Skip to content
You Are Here Home : Weissman’s World Blog : Governance and Business Resilience: Removing the Guesswork from Rapid Recovery

Governance and Business Resilience: Removing the Guesswork from Rapid Recovery

flooded archive room

Imagine a burst pipe floods your records room, or a wildfire burns your building, or a cyber incident takes down your vital systems. Do you know what kinds of information and which of your repositories are most critical for you to most quickly restore? If not, or if you haven’t checked lately, then governance is how to most effectively remove the guesswork from your initial recovery efforts.

Not having answers – or relying on old ones – risks the loss of serious time and money while you figure out how to get up and running. These are costs that no organization can afford.

Work Backwards from Risk

Business resilience is often approached as “disaster recovery” and viewed as IT’s responsibility. While it’s true that IT restores your systems, it’s information governance that determines what should be restored first and why, and the criteria here are all about risk – which is why “business resilience” is much better term and mindset.

Among other things, effective governance identifies your most critical data assets, maps where they are stored, and documents their value and vulnerabilities. Without this knowledge, the priorities and speed of recovery become a guessing game, and the consequences escalate quickly:

  • Sales can’t be booked because customer accounts can’t be accessed.
  • Finance cannot process invoices or payroll because systems are down.
  • Regulatory obligations may be missed because records can’t be retrieved.
  • Confident decisions can’t be made because critical business data is unavailable.
  • Customer confidence erodes with every passing hour.

Bringing the systems back online is certainly atop the priority list. But determining which systems and in what order is a function of the information they contain and the role this data plays in your daily operations. This is the province of governance.

Plan and Practice with Intention

The process should begin by identifying which information types are most critical to your business, and which of the systems they are stored in are most vulnerable to disruption due to their location, age, etc. Since these are the most likely to be affected, they should be at the top of the list.

Next, develop a prioritized recovery procedure that aligns with these results. Identify your mission-critical records, assign recovery priorities, document dependencies between systems and information, and ensure key stakeholders understand their roles. Then test the plan through tabletop exercises or recovery simulations. Like any emergency procedure, a recovery plan is only as effective as the last time it was practiced, so practice you must.

Remember, the organizations that recover most quickly and effectively are those that have invested the time to understand their information, prioritize what matters most, and rehearse their response with intent, long before disaster strikes. Do otherwise, and you’ll be making guesses precisely when you can afford it the least.

Leave a Comment

Discover more from Holly Group LLC

Subscribe now to keep reading and get access to the full archive.

Continue reading