Evaluating Business Continuity Consultancies. Feeling overwhelmed? The good news is, there are plenty of consultancies and service providers who can make sure that your business continuity needs are met. BC/DR planning consultants include large firms such as Accenture, Booz Allen Hamilton, Deloitte, HP Enterprise Services (formerly EDS), IBM Global Services, and PricewaterhouseCoopers. There are also dozens of boutique consulting firms—regional and niche players that just focus on business continuity planning. How can you be sure that the consulting firm has the expertise to fill in your business continuity gaps? Here are five questions to ask when choosing the best business continuity consultant for your company.
1. Do you know what you need? To get started, you’ll need to conduct a business impact analysis, and the consultants should perform a recovery option study to determine your company’s priorities. Make sure the consultant is willing to outline your recovery options and the amount of time each option will take.
2. Will the firm present several options? “When it comes to business continuity, it’s about planning and services, and it should be less about technologies,” said Stephanie Balaouras, analyst at Forrester Research. “It’s your strategy for responding to business disruption and covers people, facilities and technologies. It covers everything from pandemic planning to ‘Microsoft Exchange is down.’” Firms that offer BC/DR planning and consulting services should be able to help you do a business impact analysis, identify critical business processes, map all the dependencies and define how critically you need them, and what the impact would be on revenue. “When you understand that, you can build a business case and invest in the right solutions,” she adds.
3. Are the consultants certified in business continuity planning? Certification ensures that business continuity consultants are well-versed in all aspects of BC/DR planning. Certification bodies include the Business Continuity Institute, DRI (The Institute for Continuity Management), Business Resilience Certification Consortium International, and the University of Virginia. Specialized certifications are available for emergency management, risk management, audit, security and technology. DRI International offers certification specifically for business continuity consultants and vendors to ensure that practitioners understand professional practices. Each subject area includes the professional’s role within the area and an outline of recommended knowledge within the subject area. The 10 subject areas cover topics such as risk evaluation and control, business impact analysis, emergency response and operations, awareness programs, training, crisis communication and coordinating with external agencies.
4. Are they willing and able to prioritize? You can save a lot of money by evaluating your BC/DR priorities, said Ben Thornton of Corus, a disaster recovery and business continuity consulting firm. “If you need systems back up in six hours—you can, but you’ll have to throw a lot of money into that. Instead, consultants should be asking, ‘Do you need that? What can you wait a couple of days on, or a week on?’ and establish priorities.” Perhaps only 20 percent of the total environment must be recovered in minutes or hours.
5. Do they offer BC/DR solutions to fit your budget? Nearly one-quarter of companies surveyed by KPMG CSO EXECUTIVE GUIDE The Ultimate Guide to Busi ness Continuity 5 have not been able to justify the costs of business continuity plans. Most of these companies are focused in the large enterprise with 500 to 999 employees, according to the study. Consultants should know your business well enough to understand budget constraints and your immediate BC/ DR needs. “We let the business [units] decide what they want to spend and help coordinate based what the numbers tell us,” Hoppenjans explains.
“We let [business impact analysis] data tell us what each department is doing as far as BC planning, what their risks and what their vulnerabilities are, and they decide what to spend. Some responses may be customer- or contract-driven.”
Evaluating Business Continuity Services and Software. The frequency of common business interruptions has boosted the market for external disaster recovery services—which include data center services, backup and mobile recovery services—to $3 billion to $4 billion a year, according to Gartner. Here are some points to consider when evaluating business continuity and availability services and software.
Weigh the benefits of specialized business continuity planning software. Business continuity planning software can help large companies formalize the BC framework and continually update the plan. “Of companies that actually have plans, 50 percent use software and 50 percent use informal software” such as Excel spreadsheets, said Stephanie Balaouras, a senior analyst at Forrester Research in Cambridge, Mass. Software providers such as SunGard Data Systems (which acquired Strohl Systems Group), eBRP Solutions, and U.K.-based Office-Shadow (now part of ICM Business Continuity Services Limited) offer BC planning solutions. Regulated industries that face audits, such as life and health insurance companies or financial institutions that require uniformity in how they build their plans, may benefit from one of these software packages.
Consider the major business continuity/availability service providers and some niche players. Hosted business continuity/availability providers typically provide cold sites (data center space to house your own equipment and backup tapes), warm sites and hot sites (an operationally ready data center), as well as data archival, restoration capabilities, and managed services. SunGard, HP Enterprise Services, and IBM Global Services own the worldwide market share in this segment with the broadest set of services. Smaller services players such as Rentsys Recovery Services are also making inroads into the market.
Let recovery requirements dictate the level of dedicated BC services. Subscribing to a data recovery service that you can trigger when a disaster strikes is fine if data can be restored in two to four days. But increasingly, as businesses require 24/7/365 availability, ¬more dedicated data recovery services are required. Just make sure you’re not paying for more than the business need dictates.
Use caution when outsourcing business continuity functions overseas. Because of terrorism and natural disasters typically not seen in the United States, such as tsunamis and monsoons, companies should take caution when outsourcing backup, recovery and business continuity operations offshore. Some popular outsourcing countries may not have the recovery capabilities found in the United States.
Evaluating External Resources
Evaluating Business Continuity Consultancies. Feeling overwhelmed? The good news is, there are plenty of consultancies and service providers who can make sure that your business continuity needs are met. BC/DR planning consultants include large firms such as Accenture, Booz Allen Hamilton, Deloitte, HP Enterprise Services (formerly EDS), IBM Global Services, and PricewaterhouseCoopers. There are also dozens of boutique consulting firms—regional and niche players that just focus on business continuity planning. How can you be sure that the consulting firm has the expertise to fill in your business continuity gaps? Here are five questions to ask when choosing the best business continuity consultant for your company.
1. Do you know what you need? To get started, you’ll need to conduct a business impact analysis, and the consultants should perform a recovery option study to determine your company’s priorities. Make sure the consultant is willing to outline your recovery options and the amount of time each option will take.
3. Are the consultants certified in business continuity planning? Certification ensures that business continuity consultants are well-versed in all aspects of BC/DR planning. Certification bodies include the Business Continuity Institute, DRI (The Institute for Continuity Management), Business Resilience Certification Consortium International, and the University of Virginia. Specialized certifications are available for emergency management, risk management, audit, security and technology. DRI International offers certification specifically for business continuity consultants and vendors to ensure that practitioners understand professional practices. Each subject area includes the professional’s role within the area and an outline of recommended knowledge within the subject area. The 10 subject areas cover topics such as risk evaluation and control, business impact analysis, emergency response and operations, awareness programs, training, crisis communication and coordinating with external agencies.
4. Are they willing and able to prioritize? You can save a lot of money by evaluating your BC/DR priorities, said Ben Thornton of Corus, a disaster recovery and business continuity consulting firm. “If you need systems back up in six hours—you can, but you’ll have to throw a lot of money into that. Instead, consultants should be asking, ‘Do you need that? What can you wait a couple of days on, or a week on?’ and establish priorities.” Perhaps only 20 percent of the total environment must be recovered in minutes or hours.
5. Do they offer BC/DR solutions to fit your budget? Nearly one-quarter of companies surveyed by KPMG CSO EXECUTIVE GUIDE The Ultimate Guide to Busi ness Continuity 5 have not been able to justify the costs of business continuity plans. Most of these companies are focused in the large enterprise with 500 to 999 employees, according to the study. Consultants should know your business well enough to understand budget constraints and your immediate BC/ DR needs. “We let the business [units] decide what they want to spend and help coordinate based what the numbers tell us,” Hoppenjans explains.
“We let [business impact analysis] data tell us what each department is doing as far as BC planning, what their risks and what their vulnerabilities are, and they decide what to spend. Some responses may be customer- or contract-driven.”
Evaluating Business Continuity Services and Software. The frequency of common business interruptions has boosted the market for external disaster recovery services—which include data center services, backup and mobile recovery services—to $3 billion to $4 billion a year, according to Gartner. Here are some points to consider when evaluating business continuity and availability services and software.
Weigh the benefits of specialized business continuity planning software. Business continuity planning software can help large companies formalize the BC framework and continually update the plan. “Of companies that actually have plans, 50 percent use software and 50 percent use informal software” such as Excel spreadsheets, said Stephanie Balaouras, a senior analyst at Forrester Research in Cambridge, Mass. Software providers such as SunGard Data Systems (which acquired Strohl Systems Group), eBRP Solutions, and U.K.-based Office-Shadow (now part of ICM Business Continuity Services Limited) offer BC planning solutions. Regulated industries that face audits, such as life and health insurance companies or financial institutions that require uniformity in how they build their plans, may benefit from one of these software packages.
Consider the major business continuity/availability service providers and some niche players. Hosted business continuity/availability providers typically provide cold sites (data center space to house your own equipment and backup tapes), warm sites and hot sites (an operationally ready data center), as well as data archival, restoration capabilities, and managed services. SunGard, HP Enterprise Services, and IBM Global Services own the worldwide market share in this segment with the broadest set of services. Smaller services players such as Rentsys Recovery Services are also making inroads into the market.
Let recovery requirements dictate the level of dedicated BC services. Subscribing to a data recovery service that you can trigger when a disaster strikes is fine if data can be restored in two to four days. But increasingly, as businesses require 24/7/365 availability, ¬more dedicated data recovery services are required. Just make sure you’re not paying for more than the business need dictates.
Use caution when outsourcing business continuity functions overseas. Because of terrorism and natural disasters typically not seen in the United States, such as tsunamis and monsoons, companies should take caution when outsourcing backup, recovery and business continuity operations offshore. Some popular outsourcing countries may not have the recovery capabilities found in the United States.