So, raise your hand if you’ve heard that one before? (the title) I bet many BCM practitioners have it said (sometimes screamed) at them during a disaster, emergency situation or a simple blip on someone’s PC. If they don’t have that particular file they can’t operate, they say. In some cases that can be true; if they don’t have access then a certain particular activity may not get accomplished. Fair enough. Do they know that ten (10) other files and/or systems feed that one spreadsheet and if that file isn’t made available first, their file isn’t going to mean anything. It’s rare that people understand interdependencies.
I’ve experienced this situation where a user or an entire department aren’t aware of where they’re data even comes from. Do they think it magically appears? Yet when something goes wrong in IT then it’s up to IT to bring it back (well, duh) but if it’s not identified as to what needs to be restored and recovered in a priority order then the user has to wait for the other 10 systems to be up and running before they get their file back. Users and in many instances, management, don’t have an understanding of the dependencies between all the various systems and departments and really can we blame them? Yes and no.
It stems from the information captured through the Business Impact Analysis (BIA). If it’s not in there, it isn’t that important because no one identified it as such. Technology teams build recovery and restoration infrastructures and procedure activities based on what’s critical to the business and what they identify as needed immediately to run operations. This should be contained in the BIAS in simple black and white. Then when the BCM practitioner does the analysis, it’s to be identified and prioritized within the existing technology recovery and restoration structure. This will enable departments to regain operations.
It’s one thing to identify the need for a file, but if there is a system that feeds that file, it needs to be up and running before the file becomes available. Sounds simple doesn’t it? The user won’t be able to do anything with it until the umbrella supporting service is up and running first. I’ve recently been in a situation where a department has identified 40 files they needed (“gotta have them!!” they said) or else they can’t operate. I asked them where the information came from and the blank looks around the room told me they had no idea where the information comes from. Though I didn’t look it up, it probably means some problems for them when (no if) the company experiences an outage.
I thought it great they could identify what was critical to their internal area but it didn’t mean much when no one knew what fed the files. That’s one part that IT needs to step up to and say where these files reside (on what systems) and then build a recovery plan for that service (or specific server). Other departments need to identify what systems they feed and what systems are supplying them with information too so that critical processes can be mapped out and proper recovery procedures can then be build to make that process operational again.
A critical file is one thing, the system on which it depends or resides is another and in many cases is more important than the file itself. Oh, and if that critical file ain’t identified in the BIA, it ain’t critical for continued operations.