Business Continuity is the discipline that enables your organization to keep operating or quickly return to operations after an unexpected event – be it a natural disaster, man-made incident or even a catastrophic event caused by the actions of an employee or contractor.
The One Year, Thirty Minute Challenge will return to the topic of Business Continuity later this year when we focus on operational items, but this week we’re going to focus on one of the most valuable and irreplaceable assets in your organization – data.
You can buy more buildings, equipment, vehicles and hire more people, but you can’t buy more data. Data represents not just the historical performance of your company, but more importantly, the historical performance of your customers. And nothing is a better predictor of future behavior than past behavior. This data is a rich resource as you use it to increase efficiency and effectiveness internally. Externally, you can use it to segment customers and prospects and communicate with those distinct groups more clearly – even down to the individual level.
In the course of this exercise, I’ll be mentioning companies and products to illustrate specific types of offerings and capabilities. Some of these I use and some I don’t. However, for all of these, I don’t get any type of kickback or referral fee, they are for illustration only.
If you work in a larger organization with dedicated tech resources, you might be saying, “We’ve got this covered. We have a robust business continuity plan and we have people dedicated to taking care of this.” Good enough, but skip to the bottom for some bonus content on the topic of stored data.
Let’s get started.
Identify all of the data collected or stored by your organization. Here’s a starter list –
- Financial data in your accounting system
- Sales data in your order entry system
- Customer and prospective customer data in your CRM system
- Operational data in your ERP system
- Inspection data in your manufacturing system
- Marketing performance
- Website analytics
- Response rates from advertising campaigns
- Response rates from email campaigns
- Social media posting with responses
- Shipping data in your logistics system
- Supply order history and vendor performance in your procurement system
- Employee data (including tax and benefit selection) in your HR system
- PLC programming for your manufacturing equipment
- Computer code for any software developed in-house
- Policy and operations documentation
- Promotional materials (templates, logos, sales collateral)
- Legal documents (incorporation papers, employment contracts, client contracts)
- Usernames and passwords for company accounts (website code, website hosting, accounting system, CRM system, social media accounts, online banking, eftps.gov, state DOR, state unemployment)
Enlist the help of others on your team to identify other data created or collected in your organization. Also include the location of all important documents that only exist in a physical format (signed contracts, incorporation papers).
With your complete list in hand, identify where all of that data resides. For example –
|Quickbooks Accounting System||Bob’s PC|
|Customers and Prospective Customers||salesforce.com|
|Sales collateral, logo||Tom’s PC|
|Incorporation papers||File cabinet in Amanda’s office|
Some users might use have an application installed locally (Quickbooks, for example) but save the data file on the company’s local server. Make note of both. In case of a failure, you’ll need a copy of the application and a copy of the data.
Now circle back and note (in the third column) where that data is backed up (i.e. a complete, up-to-date, readily accessible copy). If you use cloud-based applications (Software as a Service or SAAS), for example – Quickbooks Online, salesforce.com, zoho.com, your data and applications are already automatically available in case of a localized emergency. However, for all other data that resides on a local personal computer or local server inside your organization, note where the data is backed up. This is essential in case the piece of equipment that houses the data has a catastrophic failure or the entire location is destroyed or becomes inaccessible.
Consult with your in-house or contract technology expert to craft a data backup plan for each piece of data. For all locally hosted data, select a backup solution that, at least daily if not more often, makes a copy of all data and stores it on devices that are not in the same physical location as your organization. Here are a few options to consider –
- For mission-critical data residing on a local computer or server, you might consider an always-on cloud based backup like carbonite.com. Any time the device connects to the internet, the carbonite.com software will push an updated copy of the files you select to their cloud storage site – all happening without any intervention from the user.
- There are cloud-based storage solutions available from many excellent providers including Amazon (AWS) and Microsoft (Azure). These services can certainly be used for backups, but many companies have opted to store their live applications on these cloud-based services instead of on local servers. They are fast and reliable.
- Many companies have crafted hybrid private/public cloud solutions where data is stored both locally in a company-owned hosting facility and in a public cloud facility – sometimes simultaneously.
- For all paper-only documents, consider scanning them and keeping an electronic copy.
Remember, the goal here is business continuity. You want as little disruption as possible to your operation in the case of a natural or man-made disaster.
Once your backup plan is in place, check backups regularly and make sure you can restore production systems from the backed up data.
If your organization uses specialized hardware to create, capture or utilize data (barcode scanners, RFID scanners), you’ll want to have spare hardware on site to restore operations immediately.
For some organizations, being closed for even several hours can represent the loss of thousands of dollars in revenue. Having a strong business continuity plan, especially as it relates to data, can ensure that you can continue to provide services, create goods, bill customers and pay employees without disruption.
Finally on a semi-related note, create, if you don’t have one, a document destruction policy. Data is incredibly valuable but it also creates liability for your organization. A well-crafted, strictly-enforced document destruction policy can mitigate that liability. After consulting with tax and legal professionals, let’s say that you decide you need to keep 7 years of financial records and, for marketing reasons, you need to keep 10 years of customer order data. At that point, securely destroy all other data. If you have other data, outside the scope of your document destruction policy, it can be subpoenaed during a legal proceeding – going back decades if you still have it available. However, if you can demonstrate that you have a document destruction policy and you follow it by destroying all data outside the boundaries of the policy, you can eliminate that potential exposure. In addition, you don’t have to pay to store it and don’t have to pay to retrieve it should be requested.
If you have questions on this week’s challenge, contact me at 816-509-9838 or firstname.lastname@example.org
Use the comments section below to benefit other business owners and managers by sharing insights you gained by working on this week’s challenge.