Why time mat­ters in a dis­as­ter by Gregory Med­well

Nat­u­ral dis­as­ters, cy­ber-at­tacks, hu­man er­ror or dis­rupted site ac­cess may im­pact your abil­ity to con­duct busi­ness. There is lit­tle doubt that dis­as­ter re­cov­ery, or busi­ness con­ti­nu­ity as it is now known, is a re­quire­ment for al­most all busi­nesses. Our re

Business First - - CONTENTS - Gregory Med­well is Busi­ness Con­ti­nu­ity and Data Cen­tre Man­ager at In­ter­ac­tive.

No one doubts the im­por­tance; in fact many en­ter­prise and govern­ment or­gan­i­sa­tions will not trans­act with part­ners that do not have a busi­ness con­ti­nu­ity ser­vice. Busi­ness con­ti­nu­ity is not a sin­gle prod­uct, more a cycli­cal process – an or­gan­i­sa­tion should re­view its busi­ness con­ti­nu­ity plan when­ever it in­tro­duces changes to the busi­ness or al­ters its busi­ness pri­or­i­ties.

How­ever one crit­i­cal el­e­ment to a busi­ness con­ti­nu­ity plan is time. There are many ques­tions per­tain­ing to time when it comes to your busi­ness con­ti­nu­ity plan. How long will it take for your busi­ness to be func­tion­ing? How long can you af­ford to be down? How long un­til your cus­tomers lose trust in your abil­ity to de­liver? The list is end­less, and in re­al­ity we are just try­ing to limit the im­pact of un­planned down­time.

Busi­ness Im­pact Anal­y­sis

The im­pact of down­time is cru­cial to un­der­stand­ing the time im­pli­ca­tions. Across an or­gan­i­sa­tion these might be lost sales, in­creased ex­penses (such as out­sourc­ing, con­tract­ing costs or over­time), reg­u­la­tory fines, re­duced cus­tomer sat­is­fac­tion or brand dam­age. A Busi­ness Im­pact Anal­y­sis is a de­tailed ques­tion­naire that iden­ti­fies crit­i­cal busi­ness pro­cesses, re­sources, and re­la­tion­ships across an or­gan­i­sa­tion and can help in quan­ti­fy­ing the po­ten­tial im­pact if a dis­rup­tive event oc­curs.

The goals of the Busi­ness Im­pact Anal­y­sis is to de­ter­mine the most cru­cial busi­ness func­tions and sys­tems, the staff and tech­nol­ogy re­sources needed for op­er­a­tions to run op­ti­mally, and the time frame within which the func­tions need to be re­cov­ered for the or­gan­i­sa­tion to re­store op­er­a­tions to nor­mal. Once these are known, the next stage is to design a busi­ness con­ti­nu­ity plan that meets these ob­jec­tives.


There are two im­por­tant acronyms that busi­ness con­ti­nu­ity providers will talk about, RTO and RPO. They are the Re­cov­ery Time Ob­jec­tives and Re­cov­ery Point Ob­jec­tives.

Dur­ing a dis­as­ter, it is a fact that most or­gan­i­sa­tions will lose some data. The Re­cov­ery Point Ob­jec­tive aims to ad­dress this by ask­ing how much data you can af­ford to lose, or what your or­gan­i­sa­tions tol­er­ance to lost data is. Usu­ally the data will need to be re-en­tered, and it can be com­pared with an au­thor writ­ing a long report on an old com­puter that is likely to crash. How of­ten would they backup their data? Or bet­ter yet – what is the max­i­mum time be­tween back­ups that you would be com­fort­able with? Your an­swer here might be ev­ery two days, which would trans­late to an RPO of 48 hours.

You may find that dif­fer­ent pro­cesses and sys­tems have dif­fer­ent RPOs. An ERP sys­tem may have a pre­mium 4-hour RPO, whereas a 36-hour RPO may be suit­able for a de­vel­op­ment server. Cus­tom RPOs can help your bud­get by only pay­ing pre­mium prices for the sys­tems that mat­ter most to your or­gan­i­sa­tion’s op­er­a­tions.

Re­cov­ery Time Ob­jec­tive is the tar­get time you set for the re­cov­ery of your busi­ness ac­tiv­i­ties af­ter a dis­as­ter event has oc­curred. It is de­fined as the max­i­mum pe­riod for which the busi­ness can be out of op­er­a­tion with­out sig­nif­i­cant risks or losses. Again us­ing the au­thor ex­am­ple, how long would they like to wait un­til they can be­gin writ­ing again? But be­fore you an­swer this you need to con­sider the im­pact on your busi­ness, rev­enue, cus­tomer re­ten­tion and brand.

The ob­jec­tive of RTO is to cal­cu­late how quickly you need to re­cover, which then dic­tates the plan you need to im­ple­ment and the over­all bud­get you should as­sign. Again this re­ally de­pends on what sys­tems and pro­cesses are most im­por­tant to your busi­ness. Typ­i­cally most im­por­tant sys­tems to your busi­ness will be your sales and ful­fil­ment sys­tems, which typ­i­cally have the best RPO you can af­ford.

The ma­jor dif­fer­ence be­tween RPO and RTO is their pur­pose. The RTO is usu­ally large scale, and looks at your whole busi­ness and the sys­tems in­volved whilst RPO fo­cuses just on data and your com­pany’s over­all re­silience to the loss of it. While they may be dif­fer­ent, you should con­sider both met­rics when look­ing to de­velop an ef­fec­tive con­ti­nu­ity plan. A pre­mium ser­vice may have an RPO of four hours but an RTO of 2 hours, mean­ing the IT re­cov­ery spe­cial­ists hav­ing a two-hour win­dow to re­store data that’s no more than four hours old.

But in the end it comes down to time. How long can you af­ford to not be do­ing busi­ness? How long your cus­tomers wait? What is the fi­nan­cial im­pact to the busi­ness? Analysing the im­pact and plan­ning ac­cord­ingly will im­prove the re­silience of your busi­ness, in­stil trust in your busi­ness and over­all take bet­ter care of your cus­tomers.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.