White Paper - e-Continuity: The New Imperative
$100 million have no formal business continuity
plans in place.
10
In addition, companies that have
habitually purchased traditional hotsite service or
asset recovery protection — which restore opera-
tions over a period of hours or days after an IT
failure — may mistakenly believe they are fully
insulated from the impact of a major service
interruption.
In enterprises that have no continuity strategy or
a limited or outdated plan, senior management
needs to be educated regarding the heightened
impact of service interruptions and the range of
options available to enhance continuity.
OOrrggaanniizzaattiioonnss nneeeedd ttoo pprriioorriittiizzee iinnvveessttmmeennttss
As discussed earlier, continuity isn’t free. For this
reason, organizations must evaluate their conti-
nuity needs across the enterprise and prioritize
investments accordingly. This requires a system-
atic effort to identify business-critical processes
and related applications, assess exposure to vari-
ous types of risk, and determine the acceptable
loss level for each application.
In this process, it is advisable to examine several
key dimensions of disaster tolerance. (See Figure 4.)
These include:
> Criticality of the application to the organiza-
tion’s mission and success
> The nature, importance, and time sensitivity
of transactions/interactions
> Requirements for data availability, integrity,
and security
> Desired recovery point for a transaction/
interaction, following a service interruption
> Differing expectations regarding continuity
in diverse geographies
> Tangible and intangible costs of a service
interruption
By balancing continuity objectives, downtime
costs, and continuity solution costs, an enterprise
can clarify where to focus its continuity invest-
ments. This evaluation process also highlights
areas where 24 x 365 availability is not a realistic
possibility and the organization therefore needs
to manage user expectations.
SSttrraatteeggiieess sshhoouulldd aaddddrreessss tthhee eexxtteennddeedd eenntteerrpprriissee
The priorities that are defined at the executive
level need to be carried forward to the extended
enterprise’s IT architecture, infrastructure design,
and IT operations. (See Figure 3.) Internally, this is
accomplished through the IT organization; exter-
nally, it is accomplished by managing partner
relationships. When evaluating potential partners,
suppliers, and service providers (ISPs, ASPs, and
SSPs), continuity capabilities should be viewed as
an important selection criterion. Factors to con-
sider include:
> The robustness, security, and scalability of the
partner’s infrastructure
> Use of high-availability technologies
> The stability and reliability of the partner’s
partners
> The quality of recovery plans and testing
procedures
Localize strategies at the country level
Enterprises that do business across borders
cannot take a “one-size-fits-all” approach to
6
FFiigguurree 44.. DDeetteerrmmiinniinngg ““aacccceeppttaabbllee lloossss”” ffoorr aann oonnlliinnee
ggrreeeettiinngg ccaarrdd ccoommppaannyy
To prioritize investments, an organization first needs to define the acceptable level
of loss for each of its business-critical applications. In the example above, an online
greeting card company would want to evaluate the robustness of its greeting card
application, the response time required to ensure customer satisfaction, and the
importance of application availability during peak periods, such as holiday seasons.
Data
EventEvent
Transaction
Recovery
Point
Dimensions of Disaster Tolerance
ApplicationApplication
TimeTime
Customer
10
International Data Corporation, European Business Continuity Services 2000, January 2000.