When a business or organization chooses their business continuity strategy, it should reflect the recovery requirements in the corporate policies of that organization. It should be the most cost-effective solution although this may not always be possible within the practicalities of day-to-day business.

There should be two to three options developed, each providing a complete solution to the recovery requirements. Any strategy for recovery will always be a balance between acceptable expenditures to the organization versus the peace-of-mind it provides for those who are charged with running and progressing the organization. Any strategy should also demonstrate a clear understanding of the recovery planning objectives and reflect what the business needs to continue.

It is therefore essential that there is utmost confidence in the Business Impact Analysis (BIA), which identifies the critical functions that must be recovered; their minimum levels of activity that they must be recovered to; and the maximum acceptable outage time for each function.

Types of Contingencies...

1. In-house - The least risk option, but potentially the most expensive, is to setup an in-house contingency. Such a facility could be put in for everything from office space or warehouse space to production environments.

Some advantages of this option would include:

• Facility is built to the exact required specifications.
• Facility can be accessed without time constraints on occupation.
• Testing can be facilitated at anytime or at any activation level.

Some disadvantages would include:

• Cost of the facility.
• Depreciation of additional assets.
• Maintenance and update requirements.
2. Third Party Contracts - Computing facilities that have a varying degree of space and/or hardware in place to facilitate a recovery.
3. Cold Site - Usually consisting of a shell or computer room space with minimum or little equipment already on the floor. Environmentals are usually in place but not activated.
4. Warm Site - Computing facility that has some equipment available although it may not be powered up and running. Some special equipment may need to be procured. Systems and applications have to be setup and installed.
5. Hot Site - Computing facility that matches your hardware / software / network requirements and is loaded with your operating system. The equipment is up and running at all times and normally, secondary backup sites are available.
6. Reciprocal - If an organization enters into an agreement to assist another part of the organization or a totally separate organization, then this is termed a reciprocal arrangement. Such agreements for reciprocal recovery ensure that should one site be affected, the facilities of the other become available to the agreeing party. It should be noted that when one business relocates to another, the impact of the disaster is sometimes exported to that second business.

   Although reciprocal arrangements incur minimal cost, they require considerable thought to ensure the recovery of the affected organization is not compromised. For this reason, whenever possible, such agreements should be written and not left as a "gentlemen's agreement".

   An advantage of this option would certainly be the minimal cost but some disadvantages could include:
• Existing spare space in the receiving premises may be limited.
• Technology requirements may be stretched or limited potentially impacting the receiving premises.
• Duration of occupation may be limited.
• Reactive - Businesses can secure replacement facilities or equipment at the time of disaster and this is frequently done for minor events such as hiring a piece of presentation equipment if the in-house one fails. However, unless it has been determined that your business and/or equipment can easily be replaced within the established recovery time objectives, this option lends itself to inherent risks. While the cost of the option may be low, some of the risks are:
  1. That no suitable properties will be available when needed.
  2. Specialized equipment may not be procured quickly enough.
  3. Cabling infrastructure requirements will be needed.
  4. HVAC and environmental issues.
  5. Location.
  6. Lease/occupancy contract arrangements.
  7. Usage versus permitted use.

Organization and Administration Support Issues...

Any business continuity strategy requires a distinct infrastructure to ensure that the recovery is effectively managed. It is preferable to select a unique and specific structure consisting of suitable individuals who are capable of implementing the Business Continuity Plan. The individuals will need to be organized into teams with specific responsibilities for certain actions of response and recovery. Throughout the recovery, the organization would operate under this structure, thereby ensuring that only individuals required for the organization's timely recovery are present and organizing the relevant actions and activities.

It is important to recognize that a recovery usually requires two recovery teams or tracks of recovery activities. One team, or track, would focus on the recovery at the contingency site which obviously takes priority if business is to be resumed as quickly as possible. The second team would assess and address the potential damage at the original site and plan for the corrective action necessary to bring the facility back to pre-incident levels of activity.

For more information regarding the teams required for recovery, refer to the Emergency Response page on this website.

Vital Records and Paper Documentation Issues...

Even in our present technological era, we are all still heavily dependant on hard copies of information and data. The move towards a paperless environment has been aided by the use of microfiche and document imaging, however, for a large number of organizations, the need for paper records "of work in progress" is still a reality. Obviously, paper documentation is particularly susceptible to damage from physical disasters which is why it is necessary to encourage employees to safely store essential documentation in closed draws or filing cabinets and archive records off-site or in fireproof cabinets if they are of critical nature.

Where possible, review how essential documentation could be replicated if it became necessary to do so. The business continuity strategy should have helped to determine which assets, including documents, are essential for recovery and therefore require protection. If there are items which are not possible to guarantee being available but which are essential to the continuation of the business, then these should be detailed beforehand and "workarounds" considered to negate the effects of such unavailabilities.

Restoration...

Restoration should be a part of any recovery strategy although many aspects of the restoration program can only be determined once the damage occurs and the effects are assessed. A considerable number of preparative measures can be planned beforehand to ensure effective and focused actions are taken in the very early stages of a recovery. These actions can dramatically reduce the impact of a disaster and the overall time it takes to recover. Some of these actions are:

• Bringing together the right skills base to accurately assess the damage to the premises and assets so that the options for recovery can be rapidly and objectively assessed.
• Identifying the assets which are essential to support the critical activities as well as the location of the assets.
• Identify potential assets with long lead times needed to replace or unique equipment that is no longer manufactured and develop recovery strategies for the loss of this equipment.
• Identify any potential outsourcing solutions for production processes while restoration is in progress.

Salvage Considerations...

In the immediate aftermath of a physical disaster, there are two major unknowns:

• How serious is the damage?
• How can we keep the damage from getting worse?

In all instances, therefore, part of the recovery strategy should address the coordination of skilled personnel to ensure the damage is quickly quantified and qualified so that time for recovery and the extent of remedial activity can be determined. Secondly, there needs to be coordination of the activities to stabilize the damage so that the initial losses do not escalate further. An example of this is the rapid freezing of water-soaked documents to prevent further deterioration. The business continuity strategy should consider a salvage and restoration contract with an outside professional firm, if necessary, as part of the overall risk management of the business.