In the first two parts of this series, we talked about the business continuity plan and how it can be created to specifically tackle continuity of IT processes. We also briefly talked about conducting a business impact analysis, creating a clear task list, and identifying resources and gaps.
Information on data backups
While the IT department can be the team mainly responsible for data backups, the business continuity plan should ensure that these backups are accessible up to at least 3 levels outside the IT department and its personnel. Business continuity should have a provision on how information on data backups should be handled – who should be contacted as the first line of support; who would be the second and third line of support in case the first is not available; how to assess the loss of data; and up to which period should be recovered if the data is recoverable. Storing the copy of procedural data, specifically for the IT department, in a separate medium and infrastructure is critical to protect the company from primary data loss or corruption.
Once the data is restored, there should be clear protocols on how the restored data will be maintained and how a cycle of backing up should be performed. Back-ups may be done daily or even weekly, again depending on this maintenance protocol stated in the business continuity plan. During the most volatile scenario, a back-up might be required every hour. These, again, should be stated in the plan in the event that the whole IT department is unable to support and the maintenance protocols would have to be carried out by non-IT specialists.
Build around short- and long-term timelines
The business continuity plan for the IT department should have a set of protocols for managing the business’ IT processes during a short-term business cycle disruption and also during long-term calamity impacts. A disruption can be anywhere between a day and a few months. Processes will differ depending on the timelines and the priorities that need to be tackled in order to keep the IT functions working while the business is recovering.
Having the business continuity plan within the organization, spread across the departments is an ideal start, but it would be always valuable to consider a third-party IT services provider to also be fully capacitated to carry out the business continuity plan. When disaster strikes, businesses would want all hands on deck to attend to the fires that could totally damage the business. Having an external IT support provider allows businesses to focus on the critical tasks at hand, while being reassured of a strong IT support running the show in the background.