Business Continuity/Disaster Recovery
Disasters happen everywhere and there is no way to totally prevent them, however this is not an excuse to postpone developing a step-by-step plan to ensure that when disaster strikes, your people can be safer, communications restored and operations resumed as quickly as possible.
Hurricanes, earthquakes and other natural disasters may come immediately to mind, but unforeseen business interruptions that are common in many areas include sabotage from vandalism, former employees and accidental damage. Any of these situations can instantly lose data, damage equipment and put your business in a precarious situation.
It does not have to be that way. At relatively low cost and without significant effort, you can take steps today with Stemp Systems to eliminate the threat of significant damage and business discontinuity so your company can more quickly recover from unexpected adversity.
On the Internet, you can find estimates that anywhere between 25%-80% of businesses that do not have a Disaster Recovery Plan go out of business after a major loss like a fire, a break-in, a storm or sabotage. However, to be fair, we have never been able to confirm any of these numbers. It is clear that if your company must be able to access its accounting, customer relationship management, human resources, database, email, phone system or the technology to earn a profit, then it is absolutely critical that you have a business continuity or disaster recovery plan in place.
The bottom line is proper planning prevents a temporary disaster, forcing your business into permanent failure. Stemp Systems can help you create a comprehensive business continuity plan that provides a straightforward, step-by-step process to be followed to restore the technology that supports your business immediately following a disaster, and in some cases avoid downtime altogether.
Please realize that when disasters occur, your clients often need you more than ever. Therefore, we help you develop a plan that achieves the following:
- Define and prioritize your most critical employee safety needs, communication requirements, business processes and technologies (“crucial needs”);
- Specify the sequence of crucial needs to restore following a tragedy;
- List the crucial needs you can slow or delay during the process of restoration; and
- Fully document how to simultaneously continue your most critical operations while your crucial needs are being fully restored within the capabilities of your backup and local governmental infrastructure.
Even in the best of circumstances, recovering from a disaster can be challenging. Catastrophes involve fear, panic and the need to make quick decisions. Having an easy-to-understand yet comprehensive disaster plan developed with a competent partner like Stemp Systems enables you to better provide safety for your employees, and more quickly reestablish communication and restore technology necessary to serve your people and clients.
One final note: Laws, regulations and shareholders expect organizations to proactively ensure the technology their company operates on is available, even following catastrophic events. Awhile back, Gartner analysts determined which laws and regulations most influenced business continuity and disaster recovery in healthcare and finance. Their findings are in the table below.
| Business Continuity / Disaster Recovery | |||
| Industry Sector | Significant Laws and Regulations | Impact on BCP | Comments |
| Healthcare | Health Insurance Portability and Accountability Act (HIPAA) of 1996 | Requires data backup plan, DR plan and emergency mode operation plan. Requires reasonable and appropriate measures relative to the size, complexity and resources of the organization. |
Requires increased budgets, new job descriptions, as well as additional staff and infrastructure. Typically an IT responsibility but may also be the province of the compliance officer or CFO. |
| Food and Drug Administration (FDA) Code of Federal Regulations (CFR), Title XXI, 1999 | Establishes the requirements for electronic records and electronic signatures. | Acceptability of electronic records and signatures may require that some organizations update their BC measures to ensure the availability of information. | |
| Finance | Federal Financial Institutions Examination Council (FFIEC) Handbook, 2003-2004 (Chapter 10) | Specifies that directors and managers are accountable for organizationwide contingency planning and for “timely resumption of operations in the event of a disaster.” | This chapter — on an operational level — supplants many other BCP guidelines. It covers examination requirements for all companies regulated by the Federal Deposit Insurance Corp. (FDIC), Federal Reserve Bank (FRB), Treasury Department, U.S. Office of the Comptroller of the Currency (OCC), Office of Thrift Supervision (OTS) and National Credit Union Administration (NCUA). |
| Basel II, Basel Committee on Banking Supervision, Sound Practices for Management and Supervision, 2003 | Requires that banks put in place BC and DR plans to ensure continuous operation and to limit losses. | After 2007, influence of Basel II will be limited to about 30 U.S. banks but will spread as a best practice via “audit creep.” | |
| Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System, 2003 | More focused on systemic risk than individual enterprise recovery. Requires BCPs to be upgraded and tested to incorporate risks discovered as a result of the World Trade Center disaster. | Influences companies that are regulated by Securities and Exchange Commission (SEC), OCC and Board of Governors of the Federal Reserve System (FRS). Authorizes the OCC to take action against banks that fail to comply with requirements for DR by the U.S. financial system. | |
| Expedited Funds Availability (EFA) Act, 1989 | Requires federally chartered financial institutions to have a demonstrable BCP to ensure prompt availability of funds. | ||
