by Felicien | Aug 29, 2019 | Education
According to FEMA, 40% of businesses hit with a disaster never recover, and this rate more than doubles for those without a business continuity plan. While the two are linked, a business continuity plan shouldn’t be confused with disaster recovery. You might have a great plan for getting things up and running after an event but still fail to plan for continuity of time-sensitive business functions. And that’s why developing a real continuity plan is so important.
What Is a Business Continuity Plan?
A Business Continuity Plan is an essential component of risk management. The BCP specifically addresses the risk associated with an unanticipated lack of ability to continue business operations. The reasons for this lack could be many:
Natural disaster
Terrorist attack
Major power outage
Technology failure
Loss of customer data
Someone hijacking customer data and holding it for ransom
Even a couple hours of lost operations can have multiple consequences. A BCP mitigates them by identifying and assessing risks before developing, testing, implementing and measuring the effectiveness of strategies that keep your business running with the least downtime possible.
Some of these strategies may include:
Reducing risk to customer data through firewalls, backups, employee education, security protocols, etc.
Enhancing your servers and telecom infrastructure
Enhancing data recovery
Re-routing calls/contact
Developing a work from home program
Setting up a temporary “base” when your building isn’t accessible
The strategies vary as much as the companies that employ them. So before anyone begins developing a business continuity plan, it’s important to know what areas are impacted by the inability to continue operations. How much do they cost your company?
What is a Business Impact Analysis?
The Business Impact Analysis is the first critical step in developing a business continuity plan. In this phase, identify time-sensitive business operations. Additionally, consider related resources needed for employees to perform those functions.
An effective analysis not only identifies these elements. It employs data to prioritize business continuity efforts.
Continuity concerns may present themselves on a scale. At one end you have mere inconvenience. At the other is significant (and possibly irreparable) business harm. So it’s important that when developing a business impact analysis, you make the distinction.
Every department will naturally feel that they are the “most important”. But scrambling to prevent inconvenience will drain resources from impactful continuity challenges. Once again, data save the day. It helps us make the most impartial, data-driven decision.
When it comes to business impact analyses, there are no “cookie-cutter” solutions. That’s why this phase of planning is so important. It helps you develop the customized plan you need to mitigate risk effectively.
How to Develop a Customized Impact Analysis for Your Business
When developing an impact analysis, look at each department, team, and/or area of your business. As you do, consider these three areas. FEMA business impact analysis worksheet says that those elements are:
Timing/Duration of outage
Operational Impacts
Financial Impacts
So, for example, if Department A can’t continue operations for 30-60 minutes what happens? How does this impact the bottom line? What if that department/team were down for two hours? And so on. The ramifications will get progressively worse.
In some departments, financial impacts may be fairly easy to measure. But in others, you may need to think more broadly about the costs of downtime or lack of access. This will give you a truer picture.
Direct Financial Impact – lost sales, paying employees who can’t work, overtime to catch up, increased customer returns, etc.
Customer Relationship Impact – lost client contracts, bad customer reviews, diminished social sharing, bad public relations, cost of PR damage control
Vendor Relationship Impact – lost vendor contracts, increased vendor costs, strained partnerships, lost trust, trouble building new partnerships
Employee Relationship Impact – lost faith in the company, morale issues from too much overtime, retention problems, increased recruiting costs
Regulatory Impact – This one may vary by industry as well as department. For example, in healthcare, failure to comply with HIPAA may result in fines and legal troubles. If you process payments, inability to meet PCI regulations could result in loss of contracts with major credit card companies. Any company that’s managing customers data ( e.i., every company) should have some awareness of SOC2 compliance and the impacts of not properly securing customer data to maintain business functions. In education, lack of continuity would not only impact FERPA compliance.
Don’t “assume” these costs. In most cases, you’ll have data to clearly quantify their impact. Once you’ve considered the true impacts of lack of continuity in each area, you’re ready to prioritize and develop your business continuity plan.
by Felicien | Aug 29, 2019 | Education
Ten questions to ask while considering outsourcing your IT services to a provider.
Many companies are outsourcing their IT functions due to convenience and budgetary constraints. Small- and medium-size businesses can focus their hiring of staff for their core business, and hire an IT consultant for their expertise and efficiency. However, even with the growth in IT consulting, there are several things you should consider before signing a contract.
It easy to fall prey to assumptions when interviewing consultants to outsource IT services. Packaged services don’t always include additional IT support, management, maintenance and security needed for your business’ network. When agreeing to a contract, look carefully to make sure it contains everything you need. Here are some questions for you to ask when interviewing a new consultant.
1. How do you support security compliance?
Often IT providers support security compliance through their package bundles which include an array of features and components. On this list of features you should see firewall configuration, vulnerability patching, incident response, intrusion detection systems (IDS), demilitarized zones (DMZs), intrusion prevention systems (IPS) and more. These features should be included by default to protect your data and hardware.
Dependent on your industry and client list, you should have a good idea of the level of security necessary for your network to ensure compliance and proper security documentation. Discuss this with any providers you interview to match the level of security needed to protect your business.
2. How do you manage service integration?
In order to stay competitive, your company needs to fine-tune service integration. Standard Information Technology Infrastructure Library (ITIL) capabilities require integration and automation from your IT service provider to minimize errors and provide secure and effective on-demand service delivery.
3. How do you support incremental outsourcing?
In order to reduce risks associated with outsourcing, you can divide the requirements you need into manageable projects. If you provide a specific set of deliverables to your service provider to work with in a trial setting, you can better assess their completion. You have the option of having the work done on your premises or remotely to better prepare for completely outsourcing managed services.
4. Do you provide a service-level agreement (SLA)?
The service-level agreement (SLA) is one of the most important factors in outsourcing IT services. This agreement is where the service provider details the list of support actions they will provide including end-to-end program management and deliverables to your company.
The agreement should lay out how the provider will take on the project from your company, deploy a small remote or on-site team to coordinate and complete the work. Included in the agreement are delivery dates, the effectiveness of the work, surveys to ensuring the quality of service, and timeframes for the availability of services and service request response times.
5. How flexible is the SLA?
Can the provider grow and change as your business does? Changes within your company should be reflected by the services provided for your IT needs. As you grow, your company will hire more people, take on new projects, add new departments and functions, and have a need for scalable IT infrastructure from your IT provider. In fact, your service provider should have expertise in their field that includes the knowledge and experience to custom-fit a scalable infrastructure that you need for your company.
6. What kind of experience do you have?
If you look at managed service providers by price alone, you may find that you don’t get the expertise you need. It’s better to outsource your IT services needs to an expert that’s completed hundreds of projects successfully. Extract the most value from an experienced partner to gain peace of mind over the quality of work completed. Included in the experience is the latest training and tools available to best protect your company’s data.
7. How do you handle IT strategy vs. emergency support?
If your company has a strategic IT strategy, you need a service provider that can act as a partner in this process. Your service provider should be the expert resource to assist in your strategy. If all they do is take orders and offer emergency service, they are not the right fit for your company.
8. Who will govern our IT services?
Your SLA should include an understanding about who will govern and take responsibility for your IT services. By including a foundational governance framework, you will set the tone for future accountability and start with a shared understanding for your team and your provider’s team. This framework determines which entity makes specific decisions to support organizational principles.
9. What is your reporting process?
Formal reporting should be listed in your SLA and include the standard set of reports provided and a timeline for delivery of those reports from the provider. The frequency and scope of the formal reports between the provider and in-house manager should take place according to the schedule. However, many providers offer informal reports as work is completed.
10. How will you adopt new configuration management?
Changes are part and parcel of a business, making managing those changes routine for your IT service provider. For routine changes, your SLA should cover implementation, but if you have a large project then you should discuss management with your provider before implementation. You can initiate a change request to the provider to allow them to complete an analysis of how to proceed. Once the provider has responded with a schedule and any questions they have, you can move forward on the project together. With a system in place to accomplish new projects, it’s easy to maintain proper tracking and logging of work completed.
by Felicien | Aug 28, 2019 | Education
Get Your Beauty Sleep With Nightlight In Windows 10
You may have been using Windows 10 for some time now, but it’s likely that you haven’t mastered all of its features just yet.
If you, like so many others, use your computer late at night, before (or even in) bed, then you may have found that it throws off your sleep cycle. Despite being tired when you got into bed, after staring at the backlit screen for a few hours, you’re not as tired anymore.
This has to do with melatonin – a chemical produced by your body when your eyes see that it’s dark and determine its time for sleep. Looking at a bright screen throws off this natural process, and the lack of melatonin makes it harder to get to sleep.
Did you know you can reduce this effect with Nightlight?
Nightlight is a feature that lowers the brightness of the screen and changes the color spectrum in order to limit the interruption to melatonin production. To turn it on, find it under Settings, and set a schedule for it to follow based on your preferences for late-night computing.
We hope you enjoyed our series on Windows 10…searching for a new IT company? Give us a call at {phone} or send us an email to {email}.
by Felicien | Aug 28, 2019 | Education
Why is Effective Business Continuity Management Important?
Business continuity management (BCM) denotes how organizations plan for and respond to risks. Mission-critical functions must continue to run after disruptions such as bad weather or hackers.
A business continuity plan documents how your organization will continue to operate after a natural or man-made disaster, severe market conditions or sudden changes in leadership. This could be anything from a stock market crash to a hurricane to the death or dire illness of a key leader. BCPs are hot topics thanks to growing legislation and increased risks related to data security and other events. Every organization would benefit from adopting some kind of BCP framework, however modest.
What is Business Continuity Management?
Business continuity management (BCM) denotes how organizations plan for and respond to risks. Mission-critical functions must continue to run after disruptions such as bad weather or hackers. Smart planning also makes it possible for employees to return to business as usual quickly.
How Does Business Continuity Work?
The most effective way to achieve transparent, seamless risk management and disaster recovery is via a business continuity management system. This may require some outside assistance since any BCMS adopted should follow international standard ISO 22301 requirements. All businesses can begin the first phase themselves, however, by building a continuity plan that identifies and minimizes risks.
What’s the Big Deal With ISO 22301?
ISO 22301 lays out a road map for an effective BCMS and is the most credible resource for successful business continuity management. Becoming ISO 22301-certified signals to clients that your company has a game plan in case disaster strikes — certification helps clients decide that your firm is a solid investment for their business.
This certification proves to prospective clients that your organization will continue to provide the products or services they need, even if an emergency arises. It also gives you an:
Independent evaluation of your business continuity management, providing assurance or offering areas for improvement
Accredited certification with regular audits to ensure continual improvement
Oversight of regulatory requirements to ensure legal compliance. This could include the EU General Data Protection Regulation (GDPR) or new state and federal privacy regulations impacting customer data collection and storage.
What’s is Disaster Recovery vs. BCM?
People are often confused by the difference between these two terms. They aren’t synonyms. Business continuity deals with relocation and business functions while disaster recovery, which is a subset of business continuity, deals with the technical recovery of systems and resources.
Disaster recovery outlines how to recover technical functions, sites, operations and applications. A business continuity plan may contain many disaster recovery plans.
What Are the Key Components of a BCP?
A successful business continuity plan includes the following:
Succession plans for key employees
Identification of critical functions with priority identified
All employees’ contact information and role in the plan
Tested backup strategies
by Felicien | Aug 27, 2019 | Education
Mitigate Disaster with a Comprehensive Business Continuity Plan
When you create a detailed business continuity plan, you can keep disaster from disrupting your operations. See how to get started here.
When disaster strikes, disruptions to your operations could negatively impact your construction projects, pushing them past the deadline and over budget. And it is not just natural disasters you have to worry about, either.
Everything from serious IT problems to the loss of important team members has the potential to wipe out your operations. That is, unless you have a smart business continuity plan in place. With this plan, you can keep your operations moving along like normal, helping ensure the success of all your construction projects.
Importance of Having a Business Continuity Plan
In optimal conditions, there’s no doubt everything runs like clockwork, as your team works hard to complete their individual tasks. If anyone fails to come through, however, everything could grind to a halt. Furthermore, without writing it out, only a few in your company may know just what everyone should be working on and how it all comes together.
Therefore, you need a business continuity plan just in case serious disruptions leave you without certain team members, equipment, or workspaces. In many ways, this plan is a big-picture overview of everything that goes on at your construction firm. It also identifies all the workarounds you can use when faced with disruptions caused by different disaster scenarios.
Above all, your plan should detail who is in charge of each department in the absence of key players and all the ways they can keep moving forward in their daily duties. With that approach, you can keep major disruptions from throwing your workforce off track or preventing them from completing their tasks.
How to Create a Continuity Plan for Your Business
Without knowing what is on the horizon, there is really no time to waste in creating your business continuity plan. Thankfully, you can easily approach this process by using the following steps.
Take a Complete Inventory of Your Company
Taking inventory of your workforce, contacts, and equipment is the very first thing you must do to create your plan. You will likely need to take a big step back from your construction company to complete this step.
To start, create a list of all your employees, noting the major players in each department. Add their contact information in full, so you can find how to reach out at a glance. Then, create similar records of your material suppliers, clients, and other important contacts.
Next, you can move onto creating a complete inventory of all the equipment used on each of your job sites. Make sure to include their make, model, and serial numbers, so you can find parts or file claims as needed to keep things moving along. In addition, note any local parts suppliers, repair techs, and equipment dealers for those brands to complete your log.
Outline Existing Processes and Highlight Critical Areas
With the completion of the inventory step, you will need to look at your operations. Go from department to department, look at the duties of each employee and how they support other departments. Along the way, busy yourself with creating flowcharts for all the distinct processes used to run your construction company.
Throughout this process, identify your key operations and the major players you depend on to get the work done. Then, see who can fill in if those individuals cannot make it work. Also, add ways employees can workaround specific disruptions and continue to fulfill their core duties.
Identify Temporary Workstations and Keep Them Updated
If your core employees cannot get to their normal workstations, everything should not grind to a halt. But it will unless you have already identified temporary workstations and made the effort to keep them updated.
The workstations should have all the equipment and software normally used by the team and be completely ready for their use. So, create an update schedule and make sure the temporary workstations are included whenever you complete a major equipment or software upgrade. Furthermore, ensure your employees know about the existence of these workstations and how to access them.
Create Your Plan for Maintaining Critical Operations
With your understanding of your core operations, you can create a plan for each of your employees, helping them mitigate the effects of the disaster. Working across all departments, you will need to indicate who is responsible for getting each system back online and up to their normal operating levels. They should have a clear direction on the steps to take and the tools they will need to complete the assigned tasks.
Your plan should cover not only the construction tasks you are responsible for in that moment, but also all the administrative ones. You need to let your payroll department know how to proceed, for example, to ensure they can continue to process payments for all your employees.
Once you are finished creating your business continuity plan, store the main copy in a secure location and provide each department with their own copies.
Don’t Wait — Create Your Business Continuity Plan Today
So, now that you know what to do, there’s really no reason to wait. Start building your business continuity plan today to protect your operations from disaster. Otherwise, your employees could be left without the knowledge needed to keep your business afloat until everything returns to normal.
by Felicien | Aug 26, 2019 | Education
Are you working closely with your CFO to determine the most efficient and effective methods for maintaining your business infrastructure? These questions will help you drill in.
Are your financial operations taking more time and effort than you realize? There are plenty of ways to reduce the overhead and operations cost of your finance team, but that starts with asking your CFO some tough questions. Finding the right business solutions to support your organization begins with a thorough knowledge of the landscape and the pressure points and redundancies that could be relieved through automation. The answers that your CFO provides to these searching questions will help you make the right decisions when you consider upgrades to your technology infrastructure.
1. Are we addressing compliance issues that are concerning for our business?
Business compliance goes far beyond the requirements for HIPAA, personal privacy and employee security. Today’s compliance requirements are varied and complex for even the simplest organization. If you are capturing or maintaining personal information — much less financial or health information — chances are your business is subject to California’s Consumer Privacy Act and those of several other states, besides. You’ll find a comprehensive state-based map online at the International Association of Privacy Professionals. Ensuring that your data stays safe and that you’re fully complying with these laws often falls to the CFO in terms of education, but the technology team in terms of implementation of the strategies.
2. Where do you see slowdowns during monthly, quarterly and annual closing?
Closing the books is a process that happens on a regular basis, but that doesn’t mean it’s fully routinized. Even the simplest tweak to this ongoing process may be enough to save thousands of hours of productivity over a relatively short period of time. Looking closely at the business’s models for this ongoing operation can identify some weak points that can be addressed through automation or software updates.
3. What are the barriers to fully integrating metrics into our organization?
Using metrics throughout the organization is a great way to keep your business running smoothly — and also quickly identify areas that need a little extra attention. Are there systems that do not work well together? Perhaps a large variety of solutions providers whose “solutions” are causing problems with other business units? Whatever the issues are, identifying what it will take to get to a unified metrics system for the organization may point to some opportunities to apply consistency to your operations and platforms.
4. Are there opportunities to reduce the cost of delivering a secure and efficient infrastructure?
Providing a secure infrastructure for your business is a critical success factor, but are you currently knocking it out of the park — or falling down on the job? If your teams are frustrated with the speed of change and you’re concerned that your operations aren’t fully secure, you may have some work to do on your infrastructure. Even something as simple as slow WiFi or poor networking in conference rooms can reduce the effectiveness of your staff and boost frustration levels beyond the breaking point.
One key way to improve efficiency, reduce costs and heighten security is to work with advanced technical support staff to review your business operations and ensure that you’re taking full advantage of the opportunities available on the market today. Leaders at the largest organizations in the world routinely work with external service providers to ensure that they have access to the tools and technology needed to create a secure and consistent infrastructure for their business.
