Form a Business Continuity Plan for Your IT System

If you rely heavily on IT in your everyday business, perhaps it deserves a Business Continuity Plan of its own. Take a Business Impact Analysis (BIA) of your IT systems (we describe the general process in Chapter 4) to indicate where your priorities and vulnerabilities lie. For example, ask what you rely on the most and how you’d cope without, say, email for the day. Think about how you’d activate and implement the plan, who’d be in the team and who’d take control of the situation.

In some circumstances, full IT recovery may not be an option. In this case you need to understand where systems rely upon each other and make as much as you can safe. Decide your required level of data backup and keep this updated so you can pick up and start again from there if necessary.

Having a clear plan and recovery strategy reduces possible ambiguities, provides everyone with a clear direction and commitment, and establishes roles and responsibilities. Be clear about what information staff can access and what personal access they have to business-owned equipment or infrastructure. Think about what areas of your system store sensitive or confidential data and which people you want to have access to that information. Consider any external data storage devices you have and who in your business is able to use them.

In addition, consider how your IT relates to other areas of your business; more than you think at first glance may rely on IT in one way or another. Bear in mind these other business processes that may be affected, and put measures in place to work around them if possible.

Whatever happens, protect the confidentiality of your staff, customers and suppliers even when everything else in the office is in chaos.