BCDR is a complimentary set of processes or techniques that are used to help a business recover from a disaster situation and resume normal business functions in a timely and efficient manner. Small to medium businesses will often have a combined plan, whereas larger organisations more often than not have separate BC and DR plans.
Business continuity planning involves the creation and design of policies and procedures that revolve around business operations. BCP is a generally more proactive and concentrates on what needs to be implemented to ensure that the business critical functions can be resumed in the event of a disaster.
Disaster recovery planning focuses more on the IT environment and defines the policies and processes that will be implemented by the IT department in recovering from a disaster. A disaster can range from unforeseen natural disasters to man-made disasters and human error. A disaster can be as simple as the loss of a business-critical system. It is important to note that having backups is not disaster recovery, but merely a possible element in a disaster recovery plan.
Business Continuity Plan
A business continuity plan can be broken down into 4 key steps.
Step 1 – Identify
- The business as a whole needs to analyse and identify the functions within the business and differentiate between critical and non-critical elements via a Business Impact Analysis (BIA).
- Develop BIA questionnaire
- Work with managers and key stakeholders on questionnaire completion
- Review BIA questionnaires
- Finalise BIA through follow-up interviews to avoid any information gaps
Step 2 – Analyse
- Identify and document all resource requirements
- Gap analysis between recovery requirements and current capabilities
- Recovery strategy options exploration and selection
- Implement strategies
Step 3 – Create
- Create plan framework
- Organise recovery teams
- Relocation plans if required
- Write BCP procedures
- Create manual workarounds
- Assemble complete plan and validate
Step 4 – Measure
- Develop testing exercises and maintenance
- Train relevant personnel
- Orientation exercises
- Run tests and document results
- Update BCP with findings
Disaster Recovery Plan
A disaster recovery plan can be analysed in 4 main stages outlined below. With the advent of cloud computing and the increase in cloud computing options from the main vendors, full IT disaster recovery has become much more affordable and attainable for businesses of any size. Site recovery no longer requires leasing of rackspace and the purchase of expensive redundant hardware. You can now replicate your systems to cloud based infrastructure for a fraction of the cost, with the real expense only arriving if you need to invoke DR, then only for the period of time until you can revert to your original production systems.
Step 1 – Mitigate
- Similar to BCP perform BIA from an IT perspective
- DRP can be expensive, where possible mitigate the potential for an outage to have a severe impact
- Ensure comprehensive backup and redundancy of systems where possible following the 3-2-1 rule
- Implement lessons learned from previous disruption and root cause analysis
Step 2 – Prepare
- Identify response teams for critical infrastructure and up skill where required
- Identify vendor preparedness and response capabilities
- Fully document environment
- Create DRP and implement/test
- Update DRP based on findings
Step 3 – Respond
- Implement DRP as soon as a disaster is reported/discovered
- Notify response teams, management, and stakeholders
- Contact vendors if required in line with SLAs
- Notify staff of envisioned timelines in line with RPO and RTO etc.
Step 4 – Recover
- Recover critical systems in line with the plan
- Ensure user access and functionality
- Monitor recovered systems
- Revert systems if possible based on DRP
To find about more about our Disaster Recovery and Business Continuity services email firstname.lastname@example.org or call 01 500 9001.