Updating Your DR/BCP with Quantifiable Figures For Covid-19 (For FREE With Boardish)
*Written by co-founder Eli Migdal, and first appeared on his personal Linkedin here.
Covid-19 is forcing many companies to re-evaluate their Disaster Recovery (DR) and Business Continuity Plans (BCP).
Previously DR and BCP were mostly focused around natural disasters like earthquakes, floods, and in some cases like my home country of Israel, rocket fires or a state of war.
Until now, the solution for most disaster recovery scenarios was a ‘remote site’ which size was usually dependent by the size and requirements of the company.
I have personally designed and had the unique experience of testing real-life BCP plans that provided a solution for “Rocket Fire/State of War” which required the critical people of the organization to fully work from a remote site and in one scenario even focus the core of business to another country!
But, with Covid-19 it is different, it has several new vectors that need to be updated in your DR / BCP!
- Social Distancing – The instruction not to gather groups of people in one location means that “remote sites” is not a viable solution. Regardless of the site location, you can’t go to work.
- Global Impact – Most DR scenarios are focused around a region or, worst case, a country. But in this case, the impact is global so not only will shifting your key person to another country not work, but you may also have to adjust your operations across multiple countries at once.
- Lack of Preparation – Working from home became one of the only solutions but it also brought up several challenges. Things like poor security, home grade networking equipment not “cutting it”, home grade bandwidth not being sufficient.
So these new risk factors/vectors need to be included in our Disaster Recovery, and Business Continuity Plans. We need to quantify them so we can actually make a decision based on the financial impact they will cause.
Using the free version of Boardish (boardish.io) you are able to quantify the exact metric for each threat, and the impact of that on your business.
For example, using the “Main site is not accessible” threat. What are the questions you should ask yourself when quantifying?
- What is the chance of losing market positioning?
- How many turnover days will you lose? (and what percentage of the productivity is lost. For example, will you lose 100% turnover or will you have some operations at 60% for example).
- And how many workdays are lost for each type of employee? That will depend on those who are highly impacted by technology or not*.
*An important note: a threat like “main site not being accessible” has a very unique characterization to it. The “Low impact users” ( those who are less reliant on technology ) will be affected in higher quantities.
For example, your high impact users (high technological reliance) will have a laptop or VPN so the threat impact is ‘low’ but your ‘low impact user’ (low technological reliance) will be impacted more because there is no technological solution for them so they will lose more workdays.
(This is the exact opposite from quantifying the Ransomware threat because the users who are heavily reliant on technology will be impacted the most)
Then select your Solutions, for example below:
Set the efficiency of the solution against the threat, for example below:
Define how many human resources do you need for each Solution:
Define the regulation impact ( usually very low or none in this scenario ) and get your dashboard. Using this info will make it very EASY to quantify your DR / BCP plan and get it approved quickly by decision-makers.
Try Boardish for free here: https://boardish.io/