Three aspects of BCP resiliency
February was an interesting month in terms of disasters. First there was the incident at the Super Bowl where half the stadium’s lights abruptly went out leaving the game suspended and millions of viewers wondering what was going on. Then there was another Super Storm that hit the Eastern US, not to mention all the dramas going on around the world. These events continuously highlight the need for all businesses to have a Business Continuity Plan.
While a Business Continuity Plan (BCP) can be complicated, and comprised of many different objectives, the main reason companies include this in their business strategy is to build up resilience. Disasters of many kinds can result in either lost data, sales or even business. While a BCP won’t prevent large-scale disasters, it will help your business recover quicker.
When looking at how resilient your business is, there are three main aspects to consider.
RTO stands for Recovery Time Objective and is the time period from the beginning of the disaster to recovery of operations. This number, or time period, will be different for every company. For example, companies that operate online stores will likely have a short RTO, as they rely on 24/7 uptime to conduct business and sales.
In general the RTO is an objective, one that employees and stakeholders should strive for. Having one can help planners identify potential problem areas along with critical functions that must be recovered and any preparations that will be necessary. If a business does not address, or identify a set time to recovery they could see an unnecessary increase in recovery times, or worse lost profits.
RPO stands for Recovery Point Objective and represents the amount of data a business is willing, or can afford, to lose. The easiest way to figure this out is to look at your systems and think about how much data or information you personally can lose before being unable to do your job. From there, you can work out the frequency with which you should back up your systems.
For example: If you figure that you can lose a day’s worth of data, then your backup should be done on a daily basis. If you currently back up your data or systems once a week, and figure you can only miss a day, then RPO helps you realize this is not enough and that you need a system or plan that better meets your needs.
The difference between RTO and RPO is that RTO is a broad process that covers the whole Business Continuity timeline, while RPO is focused on data and backup.
When looking at different Business Continuity systems, it is always a good idea to calculate the ROI, or Return on Investment. You can calculate the cost of the integrating any plan, time to implement and recovery, expected value it can bring your business and avoided losses. This will give you a pretty good picture on whether current systems are strong enough, and if new alternatives are better.
By figuring out the time you expect to recover, how often you should back up and the total ROI of proposed, or existing, systems you can gain a clearer picture of how resilient your company is.
If you’re looking to make your company a little more resilient, why not get in touch with us? We are happy to sit down and discuss your options with you.