Example Business Continuity Plan For Online Business

Online based businesses are 100% dependent on IT services, but a lot of them don't even consider the scenario of what will happen in a situation of IT failure of the IT systems hosting their business/service.
Furthermore, a lot of online business owners simply rely that their hosting providers will recover their services -THIS IS WRONG - they will restore the information, but not necessarily functionality!
Here is an analysis and a summary plan for business continuity of an online business:

First, a couple of definitions:

  • The goal of business continuity is to resume business operation in a reduced but controlled manner after a disaster which impacts operation - until full recovery is achieved
  • The goal of disaster recovery is to resume IT operations after a disaster which impacts IT operation - until full recovery is achieved

Requirement analysis
For large companies, the initial step of planning business continuity is the Business Impact Analysis (BIA), during which the company identifies which processes are critical to the company's survival and need to be restarted immediately, and which can be restored later.

For small online portals/services these have the following processes:
  • Service Delivery - actual service running on web and database servers
  • Service Development - design, programming, upgrading, bug fixing of the service
  • Sales and Marketing - promotion, communication with affiliates
  • Accounting and back office operations - self explanatory
To simplify the BIA process, let's grade each process with a number by which we indicate which service process to be restarted at what time. Here are the numbers and their meaning:
  • 1 - Process must never stop, immediate restart is needed
  • 2 - We can survive without this process for 1 day
  • 3 - We can survive without this process for 5 days
  • 4 - We can survive without this process for 15 days
So, for our processes, these are the numbers
  • Service Delivery - 1
  • Service Development - 3
  • Sales and Marketing - 2
  • Accounting and back office operations - 3
So, the most critical process (surprise) is Service Delivery. This process is bound with network, hosting, servers, databases. Our continuity plan will limit itself to this process and only to one incident that can impact this process. The real Business Continuity Plan should take into account multiple incidents (power outage, DoS, loss of DNS, virus)

Example Business Continuity Plan

I. Incident type - Loss Of Application and Database Data due to hosting server errors
Steps to achieve continuity
  1. Post a temporary information and contact page on alternative free hosting - Time to achieve - 15 minutes
  2. Redirect DNS to temporary information page - Time to achieve - 10 minutes
  3. Investigate whether servers are available. If not available, consult the list of alternative hosting providers that can provide hosting for 1 to 3 months - Time to achieve - 1 hour
  4. Restore latest trusted backup of Database to operational DB server - Time to achieve -1 hour
  5. Restore latest trusted backup of Web Application to operational Web server - Time to achieve -30 minutes
  6. Perform functional test of updated infrastructure - Time to achieve - 1 hour
  7. Redirect DNS to temporary information page - Time to achieve - 10 minutes
Total maximum time to recovery - 4 hours

Resources to achieve continuity
  • Temporary page prepared and available for publishing
  • Funds on credit card to purchase hosting for 1 month
  • List of alternative hosting providers which can support the application with contact information
  • Functional broadband link - alternative, direct access to hosting provider premises and vehicle for transport
  • Database Administrator/Developer available for activities
  • Web Application Administrator/Developer available for activities
  • Trusted and Stable Backup of Database
  • Trusted and Stable Backup of Web Application
Naturally, the plan must be tested that it works

This example plan is very limited (one process, one incident) but this is the general structure of a continuity plan. But for an online business, in which every second of downtime counts, such a plan may be the difference between a minor incident and loss of business

Talkback and comments are most welcome

3 comments:

Global said...

Hi

Your blog is very informative n helpful .. thanks…..keep it up.
www.seostep.net

Steve Coleman said...

Good planning always helps overcome disasters such as an IT crash.

The important thing to remember though is that you get what you pay for.The best IT service provider that you can afford will reduce the chances of downtime dramatically.

IT downtime also severely hurts bricks and mortar businesses. How would you like to have do your accounts manually once again?

Steve Coleman
http://www.businessmanagementbasics.com

Andrew said...

Some excellent advice here.
Only thing I would add is that initial start ups have limited resources in which to utilize such IT services. However if they can afford it, it is an excellent investment and money well spent.
Another thing is to have backup/restore plans, everyone should have one and they should be tested to ensure they will work! It is not enough to just have a plan!

Andrew Plaisted
http://www.eraserve.com

Designed by Posicionamiento Web