The news about Japan is going to haunt us for very long. The
devastating combination of earthquake and tsunami and its impact on
the country and people is beyond imagination. A disaster of this
magnitude is enough to cripple any society, but when you add the
danger to the nuclear reactors, the scale of potential damage is
enormous. I pray to God that this courageous and resilient nation
comes out of this calamity as soon as possible.
This reminds me of a specific area of preparedness that most of us
neglect. Our discussions and plans always revolve around the
Business Continuity and Disaster Recovery Planning of an
organization. Hardly any preparations are done for Personal BCP
which is as important, if not more. Some basic questions which we
should be able to answer to test our preparedness are:
- Have I planned for sudden catastrophic events, such as the
destruction of my house, that may personally affect me?
- Have I documented everything that I need to access to survive a
disaster?
- How will my family, friends, and colleagues cope with my
absence, if I suddenly die?
- Does my family know where they can access everything of
importance?
- Have I explained to my family what they need to know and do in
case of an emergency?
- How will I manage, if stranded during travel, without papers,
money, credit cards, and contacts?
- How will I access important phone numbers, if my personal
digital assistant (PDA)/mobile phone is stolen or lost?
- How will I access important email addresses, if my laptop is
stolen or lost?
If we can confidently say yes to all the above questions, we
probably have a good PBCP. If not, we need to prepare one.
You should follow the same structured approach for preparation of
PBCP as done by
an organization.
Do a Business Impact Analysis (BIA) to identify the critical
business processes which you perform. Find out how long you can
manage without these processes. For example, may be the e-mail is a
critical business process for you.
Based on identification of the critical business processes, do a
Risk Assessment to identify the type of risks which you are likely
to face and their impact. For e-mail, you have the risk of the .pst
file getting corrupted or losing your contact list and so on. You
may decide to reduce, transfer, accept or avoid these risks.
However, you should not ignore any of the risks.
The next important decision will be the PBCP strategy that you
should adopt. You should adopt a strategy which can be built as
part of your daily routine. This should not become too much of an
overload on your already busy work schedule. Keeping a backup of
the .pst file may be a routine activity you should follow at the
end of day, and the strategy could be to carry the file on a USB
drive along with other documents.
Documenting the plan and procedures will be the other activity
which you will have to follow. Your strategy should be documented
and the plans should be distributed to all the persons who may
require to use the plan in an emergency. Your distribution list may
have your family and colleagues depending upon the type of
information you want them to have in your absence. You may also
document the complete address lists of all the contacts and have
both, electronic as well as paper backup for it.
No one ever wants to be in a situation where a PBCP has to be
invoked. But if you ever are in such a situation, you will be
thankful that you created and maintained your PBCP.
The writer is Director,
COO and Head of Delivery at MIEL e-Security. He can be contacted at
awkadam@mielesecurity.com.