Compliance and business continuity are inextricably linked. Directly cited in several of the major pieces of compliance legislation, the provision of highly reliable access to information is no longer an option but a requirement for many organisations.
Most forms of compliance compel enterprises to retain and protect critical business and customer data – and to make it retrievable when necessary. For example, the UK's Data Protection and Freedom of Information Acts require quick and reliable data retrieval systems, and their fixed deadlines for producing information demand a dependable environment.
Thus any organisation which may need to produce information under the terms of such legislation must have a business continuity plan (BCP) that will allow them to access important data at any time.
The need for a BCP is even written directly into specific laws. Rule 446 of the New York Stock Exchange, requires listed members to disclose their continuity plans for dealing with a major disruption to their business and demands a yearly review of the BCP. To add extra assurance to investors, several companies such as investment banks Morgan Stanley and Goldman Sachs, have posted their BCPs on their web sites.
Standards bodies, like the International Standards Organisation (ISO) and the Information Security and Audit Control Association (ISACA), offer guidance on the scope of BCPs. For example, the ISACA's Control Objectives for Information Technology (COBIT) encourages managers to "assess regularly the need for uninterruptible power supply batteries and generators for critical information technology applications".
And ISO17799, originally a Department of Trade and Industry code of practice in the UK, has an entire section entitled ‘Business Continuity Management', specifying how best to test, maintain and reassess continuity plans.
Those underscore the notion that continuity and solid business performance are two sides of the same coin. According to John Bace, an analyst at IT industry advisor, Gartner: "A corporate performance management framework that includes operational risk management procedures using business continuity planning will create an explicit link between compliance, performance management and value."
The compliance imperative for continuity has contributed to the resurgence in demand for data centre hosting or co-location. Pressures on companies to ensure the high-availability of their IT services has encouraged many to look for a third party supplier to take on the responsibilities and ensure high levels of corporate data availability.
That emphasises how compliance approaches can have significant business advantages that go beyond simply adhering to governmental or industry-wide rules.
And while not everyone is convinced (a recent sample survey by Gartner suggested that 75% of mid-sized businesses still feel that compliance efforts bring them no additional business benefits) the advice from analysts is still sound.
Compliance is a by-product of "running your business well, with good process and tight systems", says the Butler Group.