“We’re covered”, “DR is expensive”, “We have a plan somewhere……”, “No we haven’t tested it, but we’ll get around to it when we have time”, “nothing’s ever happened to us”.
Does this sound familiar?
In all my years in ICT, it’s always been the basics neglected when things get busy. However it’s those less thought about “basics” that can sink a business. ICT leaders and CFO’s, whose remit extends to ensuring those basics are in place, are left holding the ball when disaster happen.
Organisations supplying to government and ASX businesses are nearly always asked to prove a well-documented plan, and many leverage this capability as demonstration of organisational maturity when bidding to win business contracts.
Too often there is a disconnect between an organisation’s board and leadership that “we need to recover in less than 1 hour and IT tell us this is achievable”. However when pressed the current systems and processes are untested and often the technology in place stands no chance of delivering that outcome.
This is particularly true in mid-market organisations, where ICT leaders are being asked to do more with less.
Even the most savvy business leaders often struggle to justify the investment given the difficulty in proving an ROI. Companies purchase insurance en-masse for all sorts of scenarios and public liability protections, yet they fail to categorise DR as a critical insurance policy.
So, what’s the solution? How do we get a business case to stand up when the ROI is difficult to prove? The good news is you don’t have to be an expert at math to demonstrate basic impact assessment!
A simple equation to understand this is taking your annual revenue and dividing by 2340 (9 hours a day over 52 working weeks). This effectively looks at how much per business hour the organisation is generating.
“But our business can still transact while systems are down”, “an hour won’t hurt us”… both common objections.
To most businesses, the biggest cost base and where the money is earned, is in their staff and the productivity and results generated every hour of every working day.
So if revenue is not a factor, turn to the next biggest cost base in the business, the annual wage bill. Again, dividing by 2340, paints a picture of a low ball cost to the business, per hour of downtime, in lost productivity.
Not all businesses or systems are as equally important, and tiering the level of assurance in Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPO) is highly recommended to control costs.
However the question still remains, whatever the numbers come out as, solutions exist that can deliver that business assurance in most cases for a fraction of the cost of disruption.
It all starts with a conversation. Engage the business to truly understand expectations for each business service and application being delivered.
Consider that IT systems are only a small component of what forms a solid and reliable Business Continuity Plan. People, process, systems and communication are all elements that need to be considered.
Once you have solid and documented business requirements, engaging your technology partner to underpin these needs with technical capability becomes the easy part.
For assistance and experience on how to build this technical capability, please feel free to engage me through the contact form, request to speak to me and I can assist with any ideas or challenges you may be experiencing.
– Robbie Casley, Business Development Manager