Partner View

Business-Continuity Planning: Myths and Mistakes

Now that you have a plan, it's time to make sure it works. Practice, in this case, makes perfect.

• By Brace Rennels
• February 01, 2008

All too often, companies believe that once they've got such plans, they don't need to do anything else except flip a switch when disaster strikes.

Nothing could be further from the truth. In fact, that's just the biggest myth about disaster-recovery planning. Here are other common examples of faulty thinking on the topic:

• We only need to protect these systems.
• We're protected because our data is offsite.
• Our disaster-response plan was fine when we implemented it or when we last tested it, and nothing has changed since then.
• We need to be protected by next week.

In reality, successful disaster-recovery plans are never finished -- they're constant works in progress. They're comprehensive, covering all the business' most critical assets. They include specific provisions for protecting and accessing both onsite and offsite information. They don't happen overnight; they require planning, preparation and regular maintenance, review and revision. And every company needs one sooner rather than later.

More Mistakes
Business-continuity planning is prone to mistakes as well as myths. Among the areas where companies most commonly go wrong:

Lack of preparation: Obviously, it's preferable to be proactive-that is, to have a solid, proven blueprint in place -- rather than reactive, doing your planning after a major outage or catastrophe.

Lack of expertise: Even if you believe you've got a thorough understanding of your company's IT and business needs, you may find it beneficial to seek outside help with planning. Having an outside expert review your plans to make sure you haven't missed anything is well worth the expense.

Lack of realistic deadlines: Don't rush the process. Set appropriate milestones. It's better to make mistakes early on when you've got time to resolve them, rather than rushing things through and then finding problems later, at a more critical time.

Lack of practice: Test your plan regularly to make sure that upgrades, environmental changes and other factors haven't affected your original disaster-recovery design.

Best Practices
Schedule quarterly or semi-annual tests to determine whether interim changes in your business, technology and physical environment have rendered all or part of the plan obsolete.

Don't be discouraged if such exercises reveal mistakes or omissions in the procedures you've developed. Drills allow you to address and resolve such issues before real problems occur -- and that helps build everyone's confidence in the overall plan.

After you update or change your plan, you should test it again-and again. Remember to account for as many scenarios as possible and to build in multiple layers of redundancy.

There's a bonus to periodic testing as well: It serves as an excellent disaster-training vehicle for everyone in your company. Employees at all levels need to know what to do in an emergency and understand the roles they may need to play in an actual disaster. Testing also helps bring new employees up to speed on important emergency procedures.

That's important because, ultimately, any recovery or continuity plan is only as good as the knowledge of the people responsible for implementing it when a real disaster strikes.