As I’m sure you’ve seen in the news, British Airways has been hit with a series of operational problems this summer. The latest setback was last week’s IT outage, which drove staff to cancel more than 90 flights across 3 London airports.
Throngs of would-be holidaymakers gathered at Heathrow, Gatwick and London City, while staff struggled to check them in. Passengers couldn’t check themselves in online either. The check-in system was down, and the systems allowing aircraft to depart were also affected.
BA said the IT outage was not a global issue, but involved two separate systems: one which deals with online check-in, and the other that deals with flight departures. The airline moved to backup manual systems to keep some flights operating.
There looks to be a problem with the way data is shared in those two systems, which is indicated by the fact that staff had to resort to manual systems to keep essential services up and running.
BA’s automation certainly creates a low-friction and personalised experience for the customer, but automation can of course go wrong from time to time, highlighting the need for considered risk management.
What lessons in business continuity are there to take from the BA systems outage, for small and medium sized businesses?
What’s the best way to prepare to respond to an IT outage?
Disaster recovery plans cover a range of areas, from what to do about business continuity, people, security, compliance, communication and reputation protection.
I expect that for the majority of SMEs, creating and managing a backup system (which includes servers, software, networking equipment and more) takes up too many resources. In these cases, outsourcing disaster recovery management to off-site IT managed service providers is an effective move.
What are the key elements of a disaster recovery plan for an SME, from the perspective of an IT managed service provider?
The key elements of a disaster recovery plan for an SME
1. Communication during the outage
Coordinating communications effectively across your organisation while the technical response is underway is a challenge. A variety of stakeholders will need to be kept informed and engaged with updates, including representatives from public relations, customer support and legal.
A disaster recovery plan, if written “properly”, will set out your processes for ensuring effective communication during an outage, enabling your team to stay as productive and as informed as possible.
Here are a few classic tips for simplifying your outage communication plan:
If your primary system goes down, your backup system needs to maintain controls so that your data is backed up and versioned in a way that adheres to regulations – which also prepares your business for the event of an IT audit or governance review.
Maintaining GDPR controls is absolutely key here. New privacy regulations like the GDPR are requiring businesses to reestablish data protection controls, which includes the backup and recovery of data in some cases. The legal obligation to demonstrate that you’re processing data according to GDPR policy has meant that it’s now easier for us all to boost our disaster recovery.
What are the essential steps for SMEs to take to demonstrate compliance?
3. Proactive cyber security
Proactive monitoring and management of your IT systems enables you to reduce the risk of security breach and outage or malfunction. As a result, there should be less damage to productivity and customer relationships, less time spent dealing with IT issues by senior management and more predictable IT costs.
Here’s a summary of the cyber security “essentials” for SMEs:
4. Why include an IT managed service provider in your disaster recovery plan?
For the majority of SMEs, creating and managing a disaster recovery plan and a business continuity solution demands too many resources.
An IT managed service provider would normally undertake an assessment of your IT to design a disaster recovery plan and business continuity solution with your situation in mind. The nature of the service is such that your plan is managed, updated and regularly tested by the IT managed service provider.
By outsourcing the management of your disaster recovery plan to an IT managed service provider, your team should benefit from less disruption caused by IT outages or malfunctions, better system performance and more time to focus on day-to-day responsibilities that add value to the business. When intervention is needed, your response should be faster and more effective.
A proactive approach to management and monitoring also results in increased predictability of cost.
What should you ask an IT managed service provider to see if their approach to business continuity and disaster recovery will suit you?
Use this handy cheat-sheet to find out if you’d work together effectively. Get the answer to 5 key questions, including: