Business: Loss of IT

Second to loss of people, loss of IT is the next highest risk in Business Continuity planning. The loss of IT and Telecommunications causes many companies to come to a standstill. 

It is important to remember that as a small company there may be a limit to mitigations that you can put in place compared to a large corporate business.  No matter what the cause of the outage is, whether a cyber-attack or a technical fault, the impact can be similar with only the duration of recovery differing together with the complexity of the recovery. However, it is still good to plan. 

Look at the systems that you have and look at the interdependencies to other teams. What would be affected if you were to have down time of a system. It is good to quantify this and link it back to the impact on your brand, finances and, ultimately, your customer. 

To help you assess this and order the information a Business Impact Analysis (BIA) spreadsheet is helpful.  With this you can itemise the systems you have, the system dependencies and also who depends on you for data.  

You can use BIA across all your pillars. The triggers and the impacts are also useful to gather. Would the effect of losing the system affect you more in the first few hours or would the impact be felt in say one week. Some useful time triggers are below:-

  1. 1 hours to 12 hours
  2. 12 hours to 24 hours
  3. 24 hours to 48 hours
  4. Up to a week

By looking at the timings you will soon be able to order in importance of the impacts and those you need to mitigate in the immediate to those that may impact in a few days. 

Manual processes in some cases can help mitigate systems being down and it is worth building in the recovery time once your systems are restored to input manual data. If there is a loss to telecommunications, it is worth noting that manual processes may need to be put in place for face to face updates/handovers.   This in turn may increase the numbers of staff you will need to continue to operate.  

Important terms and questions to ask are:- 

Recovery time objective – how long will my system be down and when can I expect it to be restored? Essential impact information that can be taken from your BIA as you look at the risks.  

Recovery time impact – what is the impact over time? 

Recovery point objective – at what point does my system stop gathering data and how much data will I loose? 

LRF in Action

Read More Stories
Power Outage Planning and National Exercises

Power Outage Planning and National Exercises

2m read

Our chance to test Power Outage Scenarios on a big scale with over 200 people involved!

Amesbury Fire -  June 2023

Amesbury Fire - June 2023

1m read

In June 2023 a large fire impacted 16 flats in Amesbury requiring a large multi-agency response.

Exercise Inundation

Exercise Inundation

1m read

Its not too often we take part in big exercises across multiple boundaries, but sometimes a great opportunity presents its-self!