In the past few days, Superstorm Sandy left such a massive trail of destruction and disruption that organisations around the world are forced to take a close, hard look at their disaster recovery strategies. Because when such events shake up large swathes of life, business can no longer be as usual.
Nevertheless, organisations must do what they can to spring back to normal functioning. And those that have thought through disastrous scenarios prior to their occurrence usually do. In India when the people of a city are attacked by terrorists time and again, they bounce back in a matter of weeks or even days. They are usually said to be resilient.
But what about businesses Can businesses, like the never-say-die-spirited people, be resilient in the face of extreme events They canif they adopt the right strategies and attitudes to disruptions.
For an organisation, business resilience is the ability to rapidly adapt and respond to business disruptions and to maintain continuous business operations, which in turn helps them to build trusted relationships and enable growth. True business resilience starts with understanding exactly what the business needs in order to survive unexpected events and plan ahead for sudden changes that could come at any time.
Organisations should think of business resilience as their ticket to continued business service and operational continuity with proper planning, readiness and the ability to respond quickly to any threat or opportunity.
Whether an IT or business-related event or a natural disaster, the challenges that companies must prepare for are multitudinous. Focusing only on disasters leads organisations to work defensively, but a proactive approach to business resilience helps enable them to respond to an unexpected event more quickly and cost-effectively.
To get an idea as to whether a business is ready for the next threat, interruption or challenge, decision makers must ask themselves a few key questions:
Has the business recently experienced a disruption What impact did it have on its operations
What risks pose the greatest threat to its continuous business operations
Are the business operations sufficiently scalable to accommodate a major increase in workload, in response to a spike in demand for its services
How does the organisations current recovery capacity match its peak business processing volumes
Have they considered the resilience capabilities of their key business relationships and third-party service providers
What are the critical business services and assets that must be protected to reduce or eliminate irrevocable damage
By identifying potential threats and vulnerabilities, organisations can design resilience solutions that can prepare them to respond and minimise the impact of disruptive events.
Meeting the challenges
Of course, there are challenges in implementing any resilience programme. One of the key challenges is assessing risk versus costhow vulnerable are you and how much will it cost to protect you
A second challenge is identify the correct business services and related assets to ensure the right level of protection for all of your critical business assets. In todays cost-constrained economic climate, there is intense internal competition for resources. As such, creating the proper investment case is crucial to realising success.
Another challenge for many organisations is determining which solution is best at providing the optimum amount of protection for the level of investment.
A key to successful business resilience is fully understanding the level of protection your business needs and then creating a strategic plan accordingly. One of the recommended approaches to business resilience is the use of resilience tiers.
Resilience tiers use a classification system that defines levels of resilience to match your business-driven requirements.
Resilience tiers span all business units, services or technologies and streamline the direction for building a resilient architecture. They provide an objective scale of classification for business resilience requirementsa set of consistent metrics and criteria across your organisation that are then linked to technical resilience requirements and capabilities.
Such a tiered approach will help protect organisations from wasting money on unnecessary technologies, while still providing effective business resilience. Needless to say, organisations dont have to wait for another Sandy.
The writer is director, Integrated Technology Services, Global Technology Services, IBM India/South Asia