11 key points when assessing your business continuity provider’s infrastructure
For true peace of mind, you need to be sure your business continuity provider has the right quality of infrastructure and technology to ensure resilience. Our checklist will help ensure your business continuity provider has the right stuff.
By Collet Dunne, Client Manager, ContinuitySA
When choosing a specialist business continuity provider, it is critical to ensure that its basic technology and facilities infrastructure is properly designed and commissioned to ensure it provides the foundation for resilience. This is particularly true when it comes to technology, given the critical role that cyber resilience plays in the organisation’s resilience to disaster.
Based on ContinuitySA’s decades of experience as a leading provider of quality business continuity and resilience services, these are some key points to cover when interviewing a prospective business continuity provider about its technology and facilities:
- Reputation. What experience does the provider have, and can it provide any references?
- Core Business. Is the CORE business of the provider that of business continuity? What is its portfolio and scope of services? Does the provider offer an end-to-end portfolio of services, not limited to physical and technological recovery, but inclusive of advisory services speaking to the full BC life cycle?
- Premises and building management. Are its premises located in a safe and convenient area? Do they comply with relevant safety, health, environment and quality regulations and standards? Does the work-area recovery facility provide a suitable and pleasant environment for your staff?
- Accessibility. Are the data centres close to public transport, and do they offer proper access to the disabled? Can emergency services reach them easily at need?
- Parking. Is there secure parking?
- Security. Is there enough security staff on the premises 24/7? Are the premises monitored by CCTV, and is there adequate access control?
- Connectivity. Does the provider provide access to all the major network providers?
- Technology. Is there on-site technical desktop support? Is there a centralised service desk providing change and incident management? Is the data appropriately secured?
- Telephony. Is there a fully customisable PBX system? Does the facility provide for specialist call centre capabilities, including headsets and call flow capabilities? Does it offer reporting and management?
- Hospitality. Do the premises provide pleasant pause areas and kitchen/ canteen facilities?
- Flexibility. Are the premises designed to accommodate varying requirements in terms of seats?
- Data centre. Is the data centre N-rated, i.e. where “N” is the minimum components without redundancy, what additional back-up is available for the different data centre components (generator, UPS, air conditioning)? Does it have adequate cooling and power—as well as standby power (including generators and UPSs) and fire suppression? Is the data centre itself secured via access control and CCTV monitoring, and are individual racks/vaults secured? Is the technology and hardware of the correct standard, and does the data centre adhere to ISO standards and best practice guidelines? Are regular maintenance checks performed on the UPSs and generator?
- Vendor Agnostic. Is the provider limited in their connectivity, hardware, software and other infrastructure use of providers? Are clients able to make use of their own providers as part of their continuity solution?
- Standards/Benchmarks/Process. Does the provider subscribe to industry standards/benchmarks? Are the provider’s processes documented and regularly tested?