An ‘alternate workspace’ (either at your own locations, or contracted through a 3rd party provider) can be a vital component of a viable Business Continuity strategy; but only if the strategy works as intended.
An earlier article discussed Alternate Site Logistics – transportation, access and accommodations. But you’ll also need to make sure to build technical access into every BCP which may rely on an alternate site strategy.
Let’s assume in that hypothetical Alternate Workspace strategy the designated employees arrive safely and are granted access to their alternate workspace.
He or she sits down at their assigned seat, boots up the PC or laptop on the desk – but will they be able to log on? Does that device (or the network) recognize them based on the username & password (or token) they use at their own desk?
This is especially true at 3rd party sites – where costs mount by the hour, from the moment of declaration. Briefing responders on access protocols wastes time. Time wasted is money lost. Will those 3rd party desktops have the same functionality and familiarity users are accustomed to? Will special software or applications require designated users to have administrative rights – and will those be readily available? Who supplies Desktop Support – the provider or your own organization? If the latter, have adequate personnel been included in the appropriate IT Recovery Plan? Neither planners nor responders will know those answers unless the questions are asked during the planning phase.
Even when using internal facilities, don’t assume the same access credentials that work at the home site will work at the alternate site. For many reasons – legacy, acquisition, hardware age, and more – IT security policy is not always followed to the letter. Will desktops images be appropriate (especially when ‘desk sharing’ is anticipated)? Will there be sufficient Desktop Support personnel available to handles issues and answer questions?
Assume nothing. Consult with IT Security (or the liaison with the site provider) when formulating the strategy to find out what will – or won’t – be necessary to assure access at the ‘alternate’ site.
Failure to understand and plan for access in an Alternate Site strategy will cause headaches and frustration. But those can be avoided by asking the proper questions during the planning phase (and reiterating them each time the Plan is updated). You can only plan for what you know – so find out what you need before you write those Alternate Site procedures.
