Written by Jeff Clemons, Director of Global Certifications and Audits, MSPAlliance
Business Continuity Planning and Testing for MSPs
MSPs are expected to have the skills and resources to handle Customers (and their own) technology related disasters. Whether it be an inaccessible network, maxed out VMs/servers or (more recently) ransomware attacks, today’s MSPs have the skills and resources to assist their Customers in their time of need. In these instances, the size and complexity of the problem don’t matter to your Customer – all that matters is that until the problem goes away, it’s a disaster to your Customer. MSPs are expected to be technology disaster experts.
However, being a technology disaster expert is only half of the equation when it comes to being an effective MSP and a reliable partner to Customers. MSPs must also be able to ensure that when disaster hits them, they have the mechanisms and structure in place to ensure that business continues as usual. MSPs have to be the expert of their own Business Continuity.
Disaster Recovery vs. Business Continuity
In the certified MSP community, the terms Disaster Recovery (DR) and Business Continuity (BC) are often used interchangeably – so much so that during the certification process, MSPs usually tell us they have either a completed or are in the process of completing a DR/BC Plan. While there is nothing wrong with this, we typically find that DR/BC plan documentation is heavy on the DR and light on the BC. Documenting and implementing a DR plan is easy, while an effective BC strategy requires the formal planning and response readiness (testing) of the impact of a disaster on an MSP’s business. At its core, an MSP’s DR should be a component of an MSP’s overall BC planning activities.
BC Planning and Response Readiness
For MSPs, BC planning and response readiness should (generally) address four main areas/questions:
Disaster Risk Analysis – what are the types of disasters that could affect our business operations?
Disaster Impact Analysis – what is the potential impact of the identified disasters on your short and long-term business operations?
Response Strategy – what is our overall strategy to ensure continued, uninterrupted business operations in the event of a disaster?
Response Readiness – what is the level of readiness of our organization to execute the response strategy in the event of a disaster?
Using the first three areas/questions as the basis of a BC plan and process (in addition to existing DR policies and procedures), an MSP can begin to document the steps necessary to address and respond to disasters that may impact your business. However, all of the planning can be undone in an instant without properly evaluating and testing the readiness of your organization to execute the plan.
For these reasons, an effective BC plan and process should be reviewed and tested at least annually. Furthermore, the testing of the BC plan should be inclusive of personnel throughout the organization (both technical and non-technical staff) and focus on the execution of the BC as a whole, while excluding the technological DR policies and procedures handled as part of the MSP’s daily operations.
If you are interested in testing your DR and BC plan and would like a free consultation, please contact info@mspalliance.com for more information.
The post Is Your MSP Practice Tested? appeared first on MSP Alliance.
