Business Continuity and Data Protection
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
Business continuity serves a core role in any risk management framework. It helps stakeholders prepare for unprecedented happenings and help them find existing risks that might disrupt their business and help them develop the right mitigating solutions for those identified risks.
Yet, many stakeholders fail to realise the importance of putting a business continuity plan in place to avoid business disruptions. The recent COVID pandemic taught us that preparing for the unseen or the unknown is the best approach to building a sustainable business.
One of the cores of building a business continuity plan revolves around the IT stack that the company owns. There must be a software and hardware superstructure on the key IT systems and networks that aims to ensure that the essential applications are available to all customers at all time, despite a failure of an individual component within the application.
Without a data protection framework in place, therefore, business continuity remains a fad. Mitigating the loss or damage to a company’s data temporarily or permanently should be attached to the functionality of any data protection framework.
For example, a flood affects a bank’s physical data centers and customers were not able to access their account within a particular period. The onus is on the bank to ensure that customers’ data can be automatically accessed in their back- data base.
If the bank doesn’t have a back up for the data sets they possess, then it might leave customers stranded, expose them inconveniences, and what’s worse, reveal the bank’s inadequate approach towards security.
The synergy between business continuity and data protection is critical on many levels. For one, it ensures a smooth flow of business processes and on another hand helps inform further steps towards building tighter security measures in a company.
With data protection in place, the company can guarantee that storage is backed-up in other places like the cloud and the IT infrastructures can work when there is a breakdown.
As described above, operational recovery, that is the ability to deal with daily operational problems in any company must be factored strategically into their data protection framework. The company should test their recovery status, have them in their risk management playbooks, and test these outcomes if they ensure that the business processes are not disrupted.
That the company can continue to serve their customers when there is a disruption is what data protection seeks from data controllers or data processors. It is perceiving the happenings and understanding the right steps to maintain business flow during unforeseen circumstances. This, by all means, also increases profitability in that it attracts new customers and highlights other positive features.
Some stakeholders often think that once they have a back-up in the cloud they are safe. It’s not usually the case. Sometimes the so-called cloud back-up might not be able to meet the unprecedented load. So, due diligence is required before choosing the right cloud architecture.
For business continuity, the ability to process information and data, at any moment, is key. Without data protection, however, it becomes almost impossible.
It is important to note that the right people must have been trained for business continuity to thrive during a breakdown in process, the right technology—software and hardware—should be in place and the process must be robust enough to cover such unexpected happenings.