"Recapture every single business process within the organisation. Find out exactly the risk to the organisation, and the technology that supports it. See how long it takes to recover, and find the gap between business needs and technology. Do a technology roadmap, said Rogers.
"Every business is different," noted Rogers, "Acknowledge every single threat, and know your business inside out."
Proven Methodology, Professional Expertise
Backed by more than seven business recovery centres in six ASEAN countries, together with a team of experienced business continuity professionals, IBM is well-placed to offer objective, industry-specific analysis of its clients' business resiliency and exposure to risks. It has the proven tools and methods for developing a comprehensive, dynamic risk mitigation strategy.
During the Q&A session, Rogers was asked about the safety of client data when clients work with vendors like IBM, given that IBM will have access to their "sensitive" data. Rogers answered that the contractual and non-disclosure agreements would ensure that sensitive data is kept confidential. He also assured that the information will not be used in any way by IBM, except for snapshots of high level analysis and that is only with express permission from IBM's client.
In response to a query from Jeromy Wells, CEO of Whispir, about the trends surrounding cloud-based recovery, Rogers responded that from a risk perspective, cloud-based recovery helps to reduce the points of failure as there is a diversification of locations where the corporate data is stored.
Eng Poh Tzan, Chief Quality Officer and Senior VP of NatSteel, noted that every organisation has its blind spots, and asked how companies should ensure that the business continuity plan is a "living" one that is updated and effective.
Rogers says that a good and effective continuity plan should be regularly updated, tested and approved. "Start by writing a good plan, by talking to the different system owners, such as to the marketing and sales department to understand their processes and requirements. Have a business continuity champion, with staff responsible for maintaining the business continuity/disaster recovery document, and ensuring that any changes are effected. All employees need to be aware of the plan, its importance, and take ownership of it," he said.
"Any change management processes should also be included in the business continuity/disaster recovery plan. Finally, test the plan every quarter or six months."
Sign up for CIO Asia eNewsletters.