Image courtesy of FreedigitalPhotos.net |
The same is true within the confines of a business organization. Everyone or anyone is a potential victim of accidents - whether it is a minor incident or a disastrous accident.
However, its disastrous effect can be mitigated by readiness with an extensive risk reduction plan or program. These plans or programs are called by various names- risk reduction, disaster recovery or business continuity. Whatever name it is called, it means that any organization must have one.
In one of my recent projects where I did a business process analysis for a client, I found several flaws or inconsistencies. These I showed and reported to the client.
As a backgrounder, this client has recently installed a new financial system, have undergone reorganization of their IT which is leaning more toward hardware technology than a system oriented orientation. Maybe you would have already guessed what are the possible ramifications of this kind of situation, which is also common anywhere.
Yes, you are right. It is chaotic. Although, the organization is not a large one, the transaction being handled daily is quite a challenge for the small number of staff they have. Thus the need to analyze and revise the whole business process within the current resources.
But on this article I will concentrate on one flaw that I have found that can have a tremendous consequence for the client if not properly addressed. What happens when disaster strikes?
Recovering from a disaster requires an organized and methodical response from the whole organization - a bottom to top involvement. If one has no existing plan or program, now is the time to have one, not when a known danger is already lurking on the horizon. It must be carefully planned and organized and it must be regularly updated.
Here is the basic framework.
- Objective Definition. In disseminating the program, everyone must have a complete understanding of what the program is attempting to achieve. That is why the objective must be described in a clear and concise way.
- The Organization. Here the roles and responsibilities of each person identified to be involved must be defined. It is also important to indicate the key person either by name or by position.
- The Communication Plan. This is an important part of the plan that almost everybody take for granted. However, the importance of having one or incorporating it in the program can bring invaluable benefits and nobody has to claim or complain that they were not informed or are not aware of how the program works.
- The Risk Management Plan. It is said that an ounce of prevention is better than a pound of cure. This idiom is also best applied to your disaster recovery plan. This is the heart of the whole program. Assess and analyze all the possible risks that can happen, including those that has a very, very low probability with the same rate of consequence. Nothing should be overlooked. Identify each risk, rate them and plan how it is managed - prevent, mitigate or transfer the risk to a more competent entity. This must be continually updated.
- The Recovery Plan. If despite all the prevention steps have been successfully implemented, still a major accident or incident happens, implementing your recovery plan must be done methodically. In this kind of situation mitigating the loss and work stoppage must be the primary goal. Recovery must be done in the shortest possible time. Define each steps to be taken and identify all the key persons that will be involved in the recovery.
In this age of system dependency, some organization may find this business continuity or risk reduction or disaster recovery program a secondary priority, but it should not be. Remember Murphy's Law? Anything that can go wrong will go wrong. So it is better to be prepared now than to be sorry later.
No comments:
Post a Comment