How Prepared Are You, Really? WHITE PAPER

+ BC/DR
WHITE PAPER
How Prepared Are You, Really?
EFFECTIVE BC/DR PLANS CAN HELP YOU AVERT COSTLY LOSSES
The Risks of Business Disruption
Imagine your business coming to a grinding halt. Natural disasters such as hurricanes, earthquakes,
tornadoes or other disruptions – from human error to hardware failures and cyber-attacks – can
create just as much damage as fires and floods. North American businesses collectively lose $26.5B
each year due to IT downtime and data recovery issues.1 At an average hourly cost of over $163K,
even short business interruptions can result in devastating financial losses. Additional risks include:
potential brand damage, lost data and loss of customers, productivity and revenue. Check out our
Integra BC/DR infographic for more information about these risks.
A Business Continuity (BC)/Disaster Recovery (DR) Plan can mean the difference between the
survival or failure of your company from the risks we’ve identified. Don’t wait for a disaster to
happen. The best time to develop a BC/DR plan is when you don’t need it. Trends for the future
include an increase in natural disasters, steady growth in mobile malware, and a rise in malicious
cyber-attacks and ransomware—meaning more potential business disruptions. Read on to learn
how to begin creating your own BC/DR plan to avert costly losses in five strategic steps:
BC/DR PLANNING FIVE STEP PROCESS
1. Assess Your Risks with a Business Impact Analysis
2. Reduce Your Risks by Partnering with Reliable Businesses
3. Create Detailed Plans
4. Test Your Plan
5. Review Your Plan Regularly
1
http://focus.forsythe.com/articles/279/Why-Business-Continuity-and-Disaster-Recovery-Is-More-Than-a-Checklist
2 | How Prepared Are You, Really?
THE DIFFERENCE BETWEEN
DISASTER RECOVERY AND
BUSINESS CONTINUITY:
Disaster Recovery (DR) is ‘data
& systems’ centric, while Business
Continuity (BC) is ‘business
operations’ centric.
Often organizations think if you
have a Disaster Recovery Plan in
place to restore IT services, you’re
covered. That is not the case.
An up-to-date, well-tested DR Plan
gets IT functioning a.s.a.p., while a
BC Plan enables your workforce to
re-establish mission-critical services
as swiftly and smoothly as possible.
The detailed procedures in your
BC Plan includes contacting
critical personnel, recovering
vital records, identifying and
contacting key suppliers, vendors
and clients to ensure that
essential functions can continue.
STEP ONE: ASSESS YOUR BUSINESS RISKS
You can’t create a plan unless you know what you’re protecting, its value to the business and the
operational impact if it goes down. To identify mission critical services, you must first complete a risk
assessment and conduct a business impact analysis.
1. RISK ASSESSMENT: The first thing to do to protect your company and customers from the risks of
business interruption is to conduct a Risk Assessment. You and your team should identify potential
hazards and loss scenarios and understand which assets are at risk. Then inventory physical assets
like buildings, IT, utilities, other goods and materials. Also consider the possible impact on your
relationships with your community—and how certain situations could cause customers to lose
confidence or trust.
2. BUSINESS IMPACT ANALYSIS (BIA): After identifying potential hazards, analyze what could
happen to your business if they actually were to occur. The BIA process allows you to predict the
consequences of disruptions.
+ Organize a BC/DR Team to manage the analysis and to be your core team to develop your
Business Continuity Plan. Ensure you have a clear team leader and an alternate—who is
preferably located in another city. Give team members authority to develop and maintain the
plan. They must be willing to take charge during a disaster to help your business recover as
quickly as possible.
+ Gather information required to develop recovery strategies. Start by identifying the most crucial
systems and processes and the effect their outage would have on your business. The BIGGER
the possible impact, the FASTER your recovery time must be.
+ Consider the impact to buildings, networks and communications, data and applications and
your workforce. People come first—not only physical safety but what they should do during a
disaster and how you will contact them.
+ Identify the critical business processes and resources needed for your business to continue to
function at different level in the BIA.
+ Identify, discuss and document which resources need to be recovered first in different scenarios.
3 | How Prepared Are You, Really?
Potential Vulnerabilities
The Federal Emergency
Management Agency (FEMA)
urges you to look for weaknesses
or vulnerabilities that could
make any asset more susceptible
to damage, and to consider
investing in mitigation to reduce
their at-risk status. Below is a list
of hazards to assess:
+ Fire
+Explosion
+ Natural Hazards
+ Hazardous Materials Spill
or Release
+Terrorism
+ Workplace Violence
+ Pandemic Disease
+ Utility Outage
+ Mechanical Breakdown
+ Supplier Failure
+ Cyber Attack
STEP TWO: REDUCE RISKS THROUGH PARTNERSHIPS
No one can recover from a business disruption on their own; it requires relationships with reliable
business partners who will be there when you need them. To reduce your risks further, choose
partners with clear BC/DR priorities.
1. BUILD YOUR TEAM: Carefully evaluate reliable business partners to reduce risks and assist in
planning. Select networking partners, cloud service providers, and data centers with redundant
connectivity and automatic failovers. Integra understands that even in the face of a network
outage, equipment failure, or natural disaster— business must still be conducted. There are
no time-outs in business, and the speed with which you can re-establish critical systems is
paramount to Business Continuity and Disaster Recovery.
2. PROTECT YOUR ASSETS: Choose service providers with documented BC/DR plans, established
Service Level Agreements (SLAs), and robust security measures. Though they rarely go down,
cloud services are not 100% reliable. Clearly understand the impact a provider’s possible
outages could have on your workflow, productivity, and revenue.2 Make sure you have Service
Level Agreements in place. SLAs provide the basis for managing the relationship between your
service provider and your company. They describe in detail the agreement for the service to
be delivered, including how that service is measured. Basically, SLAs are meant to ensure your
service provider understands what they are required to deliver and you know what to expect.3
2
3
http://www.geekbraindump.com/2014/07/07/technology-the-importance-of-service-level-agreements-and-cloudcomputing/#sthash.5oSxXxKp.dpbs
http://www.gsx.com/blog/bid/88160/Cloud-or-not-Cloud-The-importance-of-SLAs
4 | How Prepared Are You, Really?
To keep your data
safe and operations
running, partner
with Integra
for network
redundancy and
our comprehensive
business continuity
solutions.
STEP THREE: CREATE A DETAILED PLAN
Once you’ve identified your mission-critical assets and processes, your team has determined what
absolutely must stay up and accessible at all times and the financial impact if it doesn’t, you can begin
to create your plan. The advice of the International Legal Technology Association is “Don’t try to name
every little thing that can happen. Make the recovery processes generic at first.”
Start with the basics of how to communicate, where to go, and who will be on the response team during
a significant event.
1. Determine your downtime, availability and recovery window. Now that you know
what’s most critical, determine how long you can go without these assets, and how quickly you
must restore them.
2. Define your recovery solutions and sites. How will you back up your data? How will
you ensure uninterrupted access to it?
+ Make sure your failover connections are in place with data and applications stored or
replicated in a secure, off-site location or data center with reliable connectivity. Also, establish
the right communications and security protocols to ensure its accessibility.
+ Consider improving network security and redundancy; implementing regular data backup, disk
mirroring procedures; and instituting cloud-based failover to virtualized systems, applications
and infrastructure.
3. Create a communications plan. Again, don’t forget your people. The best plan in the
world can’t operate on its own—plan who to contact in an emergency and the protocols for
contacting others.
Tips for IT Disaster Recovery
Planning
+ Prioritize the most critical IT
assets (networks, Internet
access, call center, etc.)
+ List vulnerabilities to the
infrastructure (lack of
backup power, off-site data
center, etc.)
+ Assemble critical
infrastructure documents
(network diagrams,
equipment configurations,
databases)
+ List external assets,
third-party resources,
connections to other
offices/clients/vendors
+ Document previous outages
and disruptions, including
how they were resolved
+ Develop IT response teams
to respond to disruptions
+ Establish procedures, roles
and responsibilities for
suppliers/vendors
5 | How Prepared Are You, Really?
STEP Four: TEST & OPTIMIZE YOUR PLAN
Just because you have a plan, doesn’t mean it will work. Test your plan, inside and out. Find the gaps
and address them before you have an actual disruption. Optimize your plan, and re-test it quarterly to
ensure it is current and effective.
1. CONTINUOUS MAINTENANCE: Keeping your plan current and workable needs to be part
of your company’s regular administrative tasks. That might sound expensive, but consider the
alternative and the risks of NOT having an effective plan. Remember that business continuity
and disaster recovery is not a task isolated to IT. It needs to be an operational part of all offices,
departments and every employee.
2. Define your recovery solutions and sites. Conduct live tests that simulate a real event.
Include your service providers, and exercise complete failover, restore, and validation processes.
Experts at Tech Target caution, “Most often, if a disaster recovery plan is going to fail, it will
most likely happen during a disaster. Therefore, if a test detects a defect under relatively ideal
conditions, it enables enhancements to be made before the plan is ever needed.”
When a BC/DR plan is newly created, you will want to demonstrate it. This helps management see that
you have a plan in place, but it doesn’t prove that it will work in a situation where key personnel are not
available or a vital backup is inaccessible.
So it’s imperative that you move beyond a controlled “demo” with a few select BC/DR team members
and develop test scenarios that are intended to simulate the chaotic reality of a real disaster.
6 | How Prepared Are You, Really?
Successful tests do
not prove that a
disaster recovery
plan will succeed,
but failed tests do
prove that plan
will fail.
STEP Five: REVIEW & TEST YOUR PLAN REGULARLY
Your BC/DR Plan is a living set of procedures, so it should evolve with the changing needs of your
business. Keep your plan up to date. As your business changes, your processes and procedures will also
need to change.
Keeping Your BC/DR Plan
Up-to-Date
Experts recommend including these vital steps in your testing plan:
+ Test your BC/DR plan frequently
and add improvements with
each test
+ Have someone who is not part of the team conducting the test construct the scenario.
+ Utilize an independent person or group to referee every BC/DR test.
+ Once defects are identified, resolve any problems and determine their causes.
+ Re-perform the same test to determine if you’ve eliminated the defects.
+ Build a BC/DR audit and maintenance plan for continuous improvement capability.
+ Implement change management processes to keep plans in sync with current business realities.
+ Recognize BC/DR is everyone’s
issue (it’s not just for IT)
+ Review your BC/DR Plan
regularly
+ Executive visibility with an
executive sponsor
+ Integrate future technology
plans (three to five years)
+ Communicate updates across
your company to maintain
awareness
7 | How Prepared Are You, Really?
Partner with Integra for BC/DR Solutions
Now more than ever before, time is money. Tolerance for downtime is measured in minutes, not
hours. Businesses need reliable business continuity solutions to keep data safe and operations
running smoothly.
A Partner You Can Trust
Trust Integra to support your business continuity plans with secure services matching the needs
of your mission critical applications. We partner fully with our customers through a wide variety of
BC/DR testing scenarios and offer services to aid your business continuity and disaster recovery
planning. Integra’s diversely routed and fully redundant fiber backbone ensures reliable network
connectivity backed by SLAs that guarantee uptime and low latency. Our comprehensive portfolio of
solutions and services offer a wide range of options for your BC/DR needs including:
+ We are also nimble enough
to craft innovative, costeffective solutions.
+ Managed & Cloud Services – Limit location-centric disaster risks with cloud or data center
based communication tools that include Hosted & Managed Voice solutions or Collaboration &
Messaging Services.
+ Cyber Security Solutions – Defend your business from a wide range of evolving online threats
with a full suite of security solutions that include: Cloud Firewall Service, DDoS Mitigation
Service, Email Security and Security Pro Services.
+ Colocation – Protect your mission critical equipment in a secure network-rich environment.
Contact us today to explore our full selection of BC/DR solutions.
+ Every business has unique
needs, so we work with you to
find the right solution for you.
+ With our extensive, robust fiber
network and full suite of carrierclass services, we deliver peace
of mind.
CONTACT US  (877) 953-7747
ABOUT INTEGRA™
Integra™ provides facilities-based communications
and network services to enterprises, small and
mid-sized businesses, government agencies and
carriers throughout the western United States,
with nationwide and international connectivity
delivered via a robust IP/MPLS network. Integra’s
vast, privately owned network connects customers
to 6,400 miles of long-haul fiber optic
infrastructure and 3,000 miles of metro fiber across
35 cities in 11 states.
For More Resources Visit:
www.integratelecom.com/BCDR
8 | How Prepared Are You, Really?