Business Innovation Homepage > Business Agility

Creating business agility has become a high priority at many organizations. One important aspect of business agility is the ability to continue operating in the midst of an unforeseen event such as a power outage, or to quickly get back to full-blown operations following an occurrence such as a natural disaster.

You would think disaster recovery and business continuity would be part of the risk-management strategy of all organizations, but surprisingly that’s not the case. A business continuity study by AT&T, which surveyed 1,000 IT executives in 10 U.S. metropolitan/regional areas in January and February 2007, showed that one-fourth of the organizations surveyed don’t have a business continuity plan.

Business continuity planning was seen as a priority by more than two-thirds of the IT executives in the study, and 40 percent said it has always been a priority for their business. But 30 percent of the executives said business continuity planning is not a priority at their organization. And while a majority of the companies in the study have had their continuity plans updated in the past 12 months, only 41 percent have had the plans tested during the same time period.

“Disaster recovery planning and business continuity planning have always been important, but they've often been ignored,” says Bob Blakley, principal analyst at the Burton Group. “ There was an upsurge in planning for disaster recovery following [the Sept. 11, 2001, terrorist attacks], and recent compliance laws have driven some additional uptake of business continuity planning,” Blakley says. “But generally my sense is that any increase in interest is gradual rather than rapid.”

Blakley says there should be several key elements of a business continuity plan. One is that organizations should provision one or more backup facilities that are either continuously online or can be activated quickly in the event of an incident. Another is that there should be detailed procedures for moving personnel to alternate sites and ensuring that they have access to the backup equipment and location.

It’s also important to make a list of critical and noncritical personnel, and create a mechanism, such as a call tree or designated news source, for establishing and maintaining contact with critical personnel during the incident. Organizations should also have detailed processes established that personnel can use to continue to conduct business in the recovery mode until normal service at their primary locations is restored. And Blakley says organizations should train people in advance of an incident, and conduct periodic and realistic testing of the continuity plan to identify weaknesses and familiarize people with the operation of the plan.

From an IT perspective, Blakley says, the plan should include multiple redundant and physically separate data centers. “These centers should be located in areas which are unlikely to be simultaneously affected by a single incident,” he says. “Power and communications [provisioning] to the various centers should be truly independent, and there should be provisions for alternate-channel communications to personnel during incidents in which [telephone] and other communications channels are degraded or interrupted.”

Both systems and data should be duplicated on a regular basis, based on how critical the data is, and testing of the plan should include taking primary systems offline periodically and moving to backup operations to ensure that the process works smoothly, Blakley says.

“Senior executive management must be involved in business continuity planning; it's not just an IT issue,” Blakley says. Other departments that should be involved include human resources, legal, finance and the lines of business. “The CIO, of course, will have to be intimately involved with the exercise,” he says.

Click here for more Business Agility articles