In Part I of our blog series on Disaster Recovery, we discussed why DR is no longer enough in the healthcare industry. Today we’d like to focus on clearing up a common misconception that disaster recovery and business continuity are essentially the same thing. While disaster recovery is essential, it’s only a small piece of the larger puzzle required to plan for the continuation of healthcare operations.
Whether it’s a fire, flood, epidemic illness or malicious attack, a well-designed and tested business continuity plan allows the business to maintain or quickly resume critical business functions and minimize the business impact of a disaster. And with healthcare providers’ increased reliance on technology, having continuity and maintaining access to essential business functions is critical.
How do you create continuity? Great question, and as promised, we'll take you through the four steps of creating a business continuity plan for your company.
I. Identify the Scope of the Plan
Before anything else, you need to identify any types of disasters you think could potentially disrupt your business. This is the time for identifying threats and risks and how they tie to each particular asset or business function.
Threats can include a wide variety of situations, including, but not limited to natural disasters, security breaches, power outages and system failures. When considering potential risks and threats, identify those most likely to occur based on geographical or organizational factors, then weigh each against its potential business impact and your ability to respond.
II. Identify Key Business Areas and Conduct a Business Impact Analysis
Next it’s time to identify the programs, processes, places, and most importantly, the people critical to the survival of your business. What are the most critical business functions? What technology, if lost, could impact your ability to provide goods or services? How long can you go without each asset without impacting business operations? Who will help execute this plan?
These are all questions that need answering, and a business impact analysis is a great way to do just that. This analysis will help reveal any vulnerabilities, determine acceptable downtime for systems, develop strategies for mitigating and minimizing risk and quantify the importance of business components.
III. Create a Plan to Maintain Operations
After the most critical business assets and operations have been identified, it’s time decide how to maintain them. We mentioned in Part I and above that DR is only a smaller part of the bigger picture of business continuity, and here’s where it comes into play. Disaster recovery focuses on the components needed to re-establish access to key technological systems, services and solutions that run the business. Creating a DR plan will help ensure your infrastructure, systems, etc. will be back operational with limited downtime.
This is also the time to plan everyone's role. People are often the forgotten piece of this equation, and they’re also the most essential. In the case of an actual disaster, it’s hard to know if all the people involved in your plan are going to be able to execute their part.
Whether it’s because they’ve gone to take care of their family, fallen ill or are unable to navigate safely through a natural disaster to get where they need to be, it can be hard to ensure people are where they’re expected when a disaster does arise. Make sure that everyone in the organization is familiar with the roles of others so the plan can be executed regardless of your available personnel.
IV: Test, Retest and Improve the Plan
Testing and retesting the plan is the most important part of the process. Once the plan is complete (or at least you think it is), it’s time for some disaster simulation testing and a structured walk-through. How often should this plan be tested?
According to IE’s Director of Data Center Solutions, Chris Rogers, best practice recommends you test your plan at least once per year, and it needs to be something that’s maintainable. Unless of course there are changes within the business, (multiple new hires, changing physical office locations, opening a new office location, etc.) then the plan needs to be updated immediately and retested.
User awareness is also a big component of a successful business continuity plan. Everyone needs to know their part, including what they need to do, how they’re going to do it, and where they’re going to be. This is especially true for those that are less technical than others. Having all the infrastructure and systems in place is important, but what many forget is the human aspect of planning. After all, a plan is only as good as the people in charge of executing it.
We hope this blog series has helped you understand the key components of a successful business continuity plan. If your company doesn’t already have a business continuity plan, it’s out of date, or you’d just like someone to review your plan and test results, we can help. Contact us anytime at ineteng.com/contact.