BCM is not Infrastructure
It is all time the same. Nobody know why, but the myth of “we must have bcm” is in everyone’s ear within IT department. First enthusiasts start reading what BCM (Business Continuity Management) should look like and immediately the first failure begins:
- BCM is a Business topic
- IT should be invited to join business wide BCM and not vice versa
- BCM is a process driven topic, not infrastructure
So BCM is much more a company wide umbrella and as IT Service Continuity Management in ITIL v2 already claims, the mission of the IT is to support the Business Continuity, not to run, drive it.
What we often see ist that there is often seen a direct link between resilience, high availability and BCM. Yes, at the end, all those kinds of providing a more robust service will likely be part of the mitigation plan of the BCM initiative but keep in mind that BCM for IT is:
- Define business critical processes
- Define technical services supporting those
- Assess and analyse risks assiociated to those services
- Define action plan for those risks (accept, mitigate ,delegate, solve)
- Define operations handbook and declare how desaster process is invoked by ops stuff
- ….
Reading those lines shows that only the mitigation/solve in the risk plan is a real “technology” part.
Definitely it is always a good idea to think about risks and how to mitigate, solve or whatever. BCM is much more a method to drive your thoughts/ideas to the mission critical services, nearly nobody will need a resilient lab 🙂 in terms of a desaster (except you are a research organization). So focus on your value supporting technology and do your best and stop thinking in a tech-way only, it is the business which should be supported, not the nice blinking light in your Rack ^^
2 people are a NOC
Despite the fact that people cost money you will never be able to run a commercial 24/7 site with just 2 people in a secure and safe 24/7 way. On the one hand side you burn your employeees on the other hand side you will potentially break local law regarding workers rights.
And, to be honest, If you want to run your application you have to think about what the work of an NOC will be, is it?
- monitoring, remediation
- reporting, escalations
or even?
- application support
- ops tool maintainance
- tasks like backup, rollback
- qa topics?
the more you think about the more you will come to the conclusion that an active NOC can be a major advantage for your organisation and business. So, if it is not built as a technical Call Center but moch more as the name claims an operations center, than you will gain major advantages. But his means, that you need a structure and the right people, not 2 potentially not hundreds. And you need time, a working NOC is not a matter of a bunch of definitions and nice mission statements. You need role separation (dev, sys engineering, ops, noc), technical clarification and setup of the NOC itself, including processes, space, people and resources.
So what does this mean for startups?
You should potentially think about a shared NOC or think about when the right point will be for thinking about a NOC. And believe me, there will be long time no potential need for getting such an or structure up and running. Try to work based on OnCall procedures as long as possible. NOC costs money, even if there is major benefit. And a NOC requires working structures and procedures. So only start building a NOC if you are already aware of processes.
Tom Peruzzi's thoughts on digital, innovation, IT and operations 
leave a comment