Business Continuity and Disaster Recovery: Better Together

In the Better Together blog series, we take a look at how business continuity can support other functional areas by creating an information foundation from the data that business continuity collects from multiple sources across the enterprise. Here, we explore how business continuity and disaster recovery are better together.

Business continuity and disaster recovery share many of the same priorities, but there are key differences. The term “disaster recovery” typically refers to re-establishing the IT infrastructure and IT services to support the continuity of critical applications following a disruptive event. “Business continuity” goes beyond that to include the people and processes who work with the IT infrastructure, applications, and services.

Specifically, IT disaster recovery priorities include:

  • Providing IT infrastructure to support critical applications following an incident minimizing downtime and data loss
  • Overseeing technical resources to support recovery
  • Managing resources to support validation without impact on production

Business continuity’s information foundation can be very helpful to disaster recovery with regard to the third priority. For example, assume that the disaster recovery team is preparing a component recovery validation of a Linux server. The validation of the active-passive recovery strategy involves moving workload from the production server to the recovery server. As with any activity involving production data, there is a risk of unanticipated impacts.

Using the information foundation, the disaster recovery team can quickly see all related components and applications. Since the information foundation is based on process data gathered during the BIA, data concerning process criticality and the critical processing time periods are readily available. For instance, the information foundation might show that the server supports the revenue capture process, and that the most critical time of the year for this process coincides with the targeted fail-over validation schedule. Based on this insight, disaster recovery might choose to reschedule the component exercise to reduce risk to the production critical process during its most critical processing period. This reduction in operational risk via a better understanding of business processes is an example of increased resilience supported by the information foundation.

For more real-world examples of the information foundation in action, read our whitepaper Creating the Foundation for Increased Business Resiliency and Efficiency.

3 Priorities for Disaster Recovery Managers

Business continuity and disaster recovery share many of the same priorities – but there are key differences. The term “disaster recovery” typically refers to re-establishing the IT infrastructure and IT services to support the continuity of critical applications following a disruptive event. “Business continuity” goes beyond that to include the people and processes who work with the IT infrastructure, applications, and services.

Specifically, IT disaster recovery priorities include:

  • Providing IT infrastructure to support critical applications following an incident, minimizing downtime and data loss
  • Overseeing technical resources to support recovery
  • Managing resources to support validation without impact on production

Business continuity’s information foundation can be very helpful to disaster recovery with regard to the third priority. For example, assume that the disaster recovery team is preparing a component recovery validation of a Linux server. The validation of the active-passive recovery strategy involves moving workload from the production server to the recovery server. As with any activity involving production data, there is a risk of unanticipated impacts.

Using the information foundation, the disaster recovery team can quickly see all related components and applications. Since the information foundation is based on process data gathered during the BIA, data concerning process criticality and the critical processing time periods are readily available. For instance, the information foundation might show that the server supports the revenue capture process, and that the most critical time of the year for this process coincides with the targeted fail-over validation schedule. Based on this insight, disaster recovery might choose to reschedule the component exercise to reduce risk to the production critical process during its most critical processing period. This reduction in operational risk via a better understanding of business processes is an example of increased resilience supported by the information foundation.

Putting it All Together to Achieve the Best

With more than 70 million customers, Cambia Health Solutions puts a premium on business continuity – and Kelley Okolita, Director of Disaster Management, knows how to deliver. Under her leadership, the company was able to boast of having great plans packed with huge amounts of data, a fully-recoverable data center, and the engagement and confidence of users at all levels of the organization.

Some business continuity leaders might be content to stop there – but not Kelley Okolita. Okolita is a thought leader in the realm of business continuity, and an author of a book on building enterprise recovery programs. With more than 25 years of experience under her belt, she wanted to take Cambia Health Solutions’ business continuity program even further. To do so, she called on Fusion Risk Management.

You put in place a strong business continuity program at Cambia Health Solutions. What was missing?

We had data contained within our business continuity plans, but no way to mine that data easily or to report on it. Consequently, we couldn’t answer important questions such as, “Who uses this application?” or “What would be impacted if this equipment went down?” without checking each plan individually. We also could not leverage the data we collected for other business cases in the organization.

What visibility did you gain with the Fusion Framework?

All the elements of the business continuity program are now connected in such a way that it makes it easy to see the big picture. For example, we can identify points of failure that previously would have been hidden and take steps to mitigate that risk. Most importantly, we tie everything back to a business process, which allows us to instantly see who and what would be impacted by the failure of a specific site, a piece of technology, an application, a supplier, etc.

How does Fusion help drive decision-making?

We are no longer making decisions based on what people perceive or believe to be true – we are dealing with facts. For example, if we are asked a question by our executive team, we don’t say, “Well, we think this,” or, “Maybe that would do the following.” Instead, we can state, “Here’s the data that shows what would be impacted by this action.”

How does Fusion help your bottom line?

The number of risks is always increasing, but we don’t have unlimited dollars to mitigate those risks. Fusion has given us the ability to spend our mitigating dollars on the right risks.

 


 

To learn more about how Kelley and Cambia have grown the business continuity program, read her full interview.