IWCO Direct has written several articles recently about the value and importance of operational business continuity (including topics from Mail-Gard, our dedicated print-to-mail recovery service), which helps us ensure that in the event of a business disruption, we’re prepared to keep the day-to-day operations of both our clients’ mailing programs and our own functioning as needed.
But an important thing to remember is that behind these plans is a complex network of technologies allowing communications, data transfer and storage, processing, and reporting. Consider an example: A domain controller (Active Directory) is used for authenticating and authorizing users. The same system is also used to apply and enforce security policies to all computers. If this system goes down, how will users sign in to their computers? How will security controls be enforced?
Consider another: An email exchange server (like Microsoft Exchange) is used to manage contacts, emails, and calendar invites. If this server fails, users across the enterprise—including those on mobile devices—will struggle to communicate. How do you prevent this from happening?
These are the situations that IT business continuity plans and disaster recovery plans are intended to address.
You Can Say That Again: The Importance of Redundancy in Your IT Business Continuity Plan
The answer for many of these issues is redundancy, i.e., a duplicate system or data to be engaged in the event that the primary fails. A good business continuity plan will consider the recovery requirements of stakeholders—both internal (e.g., management, departments, etc.) and external (clients, regulators, etc.)—to determine which systems are most critical to keep business functioning as needed, and how quickly they need to be recovered. The most essential systems should be replicated to an environment not likely to be impacted by the same disruption (e.g., a data center in a geographically different location) so that service can be resumed as quickly as possible, ideally without disruption to employees or clients.
Continuity plans should also address the need to engage vendors and strategic partners in the event that outside assistance is needed. These vendors should be regularly assessed to ensure that they are prepared to meet recovery timelines in the event that a disruption occurs.
Testing: The Real Gauge of Effectiveness
Earlier this year, my colleague, Mike Henry, VP of Mail-Gard, discussed the importance of on-going testing as part of a successful print-to-mail disaster recovery plan. Likewise, the effectiveness of an IT business continuity plan can only be proven by thorough testing. To ensure that plans actually meet recovery objectives and that they are usable and effective in the event of an actual disruption, IWCO Direct tests plans regularly, at least annually. These tests should ideally involve the actual individuals and/or parties responsible for executing the plan. Lessons learned should be documented, communicated to stakeholders, and used to continually refine and improve existing plans.
Keeping critical systems functioning during a disruption is essential to ensuring the continuity of both business and information security. With built-in redundancy and robust testing, companies that handle information can be certain that data is secure, up-to-date, and protected.
Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.