Five reasons your business continuity plan will fail — and how to fix them

No campus is immune from disaster. Fires, extreme weather and bad actors are everywhere. President Dwight D. Eisenhower said, “In preparing for battle, I have always found that plans are useless, but planning is indispensable.” This also applies to disaster planning. If you are writing or updating your business continuity/disaster recovery plan, avoid these five common mistakes:

Putting technology before people

The IT team has two roles in disaster recovery: restoring IT systems and assisting other departments to resume their institutional-critical work.

IT disaster planning is not only about technology. Students, faculty and staff don’t care about your servers. They care about the applications they need to turn in assignments, conduct their research and do their jobs. Your plan should focus on this result rather than on the technology itself. 

In any disaster situation, address the specific issue at hand by enabling your skilled, dedicated people with the information and resources they need. The quickest option for resuming normal operations may look nothing like what was in place before the disaster. Don’t let the perfect be the enemy of the good.

Planning for the event

You can’t plan for every eventuality, especially when disasters are rarely single events. More often than not, a disaster is a series of events that all happen together. Don’t try to write a “cookbook” — a rigid step-by-step approach to addressing disasters. Instead, your plan should provide easy access to the resources, configurations, processes, information, personnel, pre-arranged relationships, outside resources and alternate sites needed for effective response. The key is to research and develop strategies to resolve problems now — not in a time of crisis.

Failing to communicate

Just as a disaster does not occur in a vacuum, neither does disaster recovery. The people affected by the disruption will be rightfully scared, concerned and/or interested. The success of disaster recovery depends on effective communications, which means a different plan for internal and external constituencies.

Insulate those working on disaster recovery efforts from onlookers and those who want to help. Set up a communications team to ensure that external messages are timely, clear, easy to understand and consistent.

Take time before a disaster strikes to think about communications flow: 

• How do you ensure that the essential personnel (on- and off-campus, inside and outside of IT) can all be reached?
• What if the disruption eliminates your primary communication channel?
• How will you update concerned users, students, parents and other stakeholders?
• Can you prepare help desk messages, website splash pages and web banners to ease worries during a crisis?

Be sure to involve your human resources, legal and public relations departments in both planning and response.

Failing to practice is practicing to fail

Just as you wouldn’t expect actors to perform in a play without rehearsal, your plan will need to be assessed and tested regularly. Like any muscle, a plan that isn’t exercised atrophies. 

Testing should run the gamut from walking through hypothetical scenarios, to simulations, to announced or unannounced live exercises. Testing will reveal missing critical documentation and areas requiring additional training. Involve everyone who might be needed in a real disaster, including IT staff, public safety, facilities, communications, risk management and even campus leadership.

Don’t be afraid of incremental improvements. Training, and real-world disaster responses, should be used to update the plan. All improvements should be incorporated into the plan. Train on the document and document the training.

Creating a dusty binder instead of a living document

If your sole reason for developing a disaster plan is to satisfy your external auditors, then your plan can sit on a shelf to be dusted off annually. If you want the plan to be useful in an actual emergency, then it needs to be a living document that is routinely updated. Technology, systems, personnel and applications all change. Priorities, procedures, places, people and their relationships all need to be kept current, and that means regular tests, re-evaluations and updates.

You can’t plan for disasters, but avoiding these common mistakes will go a long way in ensuring you have a plan you can really use in an emergency. Keep in mind the words of Jon William Toigo from his excellent book Disaster Recovery Planning:

“Even those who have successfully managed recovery efforts are quick to point out that their recovery strategies failed in as many parts as they succeeded. Almost invariably, they attribute successful recovery to luck, hard work, on-the-spot ingenuity and innovation, and God. While all believe that outcomes would have been very different had no contingency planning been undertaken, to a person they concede that their plans were – and could only be – imperfect.”

This article was written by members of Vantage Technology Consulting Group, a firm that provides integrated technology visioning, planning and design for clients in higher education, health care and commercial markets.