Making A List, Checking It Twice: Business Continuity Planning
It the time of year when we start to see more and more lists. Santa is finalizing the naughty and nice list, people will be working on lists of top songs and movies of the year, and children are preparing lists of what presents they would like to receive this holiday season. If you run a business, I can think of one very important list you should take a look at, and that is the MegaPath Business Continuity Planning checklist.
Businesses need to be ready to handle any contingency that could affect their continuity, especially at this time of year, when so much business is transacted. Whether the issue is the H1N1 virus, a bridge disrupting your employees ability to get to work, or a natural disaster that effects a large geographic area, you need to plan ahead so that you know you can keep in contact with your partners, suppliers and customers no matter what.
To help you be ready, the friendly business continuity experts here are at MegaPath have put together the following list, which you can use to make sure you are ready to keep operating, no matter what.
MegaPath’s Business Continuity Planning Checklist
Designate a team: An effective business continuity plan should involve input from Management, the Chief Security Officer, the IT department, Web developer and Human Resources. These key departments have the ability to ensure the company runs smoothly in times of crisis, while taking into account the needs of their employees.
Identify key personnel: Determine which executives and employees are critical to operating the business (and supporting customers) that need to have access to key systems and information at all time. A business continuity plan must ensure these employees receive the highest levels of support, even during the most disruptive events.
Plan for spikes: Before an emergency occurs, businesses need to plan ahead for increased network bandwidth and secured remote access requirements. Implementing scalable solutions will enable organizations to add increased user licenses to the VPN and Internet connections in real-time.
Choose a flexible secure communications solution: There are many to choose from, but a SSL VPN is one of the leading solutions to provide flexible, remote access, which is essential to any business continuity plan. This technology enables access – via a Web browser – to sensitive corporate and customer data that exists on an enterprise network from remote locations. The SSL solution should be redundant and scalable to account for the increased spike in traffic, as well as integrated into the overall Disaster Recovery plan.
Create a single entry point: Create a business continuity portal for employees and partners. If the company has an Intranet, this site becomes command central from which employees can access information – HR policies, emergency contacts and a “click here to access SSL VPN” feature. As this Intranet would become the main source of information, it is vital to ensure that it is fast and reliable for employees no matter where they are located.
Coordinate a secondary back-up site: Should the primary site be unavailable, companies should have a real-time mirror of data housed at a secure facility. If configured correctly, organization’s can provide an automatic failover between locations, so that any forwarding is seamless to employees as they conduct business with no impact to productivity.
Replicate non-real time data: In the event that the secondary site is unavailable, organizations should plan for multiple layers of failover. If users cannot access real-time data via the back-up location, a third- tier facility with updates, but not real-time data, can provide most of the necessary tools to keep the business operational until the secondary facilities come back online.
Ensure access from any device: With mobile devices and air cards now permeating the executive suite and key employees, IT departments can leverage these tools to ensure complete connectivity in times of emergencies. However, organizations must first conduct a thorough review of remote access policies in order to protect the data these devices are accessing.
Pre-arrange “on-the-fly” meeting capabilities: In the event of an office closure, employees still need to communicate internally or with external parties (i.e. suppliers, customers). Providing Web and audio conferencing to remote locations and offsite workers keeps the communication lines open, especially with those unaffected by the office closure.
Review number of sites and VPN gateways: Businesses need their employees to have multiple channels to gain access in case of fail over. Conducting a yearly audit will provide a complete picture of your network and the ability to address problem areas before a disaster strikes.
Test, test and retest:Typically, companies today test their Disaster Recovery facility (ies) and remote access policies about once a year. These “fire drills’ enable companies to see how the current system is working, especially when employees are accessing information from remote locations (i.e. from home, a relative’s house, and hotel). Once complete, those in Management, IT and Human Resources can modify their business continuity plan accordingly.