Business Continuity Planning and Liability Best Practices

Business continuity planning and liability best practices can not be summed up in a couple of short paragraphs. In fact most execs don’t know squat about the subject, no matter how much is written about it!

Business continuity planning and liability best practices – true costs of disruptions

A July 2003 opinion poll by EMC/RoperASW highlights the disparity between business execs and CIO/IT management of perceived risks and disruptions to business.

In a recent article it was highlighted that these findings have several implications. As IT executives move up from their traditional roles as IT caretakers to top-level business leaders, they take on responsibility for understanding the risks and working with the business units to quantify the impact of disruptions.

The CIO's job includes justifying an investment in business-continuity planning, proactively developing architecture, and helping sell an implementation plan. Failure to do so creates a liability that shareholders and board members aren't likely to tolerate.

Business continuity planning and liability best practices –what are the liabilities?

Before getting started with a business-continuity plan, CIO’s should ask some strategic questions:

• Have we created a financial-impact model for the per-hour cost of outage and the effect on revenue, profit, and legal actions? Assuming the hourly cost is millions of dollars, how would a prolonged outage affect profit?

• If a major disruption occurs, can we recover and in what time frame? What if it takes longer? Has someone outside of IT reviewed the priority of processes, people, systems, and applications? Are our procedures adequate, and will our personnel have the skills and tools to minimize the loss of profits?

• What legal and compliance implications are not factored into our plans?

• Which suppliers are critical to the effort? Have they updated their plans to include an evolving global delivery model?

• Have we included the corporate risk department in the analysis? Are we compliant with the requirements of the Sarbanes-Oxley Act of 2002? Are CXO’s willing to sign off on a commitment to business continuity?