Business Continuity - Risk vs. Impact

Author: Craig Pollack Date: Feb 14, 2019 Topics: General Business Owner Blogs, Business Continuity

I believe everything in life is a learning opportunity. I also believe all facets of our lives are interconnected. So, if something happens in my personal life, I tend to think about how it relates in some way to my professional life.  Case in point - I recently tore up my shoulder.  After one doctor's visit saying I needed surgery and another who said I should just do Physical Therapy, I was navigating through what exactly was wrong so that I could understand what the impact was truly going to be.  Clearly, the difference in rehab between these two options and the impact to my life was significant.  At the same time, I was already thinking about how this relates to what's going on at the office...

As with anything, when you play a sport you're assuming some amount of risk.  In this case, I've been playing for years now and thought the risk was minimal.  What I really didn't truly consider was the impact if that risk came to bear.  What I mean by this is I know I could have gotten hurt, but I really didn't take into account to what degree AND what the impact to my life it would really be.  While I know I'm not going to be permanently disabled, to say I'm only slightly impacted is an understatement!  
The same goes for risk evaluation in the technology world. I don't know how many clients we talk to who decide things based only on the risk involved and NOT truly taking into consideration the impacts of that risk.  And further, that "risk" they're usually basing their decision on is the statistically incorrect assumption that since "we've never had a crash therefore, we never will". Ha!
Or, when it does happen "we have a backup so we'll be fine".  More often than not, this "backup" is an external hard drive that only has part of their data and possibly not even the most recent version of things.  And let's not even get into the headache of restoring it - a time consuming nightmare at best and at worst will only provide for part of their daily needed information. 
So, while they're considering risk, they should more importantly really be thinking about the impact - ie: when we go down, what will this really look like?  And what will the true impact be to our business?  And how much is it worth to NOT have to go through this?  These are really the questions that should be considered in any Business Continuity discussion.
Way too many clients think "backup" means they'll be "back up" and in some (unrealisticly) short amount of time.  Never mind that the (partial) backup they have normally takes all night to run (so how could it possibly be restored in less time?). Or that the clients are missing their install media, or licensing codes aren't documented, or versions aren't kept current and the drivers don't work w/ the latest operating systems (these are only some of the hurdles we have to clear during a frantic disaster recovery). 
For our Managed Services clients who's network we completely own, this is a non-issue.  This is one of the beauties of an all-in Managed Service approach to IT. Otherwise, you're left to pick up the pieces and hope for the best.  At least that's the way it used to be.
Unfortunately, there are so many "moving parts" involved in managing technology infrastructure that when you have discussions about risk of failure it needs to be more of an ongoing discussion than a one time thing.  Keep in mind, often times these discussions could become outdated within the same year.  This only complicates the topic because the bar is always moving. 
And failure isn't only one thing.  Nothing happens in a vacuum.  Points of failure are merely links in a chain.  Everything is interconnected.  You have hard drives, power supplies, RAID configurations, local disks, network storage, server virtualization, offsite storage, cloud services, cloud applications, etc.  All of these have an impact on the ability to continue business operations after a failure.  But, most importantly - they impact the discussion needed.
And while we understand each and ever nook and cranny involved, most un-managed businesses simply don't.  When you clearly explain one concept, 6 months later it's outdated (whether because the technology has changed or the client's requirements have changed) and you need to explain it again only differently. Again, this is where having a holistic client-consultant relationship comes into play.
Again, my point is - it's really more about impact than it is about risk.  We need to be diligent with our clients on this.  And unfortunately, right now I know this personally only a little too well.


What do you think? Are you sure your business can withstand a crisis? Do you have a Business Continuity Plan in place? Is it current and accurate?  Has it been tested recently? Please share your thoughts in the comments section below or feel free to send me an email to discuss this in more detail.

New call-to-action

Subscribe here to get our "2 Minute Tuesday" email for valuable tips & tricks!


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.