A contingency plan is a plan that lets you take effective actions to regain control over a situation that should not happen, but still may. It is closely related to risk management, as well as to terms such as disaster recovery and continuity plan. In terms of IT systems administration and maintenance, contingency plan depends on the partners and strategic areas of the company. There is a saying: forewarned is forearmed, but does business draw from that wisdom? Has the companies’ approach changed after the events of 2020? Should it even?
Ready, set, support!
Sadly, accidents happen, and you cannot avoid it. What you can avoid is being completely unprepared for that. So instead of waiting for the race to begin, take precautions beforehand. Looking from the point of view of a company that offers system administration services, we can name three types of cooperation between a company that needs support, and a supplier.
I Smaller company + the partner
In this case, we are talking about a smaller company that outsource the administration, maintenance and preparing the IT system, as well as preparing the continuity plan and disaster recovery plan. The responsibility is on the side of the partner that offers such services.
As the definition states, a small company hires up to 500 employees. But here, we are talking also about a company that hires 100 employees and have a great turnover. Such client pays all her attention to her business, leaving keeping the systems accessible to the partner. Why is that? Because under a certain number of employees, the company focuses almost entirely on the current business processes, and often has no resources or means to take care also of the maintenance of the system or handling the supporting tools. Outsourcing these tasks is a relief for the company and also an aware decision to supervise that area.
II Smaller company + the partner + the data processing centre
In this case we have three subjects involved: an SME, a partner supporting the IT system, and a data processing centre. Here, the responsibility for the hardware part is shifted to the third party. This scenario assumes that the equipment and IT services are outsourced to the data processing centre, and the part of consulting the administration of the system itself, maintaining the processes and keeping the data in good quality is a job for the partner and his modules consultants. This scenario is the most popular among smaller companies.
SLA Agreements ensure continuity of the processes carried out in the cloud (AWS, Google or SAP one) and of accessibility to the environments. But the details of the support after failures or specific disaster recovery agreements need to be settled between partners: which here means the data processing centre and the system administrators. Of course, this process must happen in agreement with the client. But the client’s role in this setting is to point out the key substantive and process areas.
III Large company with the IT support department + the partner/advisor
Let us take a look at large companies and corporate rules. Bigger companies with expanded structure often have their own IT departments, that take care of both hardware and software areas. Here, the client creates a contingency plan, business continuity plan and disaster recovery plan. The partner’ role in this case is to consult and give advice, and to support in creating a solution for specific situations. The company can also work on them with a partner, using their knowledge and experience.
In such cases, it is the internal IT department that is responsible for the hardware part of the plan of operating systems and databases – so the part that is strictly IT. For restoring of ERP or SAP systems and some business elements, and for launching the system and giving access to all authorized users a supporting partner is responsible.
It is very important, because even if the system is restored after a failure, it is not given that all its features will be working. For example, interfaces in the invoicing process, or in the system for checking the customer’s demands can be inaccessible. The same may happen to wireless warehouse management. The disaster recovery plan must consider all aspects and consequences of possible failures: for securing the hardware part, the network, operating systems and databases, to the continuity of ERP systems supporting the company, and to ensuring the users can use all the features.
The most important in this case is to identify situations that can happen. It is possible thanks when we gather experience and use the knowledge of not only the company, but also its supporting partner. Incidents are happening and some of them are inevitable, but their consequences are not disastrous, if we have scenarios prepared beforehand with the partner.
Actions proportional to the failure
Identifying the situation is crucial, as well as establishing, which part of the company can be affected. Does a server failure affect the whole company, or only some of the departments or several processes? Are those departments strategic? Imagine when it is a system connected to the data warehouse that crashes. In this situation, you need to have a plan for restoring the accessibility of this area and its functionalities. At the same time, you must remember the failure is not strategically important in the context of the whole business. Even without the access to data and analysis available thanks to the data warehouse, the company can still carry on.
Depending on which element crashes and what steps you need to take immediately, you can identify priorities and act accordingly to the effect the failure has on the company. It would not be wise to mobilize all consultants and ask them to work 24 hours to fix the data warehouse failure, if it could help get the report that is actually not even needed right now. You have to balance your efforts reasonably and proportionally to achieve the necessary result.
Pandemic lesson of business
The coronavirus pandemic uncovered some traits in the companies’ approach to business. It turns out that many companies are not identifying potential threats during times of prosperity. We do not think about pessimistic scenarios that could happen. The companies focus on their business goals, forgetting about the security of their IT systems. This area is not completely forgotten, but decisions that are supposed to ensure the greatest stability or modern technological environment are delayed.
The companies that are on top now, which businesses are growing, often do not find arguments to slow down this process or to stop some functionalities to take care of security issues. But ensuring the stability of the IT system and maintaining operation systems, ERP and databases in the newest possible version is a part of a disaster recovery plan and business continuity plan.
Sudden consequences of the coronavirus caused some business areas to stop being strategically important and became completely shut down. Of course, there are industries that during the pandemic recorded a huge economic leap, for example chemistry industry producing disinfectant liquid. But overall, the economic slowdown causes the weakening of business actions intensity. It turned out that this was the perfect time to take care of the technical side of a company.
At one hand, it is good that companies focused on the IT systems security area, on the other hand – it should not look like this. Taking care of support during the crisis should not be depended on better or worse stages in the business. It is crucial to keep a balance. Unless companies do not find the golden means, they will not have the possibility to prepare themselves for sudden problems. Remember: failures do not ask if we are ready for them.
Author: Jarosław Proskórnicki, SAP Expert Consultant
The article was first published in Finanse i Controlling.