During times of uncertainty, it’s crucial to have a business continuity plan in place that will allow your company to operate and remain as resilient as possible. Before we review some best practices for defining and maintaining a business continuity plan, let’s answer a few questions you might be asking yourself about business continuity.
How does business continuity planning work? The act of business continuity planning involves pro-actively defining the process that your company would undertake in order to deal with potential threats that may affect a company’s means to operate effectively.
Does your company need a business continuity plan for Salesforce? In almost all cases - YES! One recent example is an information system company whose business continuity plan we helped get back on track. The company manages six Salesforce Clouds on one org and has a large, global partner community. With only the Weekly Export as a backup solution, the company was unknowingly putting their operations and customer experience at high risk.
Could you imagine most of your operations being down for seven days? On May 17th 2019, during a service disruption, the aforementioned company was unable to access their most recent data for seven days. Even more disruptive, was the fact that they were unable to run the six cloud integrations multiple departments relied on to do their jobs and service customers for that same amount of time.
Now that you hopefully understand the importance, here are three best practices for defining and maintaining a business continuity plan, including specific suggestions for the Salesforce platform.
1. Identify the Key Components of Your Plan.
First, determine your company’s required operational resources. Personnel and infrastructure (both SaaS and physical) are usually the most important resources for companies. Critical personnel, like your Salesforce operations team, should include those who are required to maintain operations within your company’s infrastructure. Some questions you should be asking yourself when defining these requirements are:
- What is the minimum number of personnel required to continue operations?
- Do enough personnel have critical skills or knowledge, or should others be hired or trained in the event of an emergency?
- Are your critical personnel aware of his or her role in the case of a disaster?
- Which parts of your infrastructure are prone to disaster?
- Which buildings or locations are required to be active during a disaster?
- What network and infrastructure components are required to meet your SLAs?
- For SaaS-specific applications, are your employees able to access and manage remotely?
How does the Salesforce platform fit into a business continuity plan? Numerous companies rely on Salesforce to keep track of their critical business data. According to the 2020 State of Salesforce Data Protection survey results, hundreds of companies said that they could not maintain business continuity if they lost their most critical Salesforce data, which included things like customer information, accounts, opportunities, and contracts. The survey results also show that 69% of respondents say their company may be at significant risk of user-inflicted data loss–a number which is likely to increase as more employees continue to work remotely due to the current global crisis.
If you’ve identified Salesforce as a critical component of your business, then it’s important to define your disaster recovery plan to account for any Salesforce data loss or data corruption.
2. Define Your Disaster Recovery Plan.
As you develop your disaster recovery plan, make sure you answer the following questions:
- What are our company’s SLA requirements to our customers?
- What are the areas of the business that need to be recovered, including personnel as well as physical and SaaS infrastructure?
- What is our necessary Recovery Time Objective (RTO) and Recovery Point Objective (RPO)?
What is RTO and RPO and why does it matter for companies on the Salesforce platform?
- Recovery Time Objective is the amount of time it will take your company to recover from a disaster.
- Recovery Point Objective is the amount of data that your company is willing to lose in the case of a disaster.
A defined RTO and RPO will allow your company to set metrics to minimize downtime and data loss. If you are using the Weekly Export from Salesforce, your current RPO is one week. In other words, if you ran a Weekly Export on Sunday, and then the following Saturday you had a large data loss, you would only be able recover data in its state from six days prior. In this scenario, you would be unable to recover using the Weekly Export because it was not included in your latest backup.
A question you should be asking yourself right now is if you were to lose your Salesforce CRM data, how much data would be lost? In other words, when was the last time you backed up your data? Also, how much time will it take to get your backup data back into operation? Have you tried to recover using your Weekly Export files to test your RTO?
RTO and RPO is different for all types of companies, but it is important to define these requirements and incorporate these metrics into your overall Business Continuity plan.
3. Test Your Business Continuity Plan Regularly.
Once you’ve outlined and defined a business continuity plan, you need to test it to ensure that it works. All personnel involved in the business continuity plan need to be present for each test so everyone is aware of their job responsibilities and roles in the case of disaster. At a minimum, companies need to be testing their business continuity plan annually to ensure all aspects of the plan are communicated to all parties.
An example of a Salesforce Business Continuity test would be to simulate a data loss (where data is deleted) and a data corruption (where data is updated). Then, using the current backup you have in place, retrieve the lost and corrupted data, and insert that data back into Salesforce. Make note of how much data was lost (your RPO) and how long did it take to recover your data back into Salesforce (your RTO). Running these tests regularly will ensure that your company is equipped and able to handle different disaster scenarios.