Risk Management is About Planning for the Unexpected

Information security is an ever-increasing concern. But information security doesn’t just mean protecting your data and systems from hackers and other malicious individuals. It also means protecting your systems from environmental threats, business disruptions and disasters. Over the past spring and summer, our nation has seen a torrent of tornadoes, an East Coast earthquake, Hurricane Irene, massive wildfires, and Tropical Storm Lee. It’s these types of scenarios that are the most difficult to plan and prepare for, but they can have the biggest negative impact on your systems and data.

Business continuity and disaster recovery are not new concepts, but often times they aren’t taken as seriously as they should be. While everyone hopes they are never majorly affected by these types of disasters, if you aren’t prepared for them, they can have a devastating impact on your organization. Proper business continuity and disaster recovery preparations can make the key difference in minimizing the effects of these kinds of disasters and continuing business operations.

However, developing solid business continuity and disaster recovery plans and procedures isn’t a quick and easy task. If you want to ensure it is done correctly, the process will take time, thought and input from all areas of the organization. A blog post can’t effectively portray the scope of business continuity and disaster recovery planning, but for those interested in more detail, the FFIEC’s "Business Continuity Planning" booklet can provide additional information. To illustrate the depth of developing such a plan and procedures, here are some of the major elements:

• Performing a business impact analysis (BIA)
• Performing a business continuity planning risk assessment
• Developing/implementing the actual business continuity and disaster recovery plans/procedures
• Monitoring, testing and updating the business continuity and disaster recovery plans/procedures

Each of the elements listed above will take the time, thought and input that I’d previously mentioned. That is because each of these elements is crucial to ensuring your business continuity and disaster recovery plans and procedures will be viable and useful should they be necessary.

Benjamin Franklin once said, “For every minute spent organizing, an hour is earned.” I found this quote to be a perfect fit for business continuity and disaster recovery. It’s true that developing these plans and procedures is not fun and takes time, but that preparation will pay major dividends should a disaster affect your organization.