Editor’s note: This post was updated in October 2024, with the latest information and resources.
If your organization relies on Salesforce, a Salesforce business continuity plan (BCP) is vital. Broadly speaking, a BCP is a framework designed to ensure that business operations can be maintained in the event of disruptions or disasters. This plan focuses on Salesforce applications and data.Your Salesforce business continuity plan must encompass procedures and actions that will guide your response to unforeseen events such as natural disasters, system failures, human errors, cyberattacks, or any other incident that could lead to data loss or system downtime. Below, we outline what a good Salesforce business continuity plan entails so that you can protect your organization.
3 Areas of Salesforce Business Continuity
Organizations rely on Salesforce because of its robust security and resilience. However, many don’t realize that Salesforce operates under the Shared Responsibility Model so don’t understand that the customer is responsible for protecting data stored in the cloud, including recovering data that has been deleted or corrupted. This is why organizations must have a BCP that covers their Salesforce data.
A BCP is not only vital, it is required for regulated entities. In addition, it is required to regularly exercise these plans. For example, NYDFS states that “Each covered entity shall periodically, but at a minimum annually, test its: (1) incident response and BCDR plans with all staff and management critical to the response, and shall revise the plan as necessary; and (2) ability to restore its critical data and information systems from backups.
A comprehensive Salesforce business continuity plan must address three key areas, including the following:
Data Backup
The cornerstone of any business continuity plan is a comprehensive backup and recovery strategy. In the context of Salesforce, this means securing a copy of all of your CRM data, including customer information, sales records, and communication logs.
Organizations rely on Salesforce for more than customer relationship management (CRM) such as delivering financial services (e.g., loans), healthcare (scheduling, prescriptions), government (many), and much more. When any of these organizations have a problem that impacts the availability or integrity of their Salesforce data, it can cause significant business disruption. The details of such disruption depends on the type of organization, but uniformly equates to intolerable impact on customers or constituents (financial, health, civil, etc.).
If you’re operating in the healthcare industry, comprehensive backup is particularly important for PHI and other sensitive data, like healthcare records–especially since HIPAA compliance and other regulations depend on maintaining secure and accessible backups. Financial services and the public sector can also find their Salesforce data under the compliance microscope, further emphasizing the importance of a robust Salesforce backup and recovery solution.
Protecting your data with a comprehensive Salesforce backup and recovery solution allows you to bounce back in the event of a data loss or corruption. For instance, if you implement 24-hour backups, you’ll never be at risk of losing more than one day’s worth of information. While you can deploy a broader backup protocol, it is generally not advised, as you’ll stand to lose much more information.
Disaster Recovery
Disaster recovery is an important function of business continuity, but these two areas are not the same. Disaster recovery focuses on restoring your Salesforce operations after a disruptive event. Your strategy should outline what to do immediately after a disaster to minimize downtime and operational impact.
A well-crafted disaster recovery plan for Salesforce should include details such as recovery time objectives (RTOs), recovery point objectives (RPOs), and the roles and responsibilities of each member during the process.
Moreover, you’ll need to train your staff on recovery and response protocols. Make sure that everyone knows what their job is during a Salesforce disaster recovery event. You can’t afford to waste any time, as every minute that passes can translate to thousands in profit losses.
Learn more about disaster recovery:
- What is Disaster Recovery and How to Plan
- Difference Between Business Continuity and Disaster Recovery?
- 8 Essential Items to Consider in a Disaster Recovery Plan
- Data Recovery Readiness and Response (DR3™) for SaaS
Data Availability
The third phase of Salesforce business continuity involves ensuring data availability. Restoring lost files will not do much good if your team can’t readily access the data. Adopting a high availability configuration and investing in segregated backups are key parts of making data readily accessible.
This phase of the recovery process aims to ensure your system remains operational, even in a reduced capacity. Slowed productivity is far better than a complete shutdown.
How to Create a Business Continuity Plan Around These 3 Areas
As you begin building your Salesforce business continuity plan, make sure to:
Identify Critical Data
Step one to Salesforce business continuity involves identifying the information that is crucial for your business operations. Ask yourself, “What information do I need to perform everyday tasks?” Also, remember that not all data you’ve stored holds the same value to your business. That’s why it’s important to identify which records are vital. Some examples include customer contact information, ongoing sales negotiations, and service contracts.
During this process, make an effort to omit any low-value data, such as:
- Duplicate Records: Outdated or duplicate records don’t need to be prioritized
- Test Data: Entries created for testing purposes are also of little value
- Unused Custom Fields: Ignore custom fields created for old projects
- Low-Value Activity Logs: Detailed logs of minor activities, such as email open records
- Debug Files: Can add up over time, especially in development or testing environments
- Non-Actionable Reports and Dashboards: Reports created for one-time use don’t need backing up
- Excessive Email Templates: Purge old email templates that no longer fit your brand voice
Backing up your data is a huge undertaking. By deleting or archiving these obsolete pieces of information, you can streamline backup and recovery processes, saving time and resources.
Understand How That Data Impacts Your Business
After you’ve gotten a lay of the land, consider how each type of information would impact your business. This involves understanding the workflows and processes that depend on this data. For instance, losing access to current sales opportunities could stall your sales pipeline, affecting revenue.
By mapping the impacts of each set of information, you can better understand the potential risks and prepare accordingly. Again, you should only be exploring these scenarios as they pertain to high-value data. You need not address the junk information you purged during the previous step.
Define Your Business Continuity Solutions
You can now define the solutions that will form your Salesforce business continuity plan. This includes deciding on backup frequencies, selecting a disaster recovery solution that meets your RTO and RPO objectives, and implementing high availability configurations to ensure data accessibility. It’s also important to consider the solution’s capabilities around proactive data monitoring, and customizing alerts to fit your organizational priorities and compliance requirements. Tailoring these solutions to your specific needs is crucial for effective business continuity.
For many organizations, bringing in a third-party consultant and Salesforce backup provider offers the most pragmatic solution. Partners like Own will help you assess your threat landscape and prioritize resources that will best protect your operations. Moreover, our team offers hands-on recovery services designed to get your business back up and running fast following a data loss event.
Testing and Enforcement of Your Business Continuity Plan
The final and perhaps most crucial step involves testing and enforcing your business continuity plan. Regularly testing the plan by simulating disaster scenarios helps identify any weaknesses or gaps that need addressing. This ensures your plan is up to date while also helping familiarize your team with the procedures, making them more effective in an actual disaster situation.
No matter how much you trust your team, you never want to assume that they know what to do in a critical incident. Testing vets their capabilities and reveals what areas of your strategy need work. If you ever face a real-life data loss, you’ll enjoy peace of mind knowing that your team has been equipped to navigate the incident. Own’s Data Recovery Readiness & Response (DR3™) methodology makes it easy for organizations to regularly assess and test their Salesforce business continuity plan, making the necessary improvements before it’s too late.
An example of a Salesforce Business Continuity test would be to simulate a data loss (where data is deleted) and data corruption (where data is updated). Then, using the current backup you have in place, retrieve the lost and corrupted data, and insert that data back into Salesforce. Make note of how much data was lost (your RPO) and how long did it take to recover your data back into Salesforce (your RTO). Running these tests regularly will ensure that your company is equipped and able to handle different disaster scenarios.
Important Questions About Business Continuity Plans
During times of uncertainty, it’s crucial to have a business continuity plan in place that will allow your company to operate and remain as resilient as possible. Let’s answer a few questions you might be asking yourself about business continuity.
How does business continuity planning work? The act of business continuity planning involves pro-actively defining the process that your company would undertake in order to deal with potential threats that may affect a company’s means to operate effectively.
Does your company need a business continuity plan for Salesforce? In almost all cases - YES! One recent example is an information system company whose business continuity plan we helped get back on track. The company manages six Salesforce Clouds on one org and has a large, global partner community. With only the Weekly Export as a backup solution, the company was unknowingly putting their operations and customer experience at high risk.
Could you imagine most of your operations being down for seven days? On May 17th 2019, during a service disruption, the aforementioned company was unable to access their most recent data for seven days. Even more disruptive, was the fact that they were unable to run the six cloud integrations multiple departments relied on to do their jobs and service customers for that same amount of time.
Now that we have reviewed the foundational questions, we have put together a list of specific questions about operational resources to help you with your planning.
Important Questions to Identify Required Operational Resources
An important step in business continuity is determining your company’s required operational resources. Personnel and infrastructure (both SaaS and physical) are usually the most important resources for companies. Critical personnel, like your Salesforce operations team, should include those who are required to maintain operations within your company’s infrastructure. Some questions you should be asking yourself when defining these requirements are:
- What is the minimum number of personnel required to continue operations?
- Do enough personnel have critical skills or knowledge, or should others be hired or trained in the event of an emergency?
- Are your critical personnel aware of his or her role in the case of a disaster?
- Which parts of your infrastructure are prone to disaster?
- Which buildings or locations are required to be active during a disaster?
- What network and infrastructure components are required to meet your SLAs?
- For SaaS-specific applications, are your employees able to access and manage remotely?
How does the Salesforce platform fit into a business continuity plan? Numerous companies rely on Salesforce to keep track of their critical business data. Most companies could not maintain business continuity if they lost their most critical Salesforce data, which included things like customer information, accounts, opportunities, and contracts.
If you’ve identified Salesforce as a critical component of your business, then it’s important to define your disaster recovery plan to account for any Salesforce data loss or data corruption.
Important Questions to Help Create a Disaster Recovery Plan
As you develop your disaster recovery plan, make sure you answer the following questions:
- What are our company’s SLA requirements to our customers?
- What are the areas of the business that need to be recovered, including personnel as well as physical and SaaS infrastructure?
- What is our necessary Recovery Time Objective (RTO) and Recovery Point Objective (RPO)?
- What is RTO and RPO and why does it matter for companies on the Salesforce platform?
Recovery Time Objective is the amount of time it will take your company to recover from a disaster.
Recovery Point Objective is the amount of data that your company is willing to lose in the case of a disaster.
A defined RTO and RPO will allow your company to set metrics to minimize downtime and data loss. If you are using the Weekly Export from Salesforce, your current RPO is one week. In other words, if you ran a Weekly Export on Sunday, and then the following Saturday you had a large data loss, you would only be able recover data in its state from six days prior. In this scenario, you would be unable to recover using the Weekly Export because it was not included in your latest backup. Own Continuous Data Protection pushes data changes to a backup as they happen, allowing businesses to capture changes in their data in near real-time, reducing RPO to near-zero.
A question you should be asking yourself right now is if you were to lose your Salesforce CRM data, how much data would be lost? In other words, when was the last time you backed up your data? Also, how much time will it take to get your backup data back into operation? Have you tried to recover using your Weekly Export files to test your RTO?
RTO and RPO is different for all types of companies, but it is important to define these requirements and incorporate these metrics into your overall business continuity plan.
Make Business Continuity a Reality with Own
Your Salesforce data is constantly changing and evolving, further emphasizing the importance of a trusted, reliable business continuity plan. With solutions like Own Recover, you can start proactively protecting your business against unanticipated disruptions with ease and peace of mind.
Ready to see the difference Continuous Data Protection, DR3™, Smart Alerts and more can make in your business continuity journey?