Keeping a business running despite the challenges of outages, disasters and threats can be daunting. Planning for each type of disaster is difficult, since imagination must substitute for real encounters. This is where predictive modeling comes to the foreground. By using exhaustive modeling, a wide variety of disaster conditions can be tested in a virtual environment, so that the business continuity planning (BCP) effort can be effective when exercised, rather than simply hoping for the best.
BCPs need to scale for organizational growth and evolution. There is extensive evidence that firms that do not invest enough time and resources into BCP preparations are less likely to survive as viable entities after a disaster. As an example, 42.85% (150 of 350) of the businesses affected by the 1993 World Trade Center bombing failed to survive the event. Years later, the affected firms with good BCP documentation were back in business within days after the Sept. 11 terrorist attacks.
BCP creates and validates a logistical plan for how an organization will recover and restore interrupted critical functions after a disaster or disruption. It is the method by which an organization prepares for future incidents that could jeopardize the organization's core mission and long term health. These incidents range from naturally occurring disasters, i.e., earthquakes, hurricanes, etc., to pandemic illness, terrorism and simpler utility or facility outages.
There are normally five phases of the creation of a BCP:
-Analysis
-Solution design
-Implementation
-Testing and organizational acceptance
-Maintenance
As an organization navigates through these steps, Solitaire Interglobal Ltd. (SIL) can provide critical assistance in the production of a comprehensive and flexible plan. As part of the BCP creation, SIL provides significant analysis in the identification of threat and impact, and can model the various scenarios for key criteria. This allows the organization to then devote its energies to crafting the strategies that best suit the organizational objectives and constraints.
The SIL risk assessment modeling takes into account many factors. In the
forefront of this assessment is the impact of various business disruption
scenarios on both the institution and its customers. This is tempered by
analysis that looks at the probability of occurrence. It takes into account
the loss impact on information services, technology, personnel, facilities,
and service providers from both internal and external sources. Indicative
impact is also generated that touches on some peripheral items, such as
the safety of critical processing documents and vital records.
SIL BCP models document critical BCP components, such as the time frame
in which the vital function must be resumed after the disaster, and the
business and technical requirements for that recovery. SIL threat analysis
helps define the most likely threats that should be addressed in the BCP.
These threats can be from many sources, including disease, storm, flood,
cyber attack, terrorism, utility outage, etc. SIL models the geography of
all an organization’s locations and facilities, their susceptibility
to natural threats (e.g., location in a flood plain), and proximity to critical
infrastructures (e.g., power sources, nuclear power plants, airports, major
highways, railroads) when assessing the probability of a specific event
occurring. These impact scenarios are generated within the SIL BCP models
with cost, risk profiling and probability analysis. All of this information
is provided in electronic and hardcopy form, and can be easily included
in the formal BCP documentation. Disaster recovery plans frequently include
areas outside of the IT applications domain. SIL will include those components
in the model as desired.
Since this documentation is critical to the successful business recovery,
the SIL output covers a wide range of information for each scenario. Staffing
and facility requirements are included, covering such diverse metrics such
as the numbers and types of desks and the peripheral requirements like printers,
copier, fax machine, etc., as well as some of the other business environments,
such as production, distribution, warehousing etc.
A supplemental goal of BCP efforts is the identification of the most cost
effective disaster recovery solution that meets the minimum application
and application data requirements, and the time frame in which the minimum
application and application data must be available. That optimization effort
is integral to the SIL modeling process.
SIL increases the speed of the plan production and its comprehensiveness
by applying its heuristic data to the impact analysis, threat analysis and
identification of critical requirements within the plan. The impact analysis
output from SIL helps in the differentiation between critical and non-critical
organization functions. Since what constitutes a critical function varies
among organizations, the definition of what damage is regarded as unacceptable
is developed in concert with the customer team. And since the perception
of the acceptability of disruption may be modified by the cost of establishing
and maintaining appropriate business or technical recovery solutions, SIL
produces a full cost analysis as part of its model. This model also takes
into account those functions that are mandated by law.
The BCP effort does not end with the initial creation of the plan. As the
implementation phase is initiated, SIL takes the information from the BCP
tests and calibrates the model with timeframes and expands it to include
any surfacing anomalies. Since the BCP is normally executed on a biannual
or annual schedule, SIL can validate and update the BCP model after each
test.
As the organization changes its applications, business functions and requirements,
the BCP should also change. The SIL BCP model will evolve to keep pace with
the current environment, and can be used to provide a safety check for emerging
problems.