|
Aug 15
2010
|
Business Continuity & IT as a ‘Business within the Business’Posted by: Chad M. Goode in DRJ Blogs on Aug 15, 2010   |
 |
Though I am seeing this change slowly in organizations across industries, most companies still separate IT disaster recovery from business-side continuity and process resumption planning. As planners, and often the IT guys realize this too, it is incredibly difficult for IT to prioritize and determine the appropriate technology investments without knowing what is important to the business… and how important in terms of quantifiable dollars-at-risk data.
Unfortunately, even a lot of CIO’s are only given financial information at a very high level, making it hard for them to provide cost-benefit analyses and ROI data for disaster recovery technology and services that make sense to the company’s senior management.
Ideally, we would all like to see this change. We would like to see business continuity planners conduct thorough BIA’s and provide IT with a prioritized list of applications and services and what availability and recovery capabilities are required for each. Because a lot of organizations, even in 2010, still have not embraced business continuity planning or have not integrated their BCM and DRP programs under a single umbrella, IT is left to guess and to deliver cost-effective disaster recovery solutions without the business impact information required to do so.
Knowing that we can’t change the world all at once, and BCM/DRP programs mature at different rates in different organizations, I have an approach that I believe helps plan from an IT perspective… and lays the foundation for a mature and comprehensive program in the future. The trick is to look at the IT/IS department as a business within the business.
Even in organizations where IT is the business, there is a portion of IT that is a business-supporting or business-enabling function. This IT function includes those activities not directly tied to services provided to the company’s customers. For example, in non-IT companies, application hosting is a business-support function. The applications are required for the business to operate efficiently, but the company’s customers often do not see/use these apps directly.
In tech companies that provide Software as a Service (SaaS), application hosting may very well be part of the service portfolio provided to the company’s customers.
However, in both cases, IT does a lot more and provides a number of other services that support hosting applications. IT staff manage network connectivity, provide capacity planning, change and configuration management, provide moves, adds and changes on request, manage information security, technology vendors, software licensing, compliance and other service providers and provide support on both the hosted applications, the entire infrastructure and even the desktops.
Despite this fact, I see senior management tasking IT with providing disaster recovery for mission-critical applications, and IT then building out infrastructure solutions and recovery plans starting at the application level. They start by asking the question, “How can we recover this application and restore the data within the timeframe allotted to us by the business?” This is definitely a challenge.
What I suggest is that one look at IT as a stand-alone service provider and conduct an IT-specific BIA from this perspective. Look at IT as a separate business with its own customers, suppliers, revenue and expenses. Identify your ‘revenue generating services’; those services you provide directly to your customers (ie, the rest of the company) and separate those from the back-end services you provide to support your ‘revenue generating activities’.
With this in mind, you can begin building your IT business continuity plan and program with a focus on improving the IT organization’s ability to continue providing services to your customers. This will drive you to identify and prioritize not just the core infrastructure requirements for hosting applications, but also the management tools, crisis response and management plans and other non-technical processes needed.
In a disaster event, your recovery will first focus on recovering these core infrastructure components, services and management processes… and only then can you even think about recovering customer’s applications.
Keep in mind, as it is often missed when planning recovery from the application level, that core infrastructure and IT process recovery times have to be figured into application RTO’s. This means, then, that every core infrastructure component necessarily has a much lower RTO than any of the company’s most critical applications.
About the Author: Chad M. Goode is problem-solver with a passion for and special expertise in helping businesses protect assets, control costs and meet their financial objectives through business continuity management, disaster recovery planning and IT strategy. Business Continuity & IT as a ‘Business within the Business’ was sourced from the RSS feed at ChadGoode.com.
Related posts:
