business continuity plan) is then established (Krause and Tipton, 2005) and (Bradbury, 2008). This means that there is need for explicit documentation on the steps to follow during the recovery process and the execution procedure (Krause and Tipton, 1998). In the documentation, there is mention on the administration inventory information as well as a detailed recovery management team that is set up to execute the action plan in phases (Krause and Tipton, 1998).
Craig (n. d.) continues to add that during the planning phase, mitigation processes as well as preparedness processes should be documented and implementation should be swift to know the viability of these models. Without overstating the importance of backing up files in the information technology department, Bradbury (2008) gives a good exposition on the benefit in such an approach in the recovery process and says that such information can aid in speedy recovery from a disaster.
Implementation, Testing and Maintenance
After the documentation of the detailed recovery plan, it is important that there should be implementation of these results in a rigorous manner and environment such that those involved / expect to be involved in the recovery process should be involved. Implementation should involve the personnel, the facilities as well as the technological infrastructure/ platform (Krause and Tipton, 1998). With the development of new technology that allows for storage and backing up of systems data and information in a virtualized environment, businesses that take advantage of this technology are at an advantage as they have a level of surety of information systems data integrity.
Activities should involve initialization of the implementation process as they test and conduct maintenance to ensure the equipments are in their best state at all times (Krause and Tipton, 1998). This may involve simulation exercises that will help in decision-making process (Trim, 2005). The implementation may also involve setting up virtual customer care services such that in the event of a disaster, customers can still access the organization’s information (ISO, 2005) and (Bradbury, 2008).
Which recovery plan the learner would choose
Due to the complexities that come with disasters, the learner finds it important to choose the implementation, testing and maintenance process as it remains the bottom-line to creating a viable recovery option. This is because, when implementing the plan, it becomes possible to note weaknesses in the implementation plan and thus make amends that help improve the recovery process. Secondly, this implementation phase is important as it enable the systems administration to devise better protection mechanisms for the servers and the virtual offices and thus creating a better risk distribution setting that would ensure superb business continuity. Testing and maintenance helps to eliminate obsolete processes that can be replaced with better processes that encompass the functions that would have been done by those obsolete processes, in a much better way.
In conclusion, the learner has found that BCP project scoping and Planning, Business Risk and impact assessment, recovery strategy development, recovery plan development and implementation, testing and maintenance are crucial in BCP.