Before getting started with a business-continuity plan, CIOs should ask some strategic questions:
- Have we created a financial-impact model for the per-hour cost of outage and the effect on revenue, profit, and legal actions? Assuming the hourly cost is millions of dollars, how would a prolonged outage affect profit?
- If a major disruption occurs, can we recover and in what time frame? What if it takes longer?
- Has someone outside of IT reviewed the priority of processes, people, systems, and applications? Are our procedures adequate, and will our personnel have the skills and tools to minimize the loss of profits?
- What legal and compliance implications are not factored into our plans?
- Which suppliers are critical to the effort? Have they updated their plans to include an evolving global delivery model?
- Have we included the corporate risk department in the analysis? Are we compliant with the requirements of the Sarbanes-Oxley Act? Are CXOs willing to sign off on a commitment to business continuity?
Recovering or reinstating infrastructure services must not be the only consideration. On a tactical level, the questions to ask include:
- Will the necessary personnel be available?
- Have any been lost in the disaster, and if so, who can fill in?
- Has our testing involved more than executing a “known” disaster scenario; can we implement processes without prior notice?
- What would happen if our customers couldn’t access their order, financial, and transaction data?
source: Fending Off Disaster / Mark Dangelo / Optmize, September 2003, Issue 23 / http://www.optimizemagazine.com/issue/023/leadership.htm