Windhoek — So someone broke into your office and stole the server? Now what? Chances are, if you do not have a business continuity plan in place, your business will go under. More than 70% of businesses that lose all business critical data do not survive for more than 2 years.

Below we are going to explore business continuity. I am quoting from Wikipedia for the discussion, but will also add some examples from my practical experience.

Business continuity is the activity performed by an organisation to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management, system backups, change control, and help desk.

Business continuity is not something implemented at the time of a disaster; business continuity refers to those activities performed daily to maintain service, consistency, and recoverability.

The foundation of business continuity are the standards, programme development, and supporting policies; guidelines, and procedures needed to ensure a firm to continue without stoppage, irrespective of the adverse circumstances or events. All system design, implementation, support, and maintenance must be based on this foundation in order to have any hope of achieving business continuity, disaster recovery, or in some cases, system support.

Business continuity is sometimes confused with disaster recovery, but they are separate entities. Disaster recovery is a small subset of business continuity. We will look at disaster recovery in more detail in subsequent articles.

The term business continuity describes a mentality or methodology of conducting day-to-day business, whereas business continuity planning is an activity of determining what that methodology should be. The business continuity plan may be thought of as the incarnation of a methodology that is followed by everyone in an organisation on a daily basis to ensure normal operations.

The business continuity programme: This is an ongoing management-level process to ensure that necessary steps are regularly taken to identify probable accidents, disasters, emergencies, and/or threats. It also involves (1) assessment of the probable effect of such events, (2) development of recovery strategies and plans, and (3) maintenance of their readiness through personnel training and plan testing. We will explore impact assessments also in subsequent articles.

Policies are those things mandated by the management of an organisation that will always be performed according to a preset design plan, and supporting all business functions within an organisation.

On a very basic level I have a business continuity plan in place for my personal work. I am using my MacBook together with a TimeCapsule. Should my MacBook get stolen or the hard-drive break, I simply buy a new MacBook, hook it up to the TimeCapsule and my machine is restored with all its settings, applications, documents, pictures, music, movies etc. My machine will be exactly the same as I left it after the last backup.

So my policy is to ensure that the backup runs every hour when I am at home. Why do I do this? Well, because my informal impact assessment indicated that I would be extremely frustrated if someone stole my machine and I lost all my photos. But what if someone steals by MacBook AND my TimeCapsule? I would be left without anything. So until next time I meet you in this column, I will have to revise my business continuity plan.

We'll talk more about business continuity next week, and remember......keep it (A)FRESH!