"No business continuity plan survives contact with a disaster" - ???
In enterprise sized organizations DR & BC planning is essential, and is often done by a team of professionals who have made their career in DR & BC. In the SMB world, it is often just handed to the IT staff to figure out. There are formal methodologies for all this, however, the SMB owner may only need to realize that there are really only a few possible scenarios that may occur:
- "The lights are on, but nobody's home". - Everything is fine the the office, just no one is allowed in for the next few days/weeks/months while some sort of hazardous material is cleaned up. A flipped propane tanker with a small leak can take days to burn out. Meanwhile, everyone in the potential blast radius will be evacuated. A pipe rupture that spews asbestos in the work environment can take weeks to clean up.
- "Nobody has a dial tone, and the internet isn't working either..." - Your communications provider just had a major failure. You're out a day or 2 while they fix the fiber some farmer cut with a backhoe burying a dead cow. You're out a month or 2 while they rebuild the major central office.
- "Why is there a soaking wet tradesman in front of the building yelling 'Houston we got a problem' into his cell phone?" - Ooopsie - the plumber/electrician/HVAC guy/gal was up a ladder in your server room and cracked a sprinkler head - or it broke on it's own. The email & possibly the SQL servers are now FUBAR. Or you had a motherboard go bad.
- "There was an Earth shattering KABOOM and all the lights went out!" - You always wondered what was under that funny looking piece of concrete in the middle of an asphalt parking lot, especially since it had a manhole cover in it. Now that it's lying in pieces around the hole it was covering, from which some nasty smoke and flames are shooting forth, surrounded by police, firefighters, and utility company people, you find out it a distribution transformer. Once the fire is out, and the really nasty oil coolant is mopped up, they'll be replacing it, uh, once the manufacturer ships a new one.
- "Toto, I've a feeling we're not in Kansas anymore." Or anyplace else for that matter. - Fire, flood, hurricane, etc. You're place of business is gone.
OR:
- Your systems are online and communicating with each other & to the outside world - you just can't physically access your systems or deliver goods from the affected locations.
- You're ready, willing and able to work & deliver, your customers can't communicate with you.
- You have a partial failure of critical servers/systems - your business processes are affected.
- Something happens to the infrastructure that takes all your systems offline.
- Your place of business is destroyed, if anything is salvageable, it will take weeks.
If you feel you need a formal plan, or are required to have one for business or regulatory compliance, you can write it yourself, this organization can train you how to. You can hire a consultant who has already been trained and has experience to work with you in preparing one. You can even get software that will help you create one.
The one thing that you must be aware of is that a Business Continuity Plan must change as your business and systems change, and making sure it works well enough to keep you in business requires iterative testing. Test early - test often!
