The Advantage of Business Continuity Software Part One: The Impact of a Continuous BIA

Impact Analysis worksheetThe business continuity and disaster recovery (BC/DR) software market is currently flooded with varying degrees of continuity manager software that can all perform roughly the same tasks. As a business this can be in your favor due to supply and demand paving the way for better prices and enhanced competitive features.

However, with so many options, it can be overwhelming to sort though all of the available continuity software until you find one that suits your company. In this three part blog series, we'll explain what we've found to be three of the most valuable features you should ask for in your business continuity manager software. First up, let's discuss a continuous Business Impact Analysis (BIA).

What Is a Continuous BIA?

A BIA is necessary to establish parameters within your organization as to better estimate, if there were an incident, what would be the best solution to get your company back on its feet and how fast you would need to recover.

A continuous BIA (offered in most business continuity software) can be updated regularly so you can ensure compliance with your industry's regulations and maintain a well-developed plan to coincide with your business's growth and expansion. It will retain the data from your last update, never resetting or deleting. The interaction that software provides can far outweigh that of a one-time-use template.

How Does a Continuous BIA Keep You Compliant?

No matter the industry, regulations exist to ensure quality, safety and best practices. These guidelines are also associated with large penalties and fees for not meeting minimum compliance requirements. A continuous BIA, unlike simple template forms, allows you to keep your BC/DR plan up to date on compliance and government regulations.

By having software that can track the completion of your plan, you are better able to see your progress towards being compliant. Also, because of the control given to the user to update and revise continuity goals, you'll be able to easily incorporate new regulations as they arise.

How Does a Continuous BIA Accommodate Growth and Expansion?

Profit and customer growth are universal business goals driven by passion and ambition. Because of this, businesses are constantly evolving to the trends of their consumers' markets to expand their reach into new territories.

These expansions could mean new software applications, upgraded tools and equipment or even an increase in employees. To keep up with the movement of your business and maintain a well-developed and up-to-date BC/DR plan, having the capability to continually update your business's BIA is crucial.

Business continuity manager software that includes an adaptable and accessible BIA can provide the most effective impact on preparation and implementation of you BC/DR plan. We recommend, at a minimum, updating your BIA once a year.

When was the last time you updated your BIA? What did it reveal to you? Comment below to share your experience with business continuity manager software, and how it has benefited you.

Fire Hydrants and BC/DR Plans: How Testing Can Help Put Out Potential Fires

Red Fire Hydrant
The importance of testing your business continuity and disaster recovery (BC/DR) plan has never been a dry subject for us at Rentsys. With 2015's record-breaking fire season coming to a close, we wanted to learn a little bit more about the value fire departments find in testing their hydrants, as well as how we can learn from their examples. Steve O'Neal, a Rentsys account executive, recently spoke with a local safety officer and found several similarities between testing fire hydrants and testing BC/DR plans.


The National Fire Protection Association (NFPA) sets a standard for the minimum water flow that hydrants must meet. Testing hydrants ahead of time not only ensures the codes are satisfied but also maintains quality. If hydrants aren't regularly maintained, they can rust, causing parts to snap off.

If your business is subject to industry regulations like fire hydrants are, it's important to test your BC/DR plan regularly to ensure you're meeting the compliance requirements. Otherwise, you expose yourself to potential regulatory violations, such as excessive downtime or rusty procedures, endangering you to security breaches.


Hydrants are a part of a huge underground network that provides water access to an entire community. Sometimes valves have to be temporarily closed to allow for maintenance, but due to the complexities of this network, water flow can be reduced without ever being fully cut off from users. Unfortunately, sometimes after the work is completed, these closed valves are forgotten and not reopened. While this omission doesn't affect the community on a day-to-day basis, the reduced water flow wouldn't be sufficient to put out a fire when needed for an emergency.

Similar to hydrants, your BC/DR plan needs to be updated and maintained to coincide with the progress of your company. Facilitating your business growth requires you to revise, modernize and develop your current and future products and services, as well as the tools you use to deliver them. However, if you don't consistently update and test your BC/DR plan to ensure that it keeps up with the innovation of your business, your plan won't offer the full flow of information you need to calm the fire, so to speak, when it comes.

Avoiding Neglect

One of the dangerous consequences of not regularly testing hydrants is that they become hidden, either by overgrown plants or by decorations placed by residents who find the sight of hydrants unpleasant. Unfortunately, when a crisis occurs, these obstructions can make it almost impossible for firefighters to find hydrants and carry out their jobs.

Just as residents don't want to look at fire hydrants, many companies don't like to dwell on BC/DR planning because it's not always pleasant to think about. Instead they focus on revenue, shareholders or customer growth. A common issue that we've seen over the years is businesses that have a plan but don't make it a priority to regularly test. This leaves the BC/DR plan to get buried under more gratifying things such as profits.

We recommend taking the time to fully test your BC/DR plan at least once a year to help you work out any kinks before a disaster actually strikes. How often do you test your BC/DR plan?

For more tips on how to test you BC/DR plan, check out our post "Business Continuity Awareness Week: Testing Business Continuity Plans."

Integrating Disaster Recovery and Crisis Communications

When your business experiences a major interruption, a disaster recovery (DR) plan is essential to keeping systems up and running and restoring business-critical data if necessary. 

It’s also important to keep your customers and stakeholders in the loop about what’s going on within the walls of your organization and how that affects them — especially for an isolated crisis such as a data breach. That’s where a crisis communications strategy comes in. (We talked more about creating a crisis communications plan in a recent webinar with DRJ. You can watch it here.)

The Problem of Isolated DR and Crisis Communications Plans

The challenge is that both plans aren’t always handled by one department. The IT department takes control of DR, and the PR department or another business unit typically manages the crisis communications strategy. Ideally, these strategies should be developed as part of an overarching business continuity (BC) program, but for businesses without a documented BC strategy or poorly governed BC programs, the DR and crisis communications plans can develop independently of each other. In a crisis scenario, this could result in a disjointed response strategy, which can make the business seem flighty and untrustworthy.

If your organization struggles to integrate DR and crisis communications, you may be wondering how you can break down the silos between the departments who handle each of these plans. Below are our recommendations.

Remember the Common Goal

First and foremost, it’s important to remember that both the DR plan and the crisis communications plan should have a common goal: to protect — or even enhance — your reputation throughout a crisis. To accomplish that goal, there needs to be a collaborative initiative involving both personnel and technology.

Identify Specific Objectives

For the DR and crisis communications plans to work effectively together, it’s critical to first identify the desired outcome. For instance, what are your recovery time objectives and recovery point objectives? Are there any compliance requirements you have to meet? Do you have any service level agreements tied to business deals? What are your corporate goals? When deciding what objectives you need to meet, be sure to avoid general answers and agree on specific, measurable criteria.

Implement the Right Tools

Both plans will continually evolve as the business’s objectives, strategies and technology change. That’s why it’s crucial to document current versions of finalized plans, as well as any crisis communications information (media contacts, drafts of press statements, executive and corporate bios, etc.). In addition, each team member should be aware of their unique responsibilities as well as what other teams are working on at that moment. A cloud-based business continuity planning software solution is a good way to organize this information in a central location.

Because time is of the essence during a crisis, also consider implementing a mass notification tool to communicate quickly with key team members. Some tools integrate with BC planning software platforms, which can further streamline plan implementation. Once the crisis communications team defines what it wants to accomplish, the IT group can suggest technical options that help support that strategy.

Despite the challenges, integrating the DR and crisis communications strategies is indeed possible — and necessary. What barriers have you encountered when trying to integrate DR and crisis communications? How are you working to overcome them? Let us know in the comments!

[Webinar Recap] Crisis Communications: The Modern Do’s and Don’ts

Crisis Communications: The Modern Do's and Don'ts Presentation Slide
In today’s world, disasters such as cyber attacks and data breaches are becoming routine. At the same time, social media is transferring the role of reporter to its users, who are able to broadcast their version of the news as it unfolds — accurate or not. So how do you protect your business from a crisis?

Jeffrey Bell, partner for Gallatin Public Affairs, and Brandon Tanner, senior manager for Rentsys, addressed this topic in the recent Disaster Recovery Journal webinar “Crisis Communications: The Modern Do’s and Don’ts.”

As Jeff explained in the presentation, having the proper communications plan and tools in place gives you more control over the outcome of a crisis. In fact, the goal of an effective crisis communications plan is to enhance your company’s reputation.

To find out how to prepare your organization for a crisis, check out the recording of the webinar here.

[INFOGRAPHIC] Cost of Security

Did you know that in 2010, financial institutions continued to climb as the number one target for phishing attempts, representing 50 percent of the targeted industries? Further, the average cost of a cyber attack was nearly $416,000 to participating organizations.

Check out this infographic from Pragmatix to gain insight into the dangers of not being prepared for a security breach.

Cost of Security Inforgraphic

Cybersecurity is a growing concern. To learn about the FFIEC's new tool to help you assess your risk, check out our post FFIEC Update: Cybersecurity Assessment Tool.

Why High Availability Solutions Shouldn’t Replace Disaster Recovery Planning

24/7 floating over businessman's hand
These days the cloud is no longer a no-go for critical infrastructure. In a survey conducted by Infosys last year, 81 percent of respondents said they were already or were planning to use mission-critical apps in the cloud within the next two years.

With many cloud environments featuring capabilities for high availability, which by definition provide 99.999 percent uptime, how does that affect disaster recovery (DR) planning? If you manage all your applications in a third-party cloud environment with high availability built into the apps’ architecture, does that mean you can nix internal DR plans, procedures and tests?

The answer is no, and here are three reasons why.

You Need a Plan for Handling Data Corruption

DR planning is still a key component of the organization’s overall business continuity strategy. It’s important to have a high availability strategy for your critical systems and information, but if your high availability solution replicates errors, your data — while it might be available — would be useless. In that case, you’d need to fall back on your DR plan to recover that system.

Your Employees and Vendors Need a Plan to Follow

Even if you’ve outsourced management of critical applications, your employees still need to know what will transpire in the event of a power outage, facility loss or other incident. For instance, where will they work? How will they access the data and applications that are necessary to their job duties?

Your Cloud Provider Needs to Understand Your Environment

If you’re using a third party to manage your environment, it’s important to test so the vendor understands your environment. With documented and rehearsed DR plans, the vendor will be familiar with how to react during a business interruption and can do more on your behalf.

Although high availability is a key part of protecting your top-priority applications, it shouldn’t replace DR planning. To see what other components you should include in your DR plan, download our checklist.  

How Do I Get My Data Back If My Cloud Provider Goes Bankrupt?

It’s a business continuity and disaster recovery planner’s worst nightmare: You wake up to the news that your cloud provider — the one that houses your critical data — has gone under. How do you get your data back?

Going out of business sign
The scenario isn’t entirely unheard of. In 2013, cloud provider Nirvanix announced it was closing its doors and told customers they had two weeks to migrate their data to another location. This announcement, however, should not have come as a surprise to customers. According to InfoWorld, Nirvanix had been informing its customers that it was having financial difficulties and at one point informed customers and partners that they could no longer upload data to the Nirvanix cloud.

Your provider going bankrupt should not come as a surprise to you, either. Before working with a cloud provider (or any other vendor who manages your critical data), you should assess the vendor’s financial situation as part of the due diligence process. If there are any red flags, proceed with caution.

No matter the financial situation of the provider, the contract you sign should have provisions around what happens with your data in the event of bankruptcy, default, etc. These provisions could include arrangements for transferring the data to another cloud environment or copying your data to external media and returning it to you.

If a provider won’t add a contract provision that protects you in the event of a bankruptcy, consider looking at alternate vendors.

For more guidance on choosing the right cloud provider, check out our post "11 Questions to Include in Your IT Vendor Due Diligence."