Just because you run a small business, doesn’t mean that you should take business process management any less seriously than the larger, more mature organisations. Maybe the recent lockdown has prompted you to reconsider some of the elements of your own Business Continuity Plan (BCP), or perhaps you’re realising that now is the time to boost some of the elements of your own Disaster Recovery strategies. In this blog post, we share 5 ideas of things you may want to consider when formulating a business continuity plan as a small business, such as ours.
At nubeGo, Business Continuity Planning (BCP) was one of the very first things we did when we founded the company, and our ability to continue working, whatever the world throws at us, was at the forefront of our minds when we selected our IT platforms. As a Cloud-first global organisation, nubeGo was founded on the principle of ensuring that every IT platform we choose must be able to provide us access, wherever in the world we are working. For us, like many small businesses, Business Continuity is critical to our ability to get through challenging times, or unexpected incidents that might cause interruption to our normal business activities.
Write the Plan Down
A formal business continuity plan may sound like overkill for your small business, but a BCP doesn’t need to be a weighty document, and definitely doesn’t require you to invest a small fortune with expensive BCP consultants. You can build a simple Business Continuity Plan from a lightweight template that should walk you through all the elements of business continuity that you should consider in the event of a significant incident such as lockdown, local disaster, or a major IT incident. Your BCP needs to consider the roles and responsibilities for decision-making and communication in the event of an incident. It also needs to evaluate and plan for how to recover each of the IT systems you use to achieve your most critical business processes, should any of them become unavailable. You can download a copy of our Business Continuity Plan template to use as your starting point.
Write a plan. Review it with your employees. Store is somewhere central that everyone can access (should they need to). Next time the world shuts down unexpectedly, everyone should know exactly what to do, and when!
Know your IT Risk
Business Continuity isn’t just about responding to physical disasters or wholescale operational changes. A good plan should consider what would happen even to a single business activity, if the services or IT systems on which it relies were to become unavailable.
As part of your BCP, you should evaluate every single IT system that you use to do business and understand the following:-
What would the impact be to my business if this system became unavailable?
For 3rd-party systems, what service level commitment can I expect? What is the risk to us?
How long can we realistically cope if the system became unusable? How quickly must we aim to recover the system (our Recovery Time Objective)?
If we can recover the system, and data may be lost, how much data is it reasonable for us to lose and yet still operate correctly (our Recovery Point Objective)?
What backup and restore procedures can we put in place to ensure we meet our RTO and RPO?
How can we mitigate the risk to our business of the system becoming unavailable?
What alternative systems could I use instead? Either as a permanent replacement? Or as a short-term coping mechanism?
The act of evaluating these questions for each of your IT systems really helps you to know and understand the risks to your business. For some applications, you may be surprised when you evaluate them, that you can probably cope for many days with no access at all. For others, you may learn how important it is to keep the system running at all costs - and perhaps these are places where you should invest more in building a robust Disaster-Recovery solution, or a work-from-home option.
Use Backup and Recovery Wisely
Once you’ve identified all your IT systems and evaluated your risk appetite for each of them, it's time to plan your recovery strategy for each. Performing regular whole-scale backups of IT systems and their data can be a time-consuming and costly process.
As a small business, you need to make difficult decisions on how much data to store, how often to back-up, and how much time and money you want to spend ensuring that an IT system can be recovered. Each of your decisions should be guided by the impact to the business (don’t spend a lot of time and money protecting a system that you know you can reasonably live without for weeks) and prioritised using the RTO and RPO objectives you’ve identified.
For business-critical systems, automated tooling such as AWS CloudEndure can help you to prepare a back-up disaster recovery environment, keeping all your servers and data in sync with your live systems. In the event of a major incident, you can automatically boost your DR environment to full-size and switch over your users to the back-up system, giving you time and space to investigate and recover the original.
Prefer Managed IT Services over On-Premise
The use of managed IT systems provided by 3rd party suppliers can significantly reduce your business risk for continuity planning.
At nubeGo, we made a very early business decision that we never wanted to maintain physical servers for any of our IT systems - this keeps us mobile, distributed and protected from some of the operational challenges of maintaining a server room or a data centre. Every one of our business-supporting systems is hosted in the Cloud and we have a guiding principle of “buy” rather than “build” for all new IT needs we identify.
When we evaluate a new IT need, we look at the cost implications of purchasing IT tools using the software-as-a-service model (SaaS) over purchasing the tool, installing it, and running it ourselves in our own Cloud accounts. We experimented a little with one or two tools where the SaaS subscription had initially felt cost-prohibitive to us as a small business. From our experiences, we can tell you that in every single case, the indirect cost of maintaining a server (all be it a Cloud-hosted server) always turned out to be more than the SaaS subscription. Going forwards, our default position is that all new tools should be SaaS managed services, unless there is a phenomenally good business driver otherwise!
Practice Disasters Regularly
How many of us can honestly say that we were “ready” for a complete lockdown of offices and buildings across our country? While many businesses have now adjusted to new ways of working, how many of us were able to switch instantly? The key to being prepared for unexpected events such as those we have experienced in 2020 is to practice both our Business Continuity plan, and our disaster recovery strategies regularly.
Once COVID-19 settles, and we return to our offices, set a regular date to practice doing it all over again. Plan a BCP simulation, at least once a year, to force your business to exercise Plan B!
For vIT systems, you can and should exercise your disaster recovery solutions regularly; either through a planned switchover between live and backup systems, or through a “game-day” when chaos is introduced to a test (or production) system to force everyone in the business to respond to disaster and evaluate how to recover quickly. Last summer, nubeGo worked with a large financial services group who conducted a full DR simulation every 12 months. In the space of 2 days, every single enterprise IT application was transitioned to a secondary site, and back-again, with zero customer downtime.
At nubeGo, the main thing that lockdown has taught us about business continuity planning is that we need to move even more of our utilities and local government accounts online! Working remotely has gone extremely smoothly, but there’s a growing pile of paper bills waiting for us back in the office.
If you’d like help planning how to mitigate your IT business risks, talk to us about automated Disaster Recovery tooling, or Cloud Migration services. Register your interest today here