The Business Continuity Plan
Business continuity plans provide policies and procedures that ensure business operations will continue uninterrupted in the event of an emergency. In this section, we explore four key aspects of a business continuity plan: establishing operational priorities, the Business Impact Analysis, choosing a continuity strategy, and developing a written BCP.
Establishing Operational Priorities
What are the most important functions in your organization? Developing a well-thought-out response to this question provides you with information essential to the BCP/DRP process. Sit down with your disaster planning team and draw up a prioritized list of high-level business functions, such as
Manufacturing
Sales
Accounting
Human Resources
After you complete this high-level list, draw up a more detailed prioritized list of business processes that support those functions. For example, the manufacturing function might be broken down into
Produce widget frames
Produce widget timer
Assemble widgets
Paint widgets
Pack widgets
Ship widgets
Continue this process by creating more granular lists that outline specific business requirements. Each one of these should be prioritized according to their criticality. When you're through, develop a master list of business functions that you need to include in your continuity planning. You probably need to mix and match from among the business functions. For example, the highest-priority task in Sales might be more critical than the lowest-priority task in Manufacturing, despite the fact that Manufacturing has an overall priority higher than Sales.
Performing a Business Impact Analysis
The Business Impact Analysis (BIA) identifies the risks posed to an organization and then assesses the impact each one would have on the continuity of business operations. During your BIA, you identify the risks that face your organization, assess the likelihood that they will occur, judge the impact they would have on your operations, and prioritize your resource allocation accordingly.
EXAM TIP
Know Your Terms The Business Impact Analysis (BIA) is a well-known disaster planning tool and you may see a question on the TICSA exam asking you to identify it. Be certain to know the definitions of the key disaster planning terms that you find at the end of this chapter.
Identify the Risks
Emergencies come in many forms but can be divided into two broad categories—natural disasters and man-made disasters. Natural disasters include events, such as
Hurricanes, tornadoes, typhoons, monsoons, and other severe storms
WARNING
Disaster Comes in Many Forms The lists of possible disasters presented here are by no means comprehensive. They give you a few things to think about when designing your BCP/DRP, but you must only use them as a starting point. The actual list of threats your organization faces depends upon weather conditions in your part of the world, the type of business you conduct, the structure of your buildings, and many other factors. Be sure to take these into account when analyzing the threats facing your business.
Earthquakes, volcanic eruptions, mudslides, and sandstorms
Epidemics and famine
Floods and droughts
Fire and freezing
Human beings, on the other hand, are much more creative with the types of disasters they cause. A partial list includes
Acts of war and terrorism
Burglary, arson, and vandalism
Hacker attack (insider or outsider)
Power outages
Telecommunication link failures
As part of your BCP process, develop as comprehensive a list as you possibly can of the types of emergencies that could affect your business. This is where a diverse disaster planning team plays a critical role. Representatives from various operational areas will likely be able to identify threats that technical personnel alone would probably never consider (that is, labor problems, financial crises, and so on).
Assess the Likelihood
After the team assembles a list of threats, it's time to assess the likelihood each will occur. You can develop a rank-ordered list that identifies the most likely and least likely disaster and everything in between. More simply, you can simply classify each type of emergency as a “high,” “medium,” or “low” likelihood.
Whatever method you use, your end goal is the same. You're compiling information that helps you prioritize your use of disaster resources. It's obviously much more likely that your business will experience a fire than a meteorite strike. However, the risk of other types of disaster depends upon the location of your business, among other factors. Earthquakes rank high on the likelihood scale for businesses located in southern California, whereas Miami-based organizations are mainly concerned with the threat posed by tropical storms and hurricanes.
Judge the Impact
There's another important question to ask about each threat that appears on your list: What impact would it have on my business processes? Take a look back at the prioritized list of business processes that you developed in the “Establishing Operational Priorities” section of this chapter. How many of these priorities would each type of emergency impact? How devastating would the impact be?
For example, a catastrophic fire that destroyed your building would likely impact almost every business process on your list in a complete and total fashion. However, the theft of a piece of computer hardware might be only a temporary setback to one or two business functions.
Just as you labeled the likelihood of each risk, you now need to sit down with the disaster planning team and label the impact each risk would have on the business. Once again, you can use any prioritization strategy you want as long as your end result provides useful prioritization information.
Prioritize Resource Allocation
After you've ranked the threats to your organization in order of likelihood and severity of impact, it's time to prioritize your disaster resource allocation. This analysis ensures that you direct the bulk of your available resources toward the most immediate threats that threaten the largest amount of damage to your business.
If you used quantitative measures of likelihood (such as percent chance of occurrence) and impact (such as dollars lost) in the previous analyses, you can use a simple equation to rank your threats:
Likelihood×Impact = Threat
However, if you used qualitative measures such as “High,” “Medium,” and “Low,” you might find a graphical representation, similar to that shown in Figure 6.1, more useful. Plot each threat as a point on the graph according to likelihood and severity. The closer a threat appears to the top-right portion of the graph, the higher the priority you should place on it.
Figure 6.1. Threat Prioritization Grid.
Threat prioritization grids have an added benefit—they make nifty visual aids during presentations to senior management. After all, even the most dimwitted manager can understand a simple picture!
Continuity Strategies
After the disaster team completes the Business Impact Analysis, you're left with an ordered list of threats that face your business. Now it's time to do something about it! The next phase of the business continuity plan involves the selection of specific continuity strategies.
Data Backup
EXAM TIP
Backup Techniques The TICSA exam often contains several questions on data backup techniques. Know the terms identified in this section—backups, electronic vaulting, remote journaling, and mirrored servers.
Every computer user knows the importance of maintaining a set of backups. Instructors drill the various backup strategies and rotation techniques into the heads of aspiring system administrators. There's really not much question about it—backing up your data is the single most important business continuity technique. Neglecting to maintain adequate backups could result in the catastrophic failure of your business, especially if you are in an information-based industry.
There are several types of backup techniques that play important roles in business continuity planning:
Traditional backup. Involves the use of backup media (normally magnetic tapes) to store copies of critical data. These tapes are often made using a strategy that combines full, incremental, and differential backups with a tape rotation scheme. Administrators normally store complete sets of backup tapes in secure, offsite locations.
NOTE
Backup Types Most modern operating systems and backup utilities are capable of three different types of backup: full, incremental, and differential. A full backup stores copies of all files on a system. Time constraints usually limit the frequency at which they occur. Incremental backups store only those files that have been modified since the last full or incremental backup. Differential backups store copies of all files modified or created since the last full backup. A common strategy is to perform a full backup weekly on Saturday or Sunday and supplement it with incremental backups each weeknight.
Electronic vaulting. Compiles all the transactions that take place against a server (normally a database server) and dumps them to a remote site as part of a batch process.
Remote journaling. Stores an offsite copy of the same data that electronic vaulting protects. However, remote journaling transfers this data in real-time as opposed to the batch process used by electronic vaulting. This ensures that the backup site has a current copy of the data at all times.
Mirrored server. Takes data protection to an even higher level. Electronic vaulting and remote journaling simply store transaction data for use in later recovery operations. A mirrored server actually processes all the transactions in parallel to the production servers. If a disaster occurs and the production server is no longer available, the mirrored server is ready to take over transaction processing responsibilities immediately, ensuring minimal downtime.
Redundant Arrays of Inexpensive Disks (RAID). Uses multiple hard drives to introduce increasingly sophisticated levels of fault tolerance into a system. There are 10 defined RAID levels, but only a handful are commonly used. RAID-0 involves spanning a single volume across multiple disks to create additional space. This level of RAID has no fault tolerance.
RAID-1, disk mirroring, creates a mirror image of a volume on another disk(s). RAID-3, disk striping, uses several data-storage drives and a parity drive to allow for error correction. If one disk in the array fails, it can be reconstructed using the parity information. RAID-5 also uses a parity bit but stores it on whatever drive happens to be next in the array, rather than dedicating one drive to parity information.
Single Point of Failure Elimination
A Single Point of Failure (SPOF) analysis identifies critical points in an organization in which the failure of a single device could cripple operations. Good business continuity plans ensure the elimination (or minimization, if complete elimination is not possible) of SPOFs from an organization.
For example, refer to the power distribution map shown in Figure 6.2. The map illustrates a simple power distribution scheme for a power plant serving four customers. The plant delivers power to a neighborhood distribution center that distributes the power to the customers. From the power company's point of view, powerline A is a SPOF for their entire network. If that line failed, no power would get to the distribution center and the entire power grid would be useless. Of course, SPOF analysis depends upon your point of view. If you're the factory owner, there are two SPOFs in your power supply—line A and line D. The elimination of either one would halt delivery to your production line.
Figure 6.2. Sample power distribution map.
Let's take a closer look at four common SPOFs that affect many organizations. Once again, this list is by no means comprehensive. You have to develop your own list based upon your organization's business structure and technology infrastructure.
Critical servers. Are present in every organization. How safe are they in yours? Are there single servers that house critical data that your business couldn't operate without? What would be the impact on your business if your Web server went down? You may want to consider implementing mirrored servers to eliminate these SPOFs. You may also be able to implement load-balancing techniques and use the backup servers to handle part of the day-to-day processing load. Just be certain that your backup server can stand on its own two feet if disaster strikes.
Telecommunications links. Often act as SPOFs because of their high expense. Consider implementing backup links that can handle at least part of your regular workload. If you're not able to afford completely redundant links, make certain that your BCP specifies which processes have priority access to the links. Also, even if you have redundant links, take a look at them and ensure that there's not some component of them that is a SPOF. For example, you might have two T-1s entering your building through the same pipe. If a jackhammer cut that pipe (it happens more often than you might imagine!), your primary and backup links would both be disabled in a split second. Similarly, the telephone company might be using the same hardware in your basement to service the local loop portion of the circuits. It's important to apply the same security protections to your backup links that you apply to your primary circuits. If left unprotected, redundant links are a lucrative target for hackers.
Power supplies. Are one of the most common SPOFs. What's your strategy if the power goes out? Do you have uninterruptible power supplies (UPSs) protecting your critical hardware? What about a backup generator? How long can it supply the necessary power to run your business? Are there plans in place to regularly test the generator? What about checking the fuel level? Remember, all those generator tests consume fuel—don't find yourself short in an emergency.
Parts inventory. Could mean the difference between extended downtime and speedy recovery when disaster strikes—by maintaining an adequate parts inventory. If you simply can't afford redundant hardware, keep enough parts on hand to repair common problems. You don't want to find out after a component fails that the only supplier is 2,000 miles away and the part has been on backorder for three weeks.
The BCP Document
The BCP process involves a significant commitment of your business' resources—physical, financial, and human. Therefore, it's essential that you preserve the results of this study for future use. There are many “standards” in the industry for business continuity plans.If you're part of a large organization or government agency, there might be a specific template that you're expected to follow. However, if that's not the case, you can pretty much use any format that you like, as long as it records all relevant information.