Business continuity is a critical issue that organizations must give careful attention to, as it directly impacts not only their revenues and profit, but also on their image. Therefore, they must have a business continuity plan in place, and be ready to implement it quickly and effectively when the need arises.
Slingshot’s services in the area of business continuity are
Business Implication Analysis (BIA)
BIA is the initial phase in the development of a business continuity program, as it identifies the implications of the degradation or shutdown of services provided by the organization to its clients.
The first step in the BIA process involves mapping the organization’s critical business services and characterizing them in terms of the specific services supplied to each of its clients; dependence on other IT units and databases to provide the services; hardware and software used for this purpose; critical times, employees and suppliers; and additional parameters. The subsequent phase comprises the analysis of the direct and indirect harm arising from service degradation or shutdown for defined periods of time: from financial losses through to damaged business reputation.
Business Continuity Programs
Business continuity programs are based on a policy and strategy defined by the organization. To ensure these cover all relevant aspects and their interdependencies, Slingshot analyzes all potential scenarios and design basis threats, and outlines the appropriate guidelines for dealing with them in a manner supporting quick recovery. These are then submitted to the organization’s management for review and comments. Once approved, they constitute the framework upon which Slingshot prepares the comprehensive business continuity plan, also taking into account any constraints.
The main components of the organizational business continuity plan include:
A list of all the services provided to the organization’s clients, per client and per service.
The criticality of each service to the clients’ operation.
The business processes that are to be implemented when service is disrupted.
The IT personnel responsible for implementing the program and their contact details for 24/7 availability.
Suppliers whose products or services may be required to resume activity, listed for each service disruption scenario, and their contact details.
To ensure the business continuity program continues to cover the organization’s needs, it is essential to perform IT risk assessments on a periodic basis, in order to cover any modifications in the list of threats, the definition of the design basis threats and the scenarios. IT risk assessments are also imperative when the organization launches new services or expands existing ones. Additionally, client lists, as well as IT personnel’s and suppliers’ contact details must be updated regularly.
Slingshot also recommends conducting business continuity exercises to verify that the implementation of the program, when required, will be quick and efficient, with all members of the IT business recovery team familiar with their respective roles and experienced in carrying out their assigned actions. Periodic exercises contribute not only to the IT personnel’s knowledge and accumulated experience, but also instill confidence in their own ability to execute their tasks under pressure when the time comes.