Wooden Spoon: Blog

a green piece of paper with the words "business continuity planning" written on it

The Role of IT in Business Continuity Planning: A Comprehensive Approach

Every good business owner, board member, and executive knows the importance of business continuity. While you may hope and dream that your business will never face a serious disaster or event that causes widespread business disruption, the hard truth is that you’re likely to deal with one or more of these. Disasters come in many different flavors—natural disasters, cyber-attacks, theft, internal sabotage, and more. Anything that makes it impossible for your employees to do their jobs or that makes it incredibly difficult, if not impossible, for your customers to make purchases or access your services falls under the category of a business disaster. This is why business continuity planning is so important.

The answer to these problems should be in your business continuity plan (sometimes called a disaster recovery plan). These plans contain various hypotheticals and potential disaster events and how your business should address them. They answer questions such as who will be responsible for what, where will employees work, how you will restore services, what will you tell the press, etc. The idea is to have everything mapped out so you aren’t trying to make up a plan on the spot. 

Because so many businesses rely on technology and access to their data, IT plays a major role in business continuity. Let’s take a look at the role of IT in business continuity and you can develop a plan that minimizes disruptions to your data access and other vital IT services. 


a bar graph written in chalk that sas "continuous improvement"

How Business Continuity Planning and IT Go Hand-in-Hand

A large number of the disaster scenarios in your business continuity plan will affect your technology. Some will affect every aspect of your business—an earthquake that hits your office, for example, will impact everything from where your employees will work to what they will do for office equipment. On the other hand, some disasters are centered around IT. A denial of services attack, a data breach, or your servers going down may not disrupt some aspects of the company, but it can bring everything to a standstill. 

Your continuity plan is what will determine how quickly you recover from any of these disasters. Every hour that your business is unable to operate at 100% is an hour that you’re losing money. It will give you an outline of how to get your IT back up and running quickly. Your IT infrastructure is often the backbone of your company. Without access to applications and data, your team often can’t accomplish much. Unfortunately, IT is complex, and many disasters can take down some or all of your system. You may lose access to your servers or have no internet connection. A vital service may go down, leaving you without the ability to process customer payments or provide customers with web access to their accounts.

Your disaster recovery plan won’t necessarily plan for every single type of disaster—it’s simply not possible. For example, how many business owners had a continuity plan for a global pandemic? Before 2020, that really wasn’t on anyone’s Bingo card. Going forward, you can bet most companies will be ready if something like COVID-19 strikes again, but there will be some other type of unexpected disaster that hits instead. The best you can do is have plans that can be quickly modified or used as an outline for building a new recovery plan on the fly. 


Developing Business Continuity Plans that Minimize IT Disruptions

Before you can start including IT recovery in your disaster plans, you need to identify those points in your IT infrastructure that may be affected by a disaster. This starts by determining what your critical IT systems and services are. If you have an online customer web portal that allows clients to manage their accounts and services, it’s a big deal if that portal goes down. This is a critical service. On the other hand, businesses that only maintain a website for online marketing purposes may be less panicked if their site is down for a few hours. It’s not great by any means, but it doesn’t bring your business grinding to a halt.

Once you know your critical IT services, you can look at things that could affect them. Doing a risk assessment will create a list of things that can leave you without access to your data, applications, or hardware. Natural disasters, power outages, cyberattacks, and hardware failures should all be on your list. Keep in mind that your risk assessment may need to include risks to other businesses in addition to risks that affect you directly. For example, what would you do if your cloud provider went down or if your payment processor was the victim of a data breach? While you have no control over these things, they will affect your customers. 


Now it’s Time to Write Out Your Plans

Once you have a list of critical systems and risks, it’s time to create scenarios and plans for dealing with each of them. This starts by describing what will happen and its outcome. For example, a cyberattack occurs that results in sensitive customer data being stolen. What do you do? Who is in charge? What do you tell customers and when? What third parties, if any, will need to be involved or contacted? Are there any regulations you must follow in such an event? These are just some of the questions you’ll want to ask when creating a plan.

While you can create business continuity plans on your own, this is one area where you might want to involve a third party such as Wooden Spoon. Having a consultant who has worked in multiple industries and with multiple companies can help you create a comprehensive list of potential risks. We’ve seen many different types of disasters, and we will be able to help you create a list of vital systems and potential risks that will ensure you’re prepared for just about anything.


a person looking at a wall with papers and charts and graphs on it

Test Your Plans

Once you’ve written out a response to a risk, walk through it with your teams and test any part of it that can be practically tested. For example, make certain that your backup drives can be quickly loaded or that you can truly lock down your entire system if you need to. While you may have great theoretical plans, the last thing you want is for something to go wrong when you implement them. Test every plan and make changes if needed to make them as effective as possible. 

In addition to testing plans right away, be certain you review, update, and test plans on at least a yearly basis. You may need to make changes during the year in between tests if you reorganize personnel or make significant changes to your IT infrastructure. If you don’t make these updates, you may find that you have a plan that is only partially, if at all, relevant to your company’s current setup. When you need it most, this outdated plan may not help you at all.


Using Your Continuity Plans to Mitigate Risks

While creating these continuity plans and strategies is the main benefit of these sessions, there is a second benefit that to many is even more important. During your planning and testing phases, you’re likely to find risks related to your IT infrastructure that you could address right away. Why wait for a disaster to upgrade weak security or address the lack of a reliable backup system? By addressing these needs now, you can help avert disasters later on. 

Redundant systems often help you avoid risks associated with data. Having a backup that you can quickly bring online can get you back up and running within hours instead of days. Redundant servers can keep your website up over 99% of the time, preventing customers from noticing any disruptions. Hardware backups can prevent issues that come from a network switch failing, while using software as a service may prevent losing access to important applications should a computer or server crash. 

Once you’ve made these changes, you’ll need to reconvene your continuity team and go through all of your plans again. Some of them may no longer be necessary now that you’ve addressed vulnerabilities or created redundant systems. However, you could find that there are new risks you now need to plan for. You could also recognize even more areas you could improve upon and risks you could mitigate. This is why business continuity is often a never-ending cycle. Even if you get to the point that you’re not updating plans that often, regularly assessing your continuity strategies is still important.


Let Wooden Spoon Help You Prepare for the Worst

Whether it’s a data breach or a wildfire, disasters can strike at almost any moment. When one occurs, it can leave your company at a standstill. If you don’t have a continuity plan, you may be at a loss as to what to do. You might do nothing or do the wrong thing that makes the situation even worse. With business continuity plans, you won’t have to worry about coming up with a strategy on the spot. Wooden Spoon is here to assist you with these plans as well as help you with the daily tasks associated with running your IT. Reach out today to learn more about our managed services and what we can do for you.

Zach Mesel

Zach Mesel

Technology is in Zach’s blood. Zach spent much of his youth in his father’s cardiac research labs, either as a test subject for his father’s research, or playing games with his older brother on mainframe computers. Zach earned his BS in Management Information Systems in 1988 from the University of Arizona, and then worked for IBM in Boulder, Colorado, and Palo Alto, California until 1995. He started Wooden Spoon in 2002.