Planning For Business Continuity & Service Affecting Issues

Planning For Business Continuity & Service Affecting Issues

Tony Leary

Tony Leary

Chief Information Security, Kerv Digital|Kerv Digital

Published 24/10/22 under:

Have a question?

Get in touch

In terms of the post Covid era, the lessons of the last few years are clear.  Business continuity means that workforces over the globe were forced to adapt quickly and in some cases very dramatically.  Does that mean now that this process should begin to slow down?  Absolutely not.

For those that are keen on laying out a roadmap for the future, in this blog our Chief Information Security Officer, Tony Leary, lays out the fundamentals that you’ll need to bear in mind.

First and foremost, always remember that planning for service-affecting issues is good practice and may keep you in business! 

Pre-pandemic, disaster recovery and business continuity were topics many found contrived, and perhaps even pointless. But those organisations that had a documented and tested ‘work from home’ business continuity plan, perhaps to mitigate the loss of a key building, likely coped with the first Covid lockdown better than those that didn’t.

Time is of the Essence

Business continuity as ‘availability’ forms part of the information security ‘CIA triad’ along with confidentiality and integrity, so it’s very much part of IT security architecture and governance practice. Availability is usually expressed as a % of uptime over a period e.g., 99.9% measured monthly means that a service may have up to 0.1% (a bit under 45mins) of unplanned downtime a month. As availability is usually backed by a contractual agreement, IT suppliers must be confident that they can comfortably meet this figure for their service. Confident rather than certain, as availability represents the perhaps the most expensive risks to mitigate, given component failures are usually mitigated by adding spare capacity that may only be used if a failure occurs.

Breaking Down the Breakdowns

In common with every other aspect of IT, there are a plethora of initialisms. Besides availability, business continuity is often referred to as disaster recovery (DR) or service continuity. Some other terms that it’s good to be aware of are:

  • RPO: Recovery Point Objective: in simple terms, this represents the maximum amount of data a service consumer is willing to lose if the service fails, so a 1hr RPO means up to an hour of data would be lost.
  • RTO: Recovery Time Objective: how long it should take to recover a service following an incident that impacted its availability.
  • MTPD: Maximum Tolerable Period of Disruption: the time an organisation can tolerate the loss of a service, given any other processes, such as rekeying in that 1hr of lost data, that may be necessary following service recovery.


The relationship between these three terms is typically RPO<RTO<MTPD, e.g., while up to one hour of data may be lost, up to twenty four hours may be needed to restore the whole system (24 hour RTO) and there may then be a further 12 hours allowed to key in data recorded elsewhere (perhaps even on paper) while the service was down, giving an MTPD of 36 hours.

So where do these values come from? First, business stakeholders must provide the MTPD envelope that a service is required to operate within. Next would be any constraints from third parties and/or vendor technologies: enterprises rarely operate in isolation, and are often dependent on other, existing services or platforms. Once the service is built, but before it is ‘live’, testing is vital to prove that the requirements can be met.

It’s easy to see this is an area that is critical to understand for any new service. Quantifying customer risk appetite helps architects narrow down architectural options, whether they are building a service, or selecting one from a third party, who may be willing to commit to RPO/RTO figures in a contract.

The Cloud Continuity Conundrum

The emergence of cloud services has altered the IT and security landscape in lots of ways, so it shouldn’t be surprising that approaches to business continuity need to change too.

Cloud services are built from the ground up to be highly resilient and are obviously closely monitored by vendor support teams, so are likely to be more reliable than the majority of traditional, on-premise services that customers may run themselves.

Of the three main types of cloud product; infrastructure-as-a-service (IaaS) and platform-aaS, which are based on discrete components, do usually offer various options around resilience, whereas Software-aaS is typically provided as a full managed service and ‘sold as seen’ with only an availability SLA.

While there are pockets of RPO/RTO SLAs from Azure and AWS (usually for IaaS products) the vast majority of services only offer an availability SLA.

While you may not get a contracted RPO/RTO SLA from a cloud provider, there may be the possibility of assuring one yourself through testing e.g. replicating a failover by directing/blocking  network traffic, or disabling components.

This approach has its limits however, as some services are so abstracted that they provide no way for a cloud consumer to force any kind of failover. Azure Functions, even when deployed to a single AZ (without resilience) cannot be deployed to an alternate AZ – that configuration is entirely hidden from the consumer. It’s therefore possible (and likely when using PaaS and SaaS) to build a service from cloud components that offer neither an RPO/RTO SLA, nor the means to test the service to establish one manually.

RT-Au Revoir?

Where does this leave industry standard metrics such as RTO? It’s fair to say that its relevance will fade as more services move towards the cloud, based on the services offered currently. Though conversely perhaps cloud providers needing to both attract on-premise hold-outs, while differentiating themselves, may see an opportunity in providing RPO and RTO SLAs in the future.  In the meantime, it’s vital for architects and stakeholders to take such constraints into account as early in the project lifecycle.

Related Articles

You might also be interested in

From our world to yours

Compliance monitoring under the spotlight

From our world to yours

The rise of business messaging apps and the need to stay on...

From our world to yours

Compliance: important ownership changes while adapting for flexible remote workforces

From our world to yours

Data silos and legacy compliance monitoring systems – barriers to effective surveillance...

From our world to yours

What it takes to top the Gartner CCaaS Magic Quadrant

From our world to yours

Why gamification is topping the bill for contact centre agent workforce management...

From our world to yours

8 contact centre trends to future proof your business

From our world to yours

Spotlight on Local Government – Where is CX heading for citizens?

From our world to yours

Think bigger with Microsoft Teams.

From our world to yours

Microsoft Teams is here to stay, what’s the next step?

From our world to yours

At Kerv we want to make customer-first really mean something…

From our world to yours

Different by design

From our world to yours

How Engagement Technology is Transforming the Membership Sector

From our world to yours

A modern CRM system needs a modern data platform

From our world to yours

What is… Microsoft Cloud for NonProfit?

From our world to yours

6 Back-office technologies modern supply chains should already be using

From our world to yours

Re-imagining CX in a golden age of integrations – combining Genesys and...

From our world to yours

Maximising CX value through AI-driven digital engagement

From our world to yours

Experience as a Service: What it is, why it’s important and where...

From our world to yours

Achieving empathy across digital channels

From our world to yours

Redesigning CX from the ground up

From our world to yours

Genesys EMEA Cloud Partner of the Year 2020

From our world to yours

Life at Kerv Digital As A Functional Consultant

From our world to yours

Life @ Kerv Digital as an Apprentice Power Platform Consultant

From our world to yours

How To Increase Efficiency With Dynamics 365 Supply Chain Management

From our world to yours

Supply Chain Control Towers – The Tech That’s Changing Logistics Forever

From our world to yours

Supply Chain Digital Twins – The What, The Who & The Why...

From our world to yours

On-Demand Logistics & The Tech That Makes It Possible

From our world to yours

What Is… Insurtech?

From our world to yours

What Is… Microsoft Cloud For NonProfit?

From our world to yours

16 Times You’ve Been Using Artificial Intelligence Without Realising

From our world to yours

Jack’s Worried – His Website Is Losing Him Dues Paying Members

From our world to yours

From Paper Based To Cutting Edge… With Zero Downtime

From our world to yours

Life at Kerv Digital as a UX Designer

From our world to yours

Sarah is Sad – Her Staff Aren’t Finding New Members Or Engaging...

From our world to yours

How To Squeeze Hidden Value From The Hidden Data You Didn’t Know...

From our world to yours

Reducing Member Churn & Delivering Member Insights With Data Science

From our world to yours

Life @ Kerv Digital As A Dynamics Functional Consultant

From our world to yours

The Effect Fintech Is Having On Our Everyday Lives

From our world to yours

Dealing With Ethical Walls In Tech… Ethically

From our world to yours

Life @ Kerv Digital As A DevSecOps Engineer

From our world to yours

IOT: Dragging The Future Of Healthcare Into Today

From our world to yours

How Will Tech Revolutionise Health Care Over The Next Half Century?

From our world to yours

Empowering Public Transport With Big Data

From our world to yours

Putting Patients First Vs. Cost Concerns

From our world to yours

Life @ Kerv Digital As A Power Platform Solution Architect

From our world to yours

What’s The Best CRM For The Membership Sector?

From our world to yours

How Remote Patient Monitoring Data Can Drive Health Efficiencies

From our world to yours

Is A Career In NonProfit Digital Transformation Rewarding?

From our world to yours

Six Back-Office Functions NonProfits Should Be Using Robotic Process Automation For

From our world to yours

How Data Storage Management Will Change In 2022

From our world to yours

Business Central Vs Sage – Which Does Your Organisation Need?

From our world to yours

How To Debug Something With A Rubber Duck

From our world to yours

Using Design Thinking To Empower Digital Transformations

From our world to yours

How Business Central Can Keep You GDPR Compliant

From our world to yours

What Can Business Central Actually Do?

From our world to yours

Why Data Classification Is Vital To Your Organisation (And How To Easily...

From our world to yours

How To Inspect Items When Using The Execute Pipeline Activity In ADF/Synapse...

From our world to yours

How To Create UI Flow’s In Power Automate

From our world to yours

D365 BC Vs D365 FO: Let’s Settle This Once And For All!

From our world to yours

How To Drive Donor Engagement With Kerv Digital’s Free Powerups

From our world to yours

9 Awesome Benefits To The Microsoft Dataverse

From our world to yours

Canvas Apps Vs Model-Driven Apps

From our world to yours

How To Set Up Field Monitoring In Business Central

From our world to yours

Check Out The Benefits Of The Microsoft Catalyst IDEA Framework…

From our world to yours

Component Led Development, Or… How To Make Your Organisation Instantly More Resilient

From our world to yours

How To Achieve A Single Customer View In 5 Easy Steps

From our world to yours

Best Practice For Creating Cloud Flows With Microsoft Power Automate

From our world to yours

Legacy Estate Reduction… Or When To Get Rid Of Old Tech

From our world to yours

What Is Fintech?

From our world to yours

How To Get Better At: Online Continuous Personal Development (CPD)

From our world to yours

Virtual Exam Proctoring (Or How To Stop People Googling The Answers At...

From our world to yours

How Hyperautomation’s Benefiting PAO’s (Professional Accountancy Organisations)

From our world to yours

Cyber Security For Remote Working… How Everyone Can (And Has To) Pitch...

From our world to yours

What Is An Advanced Persistent Threat (APT’S) Attack?

From our world to yours

Visualising Your Data Differently With Power BI

From our world to yours

Database Marketing – What Is It & How Can You Benefit From...

From our world to yours

Microsoft Dynamics Cloud Licensing Options – What’s Available?

From our world to yours

Privacy By Design – What You Need To Know

From our world to yours

How To Connect To A Named Sandbox Environment

From our world to yours

What Are The Different Types Of Cloud Licensing Agreements?

From our world to yours

How To Export To Text Files From Microsoft’s Business Central SAAS

From our world to yours

Technical Debt – The What, Why, When & How Do I Get...

From our world to yours

Ensuring Business Continuity With The Microsoft Stack

From our world to yours

What’s The Best CRM For The NonProfit Sector?

From our world to yours

Rage Donations – How To Engage Past The ‘Now’

From our world to yours

What Is It & How To Avoid: Vendor Lock-In

From our world to yours

The Bad Guys Don’t Care You’re The Good Guys

From our world to yours

Build The Future Of The NonProfit Sector… Today

From our world to yours

Data Protection & Artificial Intelligence: Best Practice

From our world to yours

Shadow IT – 9 Things To Look Out For & 1 Unexpected...

From our world to yours

Organisational Debt & Why It Makes Digital Transformation Hard

From our world to yours

Discussing All Things RPA… Robotic Process Automation

From our world to yours

Creating A Low Code App Using PowerApps & The Power Platform

From our world to yours

Now’s The Time To Get Excited About Cognitive Search

From our world to yours

If You Don’t Have An Automated Deployment Process… You’re Already Obsolete

From our world to yours

Tips & Tricks To Creating Successful Volunteer Management Systems

From our world to yours

The Five Types Of Cyber Criminals

From our world to yours

Security-By-Design: Or… Better Safe Than Sorry!

From our world to yours

Leading With Technology In The Membership Sector

From our world to yours

What Does IAAS, PAAS & SAAS Stand For?

From our world to yours

What Is Business Architecture?

From our world to yours

What Is Data Gravity? (And How Your Organisation Can Benefit From It)

From our world to yours

How To Fix DateTime Stamps In Microsoft Dynamics 365

From our world to yours

6 Easy Steps For Promoting A Culture Of Cyber Security

From our world to yours

15 Cyber Security ‘Things’ To Safeguard Your Business

From our world to yours

Microsoft Dynamics 365: Settings In solutions

From our world to yours

13 Ways To Save Money When Using Microsoft Azure

From our world to yours

The Problems With Addresses In Microsoft Dynamics 365

From our world to yours

Understanding The Benefits Of Predictive Science In The NonProfit Sector

From our world to yours

Top 6 Digital Impacts On Membership Organisations

From our world to yours

The 7 Stages Of A Successful AI Project

From our world to yours

What’s The Difference Between UI And UX?

From our world to yours

8 Ways Your Business Can Increase Turnover With Big Data

From our world to yours

Dynamics 365 In NonProfits

From our world to yours

Kerv acquires TDS Global Communications Compliance Practice

From our world to yours

What is Microsoft’s Power Automate?

From our world to yours

What is InvestTech?

From our world to yours

Derek Is Stressed – His Purchasing Team Aren’t Coping With Long Winded...

From our world to yours

Life @ Kerv Digital As A Jnr DevSecOps Engineer…

From our world to yours

Life @ Kerv Digital As A Principal Architect

From our world to yours

Life @ Kerv Digital As An Azure DevSecOps Engineer…

From our world to yours

Life @ Kerv Digital As Head Of Client Services, Public Sector

From our world to yours

Life @ Kerv Digital As A Junior DevSecOps Engineer

From our world to yours

Life @ Kerv Digital As A Graphic Designer

From our world to yours

Microsoft Inspire 2022 – Here’s All The Big Announcements!

From our world to yours

The Need for WhatsApp Compliance Recording

From our world to yours

Life @ Kerv Digital As A UX Researcher

From our world to yours

Life @Kerv Digital As A Senior Delivery Manager

From our world to yours

Life @ Kerv Digital As A Senior Delivery Manager

From our world to yours

Data Silos and Legacy Compliance Monitoring Systems – Barriers to Effective Surveillance...

From our world to yours

Kerv and Venari Security Partner to Widen the Lens of Enterprise Encryption

From our world to yours

4 reasons why you need to review your virtual desktop infrastructure

From our world to yours

Kerv Digital: Breaking New Ground

From our world to yours

5 Ways to Record Mobile Voice & SMS for Regulatory Compliance

From our world to yours

Kerv Experience at Genesys UK&I G-Summit 2022

From our world to yours

Local Government CX Roundtable – Key Takeaways

From our world to yours

Kerv Digital @ South Coast Summit 2022

From our world to yours

Will SD-WAN really save money and why you must take a proper...

From our world to yours

Data Platform Pragmatism

From our world to yours

Why your network infrastructure is key in mergers and acquisitions

From our world to yours

Rapid Site Deployment and its Impact on Retail Profitability Across Store Locations

From our world to yours

Application Performance: User Experience

From our world to yours

Taking the guesswork out of managing your future bandwidth demand

From our world to yours

How SD-WAN enables service provider flexibility, enhancing connectivity and reducing cost

From our world to yours

Cloud is not a destination

From our world to yours

Working Wellness: More Kerv Digital Benefits

From our world to yours

Understanding EX: Achieving the utmost from workforce engagement management (WEM)

From our world to yours

4 Things to Bear in Mind About MS Teams Policy Based Recording

From our world to yours

Deciphering Digital Transformation

From our world to yours

Life at Kerv as a Billing & Operations Co-Ordinator

From our world to yours

Kerv Digital & Microsoft Solutions Partner Designations

From our world to yours

Helping With Hackathon Fundamentals

Have a question?

Leave your details and a member of the team will be in touch to help.
By pressing send, you agree to our Terms and Conditions and Privacy Policy.
This field is for validation purposes and should be left unchanged.