- Artificial Intelligence
- Generative AI
- Business Operations
- Cloud Computing
- Data Center
- Data Management
- Emerging Technology
- Enterprise Applications
- IT Leadership
- Digital Transformation
- IT Strategy
- IT Management
- Diversity and Inclusion
- IT Operations
- Project Management
- Software Development
- Vendors and Providers
- United States
- Middle East
- Italia (Italy)
- United Kingdom
- New Zealand
- Leadership IT
- Trasformazione digitale
- Intelligenza artificiale
- Carriere in Foundry
- Politica sulla privacy
- Gestione dei cookie
- Preferenze degli utenti
- A proposito di AdChoices
- I tuoi diritti alla privacy in California
La nostra rete
- Network World
How to create an effective business continuity plan
A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood or cyberattack. Here's how to create one that gives your business the best chance of surviving such an event.
We rarely get advance notice that a disaster is ready to strike. Even with some lead time, though, multiple things can go wrong; every incident is unique and unfolds in unexpected ways.
This is where a business continuity plan comes into play. To give your organization the best shot at success during a disaster, you need to put a current, tested plan in the hands of all personnel responsible for carrying out any part of that plan. The lack of a plan doesn’t just mean your organization will take longer than necessary to recover from an event or incident. You could go out of business for good.
What is business continuity?
Business continuity refers to maintaining business functions or quickly resuming them in the event of a major disruption, whether caused by a fire, flood or malicious attack by cybercriminals. A business continuity plan outlines procedures and instructions an organization must follow in the face of such disasters; it covers business processes, assets, human resources, business partners and more.
Many people think a disaster recovery plan is the same as a business continuity plan, but a disaster recovery plan focuses mainly on restoring an IT infrastructure and operations after a crisis. It’s actually just one part of a complete business continuity plan, as a business continuity plan looks at the continuity of the entire organization.
Do you have a way to get HR, manufacturing and sales and support functionally up and running so the company can continue to make money right after a disaster? For example, if the building that houses your customer service representatives is flattened by a tornado, do you know how those reps can handle customer calls? Will they work from home temporarily, or from an alternate location? The BC plan addresses these types of concerns.
Note that a business impact analysis is another part of a business continuity plan. A business impact analysis identifies the impact of a sudden loss of business functions, usually quantified in a cost. Such analysis also helps you evaluate whether you should outsource non-core activities in your business continuity plan, which can come with its own risks. The business impact analysis essentially helps you look at your entire organization’s processes and determine which are most important.
Why business continuity planning matters
Whether you operate a small business or a large corporation, you strive to remain competitive. It’s vital to retain current customers while increasing your customer base — and there’s no better test of your capability to do so than right after an adverse event.
Because restoring IT is critical for most companies, numerous disaster recovery solutions are available. You can rely on IT to implement those solutions. But what about the rest of your business functions? Your company’s future depends on your people and processes. Being able to handle any incident effectively can have a positive effect on your company’s reputation and market value, and it can increase customer confidence.
“There’s an increase in consumer and regulatory expectations for security today,” says Lorraine O’Donnell, global head of business continuity at Experian. “Organizations must understand the processes within the business and the impact of the loss of these processes over time. These losses can be financial, legal, reputational and regulatory. The risk of having an organization’s “license to operate” withdrawn by a regulator or having conditions applied (retrospectively or prospectively) can adversely affect market value and consumer confidence. Build your recovery strategy around the allowable downtime for these processes.”
Anatomy of a business continuity plan
If your organization doesn’t have a business continuity plan in place, start by assessing your business processes, determining which areas are vulnerable, and the potential losses if those processes go down for a day, a few days or a week. This is essentially a business impact analysis.
Next, develop a plan. This involves six general steps:
- Identify the scope of the plan.
- Identify key business areas.
- Identify critical functions.
- Identify dependencies between various business areas and functions.
- Determine acceptable downtime for each critical function.
- Create a plan to maintain operations.
One common business continuity planning tool is a checklist that includes supplies and equipment, the location of data backups and backup sites, where the plan is available and who should have it, and contact information for emergency responders, key personnel and backup site providers.
Remember that the disaster recovery plan is part of the business continuity plan, so developing a disaster recovery plan if you don’t already have one should be part of your process. And if you do already have a disaster recovery plan, don’t assume that all requirements have been factored in, O’Donnell warns. You need to be sure that restoration time is defined and “make sure it aligns with business expectations.”
As you create your plan, consider interviewing key personnel in organizations who have gone through a disaster successfully. People generally like to share “war stories” and the steps and techniques (or clever ideas) that saved the day. Their insights could prove incredibly valuable in helping you to craft a solid plan.
The importance of testing your business continuity plan
Testing a plan is the only way to truly know it will work, says O’Donnell. “Obviously, a real incident is a true test and the best way to understand if something works. However, a controlled testing strategy is much more comfortable and provides an opportunity to identify gaps and improve.”
You have to rigorously test a plan to know if it’s complete and will fulfill its intended purpose. In fact, O’Donnell suggests you try to break it. “Don’t go for an easy scenario; always make it credible but challenging. This is the only way to improve. Also, ensure the objectives are measurable and stretching. Doing the minimum and ‘getting away with it’ just leads to a weak plan and no confidence in a real incident.”
Many organizations test a business continuity plan two to four times a year. The schedule depends on your type of organization, the amount of turnover of key personnel and the number of business processes and IT changes that have occurred since the last round of testing.
Common tests include tabletop exercises , structured walk-throughs and simulations. Test teams are usually composed of the recovery coordinator and members from each functional unit.
A tabletop exercise usually occurs in a conference room with the team poring over the plan, looking for gaps and ensuring that all business units are represented therein.
In a structured walk-through, each team member walks through his or her components of the plan in detail to identify weaknesses. Often, the team works through the test with a specific disaster in mind. Some organizations incorporate drills and disaster role-playing into the structured walk-through. Any weaknesses should be corrected and an updated plan distributed to all pertinent staff.
It’s also a good idea to conduct a full emergency evacuation drill at least once a year. This type of test lets you determine if you need to make special arrangements to evacuate staff members who have physical limitations.
Lastly, disaster simulation testing can be quite involved and should be performed annually. For this test, create an environment that simulates an actual disaster, with all the equipment, supplies and personnel (including business partners and vendors) who would be needed. The purpose of a simulation is to determine if you can carry out critical business functions during the event.
During each phase of business continuity plan testing, include some new employees on the test team. “Fresh eyes” might detect gaps or lapses of information that experienced team members could overlook.
Review and improve your business continuity plan
Much effort goes into creating and initially testing a business continuity plan. Once that job is complete, some organizations let the plan sit while other, more critical tasks get attention. When this happens, plans go stale and are of no use when needed.
Technology evolves, and people come and go, so the plan needs to be updated, too. Bring key personnel together at least annually to review the plan and discuss any areas that must be modified.
Prior to the review, solicit feedback from staff to incorporate into the plan. Ask all departments or business units to review the plan, including branch locations or other remote units. If you’ve had the misfortune of facing a disaster and had to put the plan into action, be sure to incorporate lessons learned. Many organizations conduct a review in tandem with a table-top exercise or structured walk-through.
How to ensure business continuity plan support, awareness
One way to ensure your plan is not successful is to adopt a casual attitude toward its importance. Every business continuity plan must be supported from the top down. That means senior management must be represented when creating and updating the plan; no one can delegate that responsibility to subordinates. In addition, the plan is likely to remain fresh and viable if senior management makes it a priority by dedicating time for adequate review and testing.
Management is also key to promoting user awareness. If employees don’t know about the plan, how will they be able to react appropriately when every minute counts? Although plan distribution and training can be conducted by business unit managers or HR staff, have someone from the top kick off training and punctuate its significance. It’ll have a greater impact on all employees, giving the plan more credibility and urgency.
10 essential tips for bolstering cloud security in your business, it leader’s survival guide: 8 tips to thrive in the years ahead, employee engagement: 10 best practices for improving your culture, the raci matrix: your blueprint for project success, dai nostri redattori direttamente nella vostra casella di posta, show me more, low-code: an accelerator for digital transformation.
How AI can drive efficiencies in your supply chain
Burnout: An IT epidemic in the making
CIO Leadership Live UK with Richard Corbridge, Director General, CDIO, DWP Digital
CIO Leadership Live Canada with Manas Khanna, AVP and Global Technology Operations, Univeris
CIO Leadership Live India with R Ramasubramaniam, CIO & CTO, TTK Prestige
Navigating the AI Landscape: Where to Invest to Realize the Greatest Gains
CIO Middle East Promotion: Vendor interview – AMD
CIO Middle East Promotion: Vendor interview – CommScope
- Leverage 25 years of AWS developing AI to advance your team’s knowledge.
- Dynamically configure cloud interconnectivity in minutes—Find Out How
- AI-based health tech accelerates with digital infrastructure—Watch Now
- EcoStruxure™ IT redefines hybrid IT infrastructure management
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Business Continuity Planning
Organize a business continuity team and compile a business continuity plan to manage a business disruption. Learn more about how to put together and test a business continuity plan with the videos below.
Business Continuity Plan Supporting Resources
- Business Continuity Plan Situation Manual
- Business Continuity Plan Test Exercise Planner Instructions
- Business Continuity Plan Test Facilitator and Evaluator Handbook
Business Continuity Training Videos
Business Continuity Training Introduction
An overview of the concepts detailed within this training. Also, included is a humorous, short video that introduces viewers to the concept of business continuity planning and highlights the benefits of having a plan. Two men in an elevator experience a spectrum of disasters from a loss of power, to rain, fire, and a human threat. One man is prepared for each disaster and the other is not.
View on YouTube
Business Continuity Training Part 1: What is Business Continuity Planning?
An explanation of what business continuity planning means and what it entails to create a business continuity plan. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about what business continuity planning means to them.
Business Continuity Training Part 2: Why is Business Continuity Planning Important?
An examination of the value a business continuity plan can bring to an organization. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about how business continuity planning has been valuable to them.
Business Continuity Training Part 3: What's the Business Continuity Planning Process?
An overview of the business continuity planning process. This segment also incorporates an interview with a company about its process of successfully implementing a business continuity plan.
Business Continuity Training Part 3: Planning Process Step 1
The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “prepare” to create a business continuity plan.
Business Continuity Training Part 3: Planning Process Step 2
The second of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “define” their business continuity plan objectives.
Business Continuity Training Part 3: Planning Process Step 3
The third of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “identify” and prioritize potential risks and impacts.
Business Continuity Training Part 3: Planning Process Step 4
The fourth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “develop” business continuity strategies.
Business Continuity Training Part 3: Planning Process Step 5
The fifth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should define their “teams” and tasks.
Business Continuity Training Part 3: Planning Process Step 6
The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “test” their business continuity plans.
Last Updated: 09/13/2023
Return to top
Home > Learning Center > Business continuity planning (BCP)
Business continuity planning (bcp), what is business continuity.
In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures.
The core of this concept is the business continuity plan — a defined strategy that includes every facet of your organization and details procedures for maintaining business availability.
Start with a business continuity plan
Business continuity management starts with planning how to maintain your critical functions (e.g., IT, sales and support) during and after a disruption.
A business continuity plan (BCP) should comprise the following element
1. Threat Analysis
The identification of potential disruptions, along with potential damage they can cause to affected resources. Examples include:
2. Role assignment
Every organization needs a well-defined chain of command and substitute plan to deal with absence of staff in a crisis scenario. Employees must be cross-trained on their responsibilities so as to be able to fill in for one another.
Internal departments (e.g., marketing, IT, human resources) should be broken down into teams based on their skills and responsibilities. Team leaders can then assign roles and duties to individuals according to your organization’s threat analysis.
A communications strategy details how information is disseminated immediately following and during a disruptive event, as well as after it has been resolved.
Your strategy should include:
- Methods of communication (e.g., phone, email, text messages)
- Established points of contact (e.g., managers, team leaders, human resources) responsible for communicating with employees
- Means of contacting employee family members, media, government regulators, etc.
From electrical power to communications and data, every critical business component must have an adequate backup plan that includes:
- Data backups to be stored in different locations. This prevents the destruction of both the original and backup copies at the same time. If necessary, offline copies should be kept as well.
- Backup power sources, such as generators and inverters that are provisioned to deal with power outages.
- Backup communications (e.g., mobile phones and text messaging to replace land lines) and backup services (e.g., cloud email services to replace on-premise servers).
Load balancing business continuity
Load balancing maintains business continuity by distributing incoming requests across multiple backend servers in your data center. This provides redundancy in the event of a server failure, ensuring continuous application uptime.
In contrast to the reactive measures used in failover and disaster recovery (described below) load balancing is a preventative measure. Health monitoring tracks server availability, ensuring accurate load distribution at all times—including during disruptive events.
Disaster recovery plan (DCP) – Your second line of defense
Even the most carefully thought out business continuity plan is never completely foolproof. Despite your best efforts, some disasters simply cannot be mitigated. A disaster recovery plan (DCP) is a second line of defense that enables you to bounce back from the worst disruptions with minimal damage.
As the name implies, a disaster recovery plan deals with the restoration of operations after a major disruption. It’s defined by two factors: RTO and RPO .
- Recovery time objective (RTO) – The acceptable downtime for critical functions and components, i.e., the maximum time it should take to restore services. A different RTO should be assigned to each of your business components according to their importance (e.g., ten minutes for network servers, an hour for phone systems).
- Recovery point objective (RPO) – The point to which your state of operations must be restored following a disruption. In relation to backup data, this is the oldest age and level of staleness it can have. For example, network servers updated hourly should have a maximum RPO of 59 minutes to avoid data loss.
Deciding on specific RTOs and RPOs helps clearly show the technical solutions needed to achieve your recovery goals. In most cases the decision is going to boil down to choosing the right failover solution.
See how Imperva Load Balancer can help you with business continuity planning.
Choosing the right failover solutions
Failover is the switching between primary and backup systems in the event of failure, outage or downtime. It’s the key component of your disaster recovery and business continuity plans.
A failover system should address both RTO and RPO goals by keeping backup infrastructure and data at the ready. Ideally, your failover solution should seamlessly kick in to insulate end users from any service degradation.
When choosing a solution, the two most important aspects to consider are its technological prowess and its service level agreement (SLA). The latter is often a reflection of the former.
For an IT organization charged with the business continuity of a website or web application, there are three failover options:
- Hardware solutions – A separate set of servers, set up and maintained internally, are kept on-premise to come online in the event of failure. However, note that keeping such servers at the same location makes them potentially susceptible to being taken down by the same disaster/disturbance.
- DNS services – DNS services are often used in conjunction with hardware solutions to redirect traffic to a backup server(s) at an external data center. A downside of this setup includes TTL-related delays that can prevent seamless disaster recovery. Additionally, managing both DNS and internal data center hardware failover solutions is time consuming and complicated.
- On-edge services – On-edge failover is a managed solution operating from off-prem (e.g., from the CDN layer). Such solutions are more affordable and, most importantly, have no TTL reliance, resulting in near-instant failover that allows you to meet the most aggressive RTO goals.
- Regulation & Compliance
Protect Against Business Logic Abuse
Identify key capabilities to prevent attacks targeting your business logic
The 10th Annual Bad Bot Report
The evolution of malicious automation over the last decade
The State of Security Within eCommerce in 2022
Learn how automated threats and API attacks on retailers are increasing
Prevoty is now part of the Imperva Runtime Protection
Protection against zero-day attacks
No tuning, highly-accurate out-of-the-box
Effective against OWASP top 10 vulnerabilities
An Imperva security specialist will contact you shortly.
Top 3 US Retailer
Disaster recovery (DR) consists of IT technologies and best practices designed to prevent or minimize data loss and business disruption resulting from catastrophic events—everything from equipment failures and localized power outages to cyberattacks, civil emergencies, criminal or military attacks, and natural disasters.
Many businesses—especially small- and mid-sized organizations—neglect to develop a reliable, practicable disaster recovery plan. Without such a plan, they have little protection from the impact of significantly disruptive events.
Infrastructure failure can cost as much as USD 100,000 per hour (link resides outside IBM), and critical application failure costs can range from USD 500,000 to USD 1 million per hour. Many businesses cannot recover from such losses. More than 40% of small businesses will not re-open after experiencing a disaster, and among those that do, an additional 25% will fail within the first year after the crisis. Disaster recovery planning can dramatically reduce these risks.
Disaster recovery planning involves strategizing, planning, deploying appropriate technology, and continuous testing. Maintaining backups of your data is a critical component of disaster recovery planning, but a backup and recovery process alone does not constitute a full disaster recovery plan.
Disaster recovery also involves ensuring that adequate storage and compute is available to maintain robust failover and failback procedures. Failover is the process of offloading workloads to backup systems so that production processes and end-user experiences are disrupted as little as possible. Failback involves switching back to the original primary systems.
Read our article to learn more information about the important distinction between backup and disaster recovery planning .
Business continuity planning creates systems and processes to ensure that all areas of your enterprise will be able to maintain essential operations or be able to resume them as quickly as possible in the event of a crisis or emergency. Disaster recovery planning is the subset of business continuity planning that focuses on recovering IT infrastructure and systems.
Business impact analysis
The creation of a comprehensive disaster recovery plan begins with business impact analysis. When performing this analysis, you’ll create a series of detailed disaster scenarios that can then be used to predict the size and scope of the losses you’d incur if certain business processes were disrupted. What if your customer service call center was destroyed by fire, for instance? Or an earthquake struck your headquarters?
This will allow you to identify the areas and functions of the business that are the most critical and enable you to determine how much downtime each of these critical functions could tolerate. With this information in hand, you can begin to create a plan for how the most critical operations could be maintained in various scenarios.
IT disaster recovery planning should follow from and support business continuity planning. If, for instance, your business continuity plan calls for customer service representatives to work from home in the aftermath of a call center fire, what types of hardware, software, and IT resources would need to be available to support that plan?
Assessing the likelihood and potential consequences of the risks your business faces is also an essential component of disaster recovery planning. As cyberattacks and ransomware become more prevalent, it’s critical to understand the general cybersecurity risks that all enterprises confront today as well as the risks that are specific to your industry and geographical location.
For a variety of scenarios, including natural disasters, equipment failure, insider threats, sabotage, and employee errors, you’ll want to evaluate your risks and consider the overall impact on your business. Ask yourself the following questions:
- What financial losses due to missed sales opportunities or disruptions to revenue-generating activities would you incur?
- What kinds of damage would your brand’s reputation undergo? How would customer satisfaction be impacted?
- How would employee productivity be impacted? How many labor hours might be lost?
- What risks might the incident pose to human health or safety?
- Would progress towards any business initiatives or goals be impacted? How?
Not all workloads are equally critical to your business’s ability to maintain operations, and downtime is far more tolerable for some applications than it is for others. Separate your systems and applications into three tiers, depending on how long you could stand to have them be down and how serious the consequences of data loss would be.
- Mission-critical: Applications whose functioning is essential to your business’s survival.
- Important: Applications for which you could tolerate relatively short periods of downtime.
- Non-essential: Applications you could temporarily replace with manual processes or do without.
The next step in disaster recovery planning is creating a complete inventory of your hardware and software assets. It’s essential to understand critical application interdependencies at this stage. If one software application goes down, which others will be affected?
Designing resiliency—and disaster recovery models—into systems as they are initially built is the best way to manage application interdependencies. It’s all too common in today’s microservices -based architectures to discover processes that can’t be initiated when other systems or processes are down, and vice versa. This is a challenging situation to recover from, and it’s vital to uncover such problems when you have time to develop alternate plans for your systems and processes—before an actual disaster strikes.
Establishing recovery time objectives, recovery point objectives, and recovery consistency objectives
By considering your risk and business impact analyses, you should be able to establish objectives for how long you’d need it to take to bring systems back up, how much data you could stand to use, and how much data corruption or deviation you could tolerate.
Your recovery time objective (RTO) is the maximum amount of time it should take to restore application or system functioning following a service disruption.
Your recovery point objective (RPO) is the maximum age of the data that must be recovered in order for your business to resume regular operations. For some businesses, losing even a few minutes’ worth of data can be catastrophic, while those in other industries may be able to tolerate longer windows.
A recovery consistency objective (RCO) is established in the service-level agreement (SLA) for continuous data protection services. It is a metric that indicates how many inconsistent entries in business data from recovered processes or systems are tolerable in disaster recovery situations, describing business data integrity across complex application environments.
Regulatory compliance issues
All disaster recovery software and solutions that your enterprise have established must satisfy any data protection and security requirements that you’re mandated to adhere to. This means that all data backup and failover systems must be designed to meet the same standards for ensuring data confidentiality and integrity as your primary systems.
At the same time, several regulatory standards stipulate that all businesses must maintain disaster recovery and/or business continuity plans. The Sarbanes-Oxley Act (SOX), for instance, requires all publicly held firms in the U.S. to maintain copies of all business records for a minimum of five years. Failure to comply with this regulation (including neglecting to establish and test appropriate data backup systems) can result in significant financial penalties for companies and even jail time for their leaders.
Backups serve as the foundation upon which any solid disaster recovery plan is built. In the past, most enterprises relied on tape and spinning disks (HDD) for backups, maintaining multiple copies of their data and storing at least one at an offsite location.
In today’s always-on digitally transforming world, tape backups in offsite repositories often cannot achieve the RTOs necessary to maintain business-critical operations. Architecting your own disaster recovery solution involves replicating many of the capabilities of your production environment and will require you to incur costs for support staff, administration, facilities, and infrastructure. For this reason, many organizations are turning to cloud-based backup solutions or full-scale Disaster-Recovery-as-a-Service (DRaaS) providers.
Choosing recovery site locations
Building your own disaster recovery data center involves balancing several competing objectives. On the one hand, a copy of your data should be stored somewhere that’s geographically distant enough from your headquarters or office locations that it won’t be affected by the same seismic events, environmental threats, or other hazards as your main site. On the other hand, backups stored offsite always take longer to restore from than those located on-premises at the primary site, and network latency can be even greater across longer distances.
Continuous testing and review
Simply put, if your disaster recovery plan has not been tested, it cannot be relied upon. All employees with relevant responsibilities should participate in the disaster recovery test exercise, which may include maintaining operations from the failover site for a period of time.
If performing comprehensive disaster recovery testing is outside your budget or capabilities, you can also schedule a “tabletop exercise” walkthrough of the test procedures, though you should be aware that this kind of testing is less likely to reveal anomalies or weaknesses in your DR procedures—especially the presence of previously undiscovered application interdependencies—than a full test.
As your hardware and software assets change over time, you’ll want to be sure that your disaster recovery plan gets updated as well. You’ll want to periodically review and revise the plan on an ongoing basis.
The IBM Knowledge Center provides an example of a disaster recovery plan .
Disaster-Recovery-as-a-Service (DRaaS) is one of the most popular and fast-growing managed IT service offerings available today. Your vendor will document RTOs and RPOs in a service-level agreement (SLA) that outlines your downtime limits and application recovery expectations.
DRaaS vendors typically provide cloud-based failover environments. This model offers significant cost savings compared with maintaining redundant dedicated hardware resources in your own data center. Contracts are available in which you pay a fee for maintaining failover capabilities plus the per-use costs of the resources consumed in a disaster recovery situation. Your vendor will typically assume all responsibility for configuring and maintaining the failover environment.
Disaster recovery service offerings differ from vendor to vendor. Some vendors define their offering as a comprehensive, all-in-one solution, while others offer piecemeal services ranging from single application restoration to full data center replication in the cloud. Some offerings may include disaster recovery planning or testing services, while others will charge an additional consulting fee for these offerings.
Be sure that any enterprise software applications you rely on are supported, as are any public cloud providers that you’re working with. You’ll also want to ensure that application performance is satisfactory in the failover environment, and that the failover and failback procedures have been well tested.
If you have already built an on-premises disaster recovery (DR) solution, it can be challenging to evaluate the costs and benefits of maintaining it versus moving to a monthly DRaaS subscription instead.
Most on-premises DR solutions will incur costs for hardware, power, labor for maintenance and administration, software, and network connectivity. In addition to the upfront capital expenditures involved in the initial setup of your DR environment, you’ll need to budget for regular software upgrades. Because your DR solution must remain compatible with your primary production environment, you’ll want to ensure that your DR solution has the same software versions. Depending upon the specifics of your licensing agreement, this might effectively double your software costs.
Not only can moving to a DRaaS subscription reduce your hardware and software expenditures, it can lower your labor costs by moving the burden of maintaining the failover site to the vendor.
If you’re considering third-party DRaaS solutions, you’ll want to make sure that the vendor has the capacity for cross-regional multi-site backups. If a significant weather event like a hurricane impacted your primary office location, would the failover site be far enough away to remain unaffected by the storm? Also, would the vendor have adequate capacity to meet the combined needs of all its customers in your area if many were impacted at the same time? You’re trusting your DRaaS vendor to meet RTOs and RPOs in times of crisis, so look for a service provider with a strong reputation for reliability.
Read “ Disaster Recovery as a Service (DRaaS) vs. Disaster Recovery (DR): Which Do You Need? ” for a comparative overview of both solutions.
Protect your data with a cloud disaster recovery plan.
Achieve RPO in seconds and RTO in minutes, with an easy-to-deploy and scalable data-protection solution.
Run smoother with deployment options for every workload. Our network is resilient, redundant, highly available.
Disaster recovery solutions based in the IBM Cloud are resilient and reliable. You can provision a failover site in any of the more than 60 data centers located in six regions and in 18 global availability zones for low latency and in order to meet geographically-specific business requirements.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Business continuity and disaster recovery
- 7 contributors
Organization and enterprise application workloads have recovery time objective (RTO) and recovery point objective (RPO) requirements. Effective business continuity and disaster recovery (BCDR) design provides platform-level capabilities that meet these requirements. To design BCDR capabilities, capture platform disaster recovery (DR) requirements.
Consider the following factors when designing BCDR for application workloads:
Application and data availability requirements:
- RTO and RPO requirements for each workload.
- Support for active-active and active-passive availability patterns.
BCDR as a service for platform-as-a-service (PaaS) services:
- Native DR and high-availability (HA) feature support.
- Geo-replication and DR capabilities for PaaS services.
Support for multiregion deployments for failover, with component proximity for performance.
Application operations with reduced functionality or degraded performance during an outage.
Workload suitability for Availability Zones or availability sets:
- Data sharing and dependencies between zones.
- Availability Zones compared to availability sets impact on update domains.
- Percentage of workloads that can be under maintenance simultaneously.
- Availability Zones support for specific virtual machine (VM) stock-keeping units (SKUs). For example, Azure Ultra Disk Storage requires using Availability Zones.
Consistent backups for applications and data:
- VM snapshots.
- Azure Backup Recovery Services vaults.
- Subscription limits restricting the number of Recovery Services vaults and the size of each vault.
Network connectivity if a failover occurs:
- Bandwidth capacity planning for Azure ExpressRoute.
- Traffic routing during a regional, zonal, or network outage.
Planned and unplanned failovers:
- IP address consistency requirements, and the potential need to maintain IP addresses after failover and failback.
- Maintaining engineering DevOps capabilities.
- Azure Key Vault DR for application keys, certificates, and secrets.
The following design practices support BCDR for application workloads:
Employ Azure Site Recovery for Azure-to-Azure VM DR scenarios.
Site Recovery uses real-time replication and recovery automation to replicate workloads across regions. Built-in platform capabilities for VM workloads meet low RPO and RTO requirements. You can use Site Recovery to run recovery drills without affecting production workloads. You can also use Azure Policy to enable replication and to audit VM protection.
Use native PaaS DR capabilities.
Built-in PaaS features simplify both design and deployment automation for replication and failover in workload architectures. Organizations that define service standards can also audit and enforce the service configuration through Azure Policy.
Use Azure-native backup capabilities.
Azure Backup and PaaS-native backup features remove the need for third-party backup software and infrastructure. As with other native features, you can set, audit, and enforce backup configurations with Azure Policy to ensure compliance with organization requirements.
Use multiple regions and peering locations for ExpressRoute connectivity.
A redundant hybrid network architecture can help ensure uninterrupted cross-premises connectivity if an outage affects an Azure region or peering provider location.
Avoid using overlapping IP address ranges in production and DR networks.
Production and DR networks that have overlapping IP addresses require a failover process that can complicate and delay application failover. When possible, plan for a BCDR network architecture that provides concurrent connectivity to all sites.
Submit and view feedback for
Building an Effective Information Security Program with Business Continuity and Disaster Recovery
In this space, we have covered different ways to build an Information Security program utilizing a defense-in-depth approach. The previous articles identified ways to quickly protect your program in a significant manner as well as planning on how to better secure for the future. Unfortunately, zero-day attacks , nation state and APT actors , human error, and IT sprawl continually add complexity, cost, and chaos to protecting your environment.
If the protections that have been put in place fail, the final stop gap in protecting the business is your Business Continuity (BC), Disaster Recovery (DR), Incident Response Plan (IRP).
As these plans are created, keep in mind things like recovery time objective (RTO) and recovery point objective (RPO). RTO is the maximum length of time that an organization expects to return to normal operations after an outage. RPO on the other hand is the maximum amount of data loss the organization can handle.
- Business Continuity focuses on keeping an organization operational during a disaster
- Disaster Recovery for restoring data access and IT infrastructure
- Incident Response Plan everything you would do in an incident kept in a manner accessible when systems are down such as redundant, encrypted USB’s.
The next steps should include identifying critical data and systems that need to be protected, determining the appropriate method for backing up these systems, as well as a routine schedule of creating and testing backups.
There are many different types of backups that can be performed based on how long the data will be stored, how quickly it would need to be recovered, and RTO/RPO.
Cloud backup systems typically offer 3 tiers of backup site based on how they are prepared and how quickly they need to be operational. An ‘ air-gapped ‘ backup is completely disconnected from the network so that it is not impacted by any disaster.
Now that you have a plan and backups are being performed, there’s still the final step of routine testing of backup files to ensure that you can restore essential data when it’s needed.
“If you fail to plan, you are planning to fail!”
― benjamin franklin.
Want the best safety information delivered to your inbox? Subscribe now to receive Spotlight on Safety featuring helpful safety tips, articles, videos, and more.
Creating and using an information security policy.
Cybersecurity detects and mitigates attacks against an organization such as phishing, hacking and malware. Information security on the other hand, creates the foundation to protect and prevent these attacks by providing the process and tools.
Are you thinking about Security Awareness Training?
This month we will look further into Security Awareness training. When creating a program or performing a refresh of the content, it’s important to cover the topics your organization will likely face.
4 Essential Best Practices for Disaster Recovery and Business Continuity
From cyberthreats to natural disasters, today’s businesses must prepare themselves for just about anything. Here are 3 best practices to follow.
Business continuity planning and disaster recovery planning are vital strategies for increasing your organisation’s resilience in the face of threats like natural disasters and data breaches.
While the two are often lumped together, and both share the long-term goal of keeping your business up and running during an incident, there are also some key differences to consider.
The main difference between business disaster recovery and business continuity planning is the scope. While disaster recovery focuses on the immediacy of a disaster, business continuity focuses on keeping critical business operations up and running before, during, and after an incident.
Despite these differences, both strategies are deeply connected and typically work in tandem. This is why it’s important to approach them as two separate, albeit related, disciplines under a unified operational and technological environment.
With that in mind, here are four essential best practices you should follow when building out your plans:
1. Monitor risk across your environment
Data is the lifeblood of modern business. Not only is it often the most valuable asset – it’s also the biggest source of risk. That’s even truer in the era of remote work, where more and more companies are defined by their digital footprints and the apps and data their employees use to perform their roles.
For an organisation to function through thick and thin, it’s vital that corporate data continue to flow smoothly at all times. That means it must be protected against threats like cyberattacks and unexpected service outages, while ensuring compliance with data protection regulations and company policy.
You can’t protect what you don’t know about, which is why all mission-critical systems require round-the-clock monitoring. You need to know where your data lives, which security controls and policies are in place to protect it, and who or what has access to it and when. Monitoring your entire technical supply chain is vital for delivering the insights you need to manage risk. Equipped with real-time information concerning the movement of data through your company, you can make optimisations that continuously improve your resilience.
2. Choose the right backup method
There are many backup methods to choose from. The time-honoured industry standard, and indeed the one recommended by the US Government, is the 3-2-1 backup strategy. The 3-2-1 method states that you should always have three copies of your data stored on two different types of media and one off-site copy.
However, as with most things in technology that were once ‘timeless’, a 3-2-1 backup method is simply no longer good enough. Moreover, it’s much less relevant in the age of the cloud, in which many companies don’t even use their own physical storage devices any more. Instead, it’s generally much better to focus on the number of offsite copies you have and where they’re located. For example, the 3-2-2 backup strategy includes a second off-site copy of your data, ideally located in a separate geographical region from the first. This is ideal for businesses that require a mix of local and cloud-based protection.
Availability is another vital metric to consider when formulating your backup strategy. Many backup solutions also feature automated rollovers. For example, if you have your data hosted with a major cloud vendor like AWS or Google, it will typically be stored in at least two different data centers simultaneously, with both copies being synchronised in real time.
3. Extend the best practices to your supply chain
Every successful business involves a collaborative effort between highly interconnected teams and third-parties that provide everything from technical services to raw materials. These third parties are, of course, essential, since no business operates on an island of self-sufficiency.
However, a single supplier relationship can also be your business’s weakest link. For example, if a cloud vendor suffers an extended service outage, your business may be unable to continue mission-critical operations. Worse yet, if a supplier suffers from a serious data breach, your company data might also end up at risk, no matter how well protected your internal systems are.
Mitigating third-party risk by extending business continuity and disaster recovery across the entire corporate supply chain is essential for creating a resilient business. After all, more often than not, an organisation’s resilience hinges on the resilience of its supply chain.
The goal is to eliminate single points of failure by diversifying your supply chain and regularly reviewing your supplier relationships. When it comes to suppliers that provide critical products and services, business continuity planning demands that you have backup suppliers. When third parties have access to sensitive corporate data, you need to ensure that the necessary security and compliance controls are in place.
Every third party should undergo rigorous due diligence not only at the start of the relationship, but on an ongoing basis as new risks emerge. This also brings up a fundamental point about how disaster recovery and business continuity planning isn’t something you do once and forget about, but part of an ongoing and constantly evolving strategy.
4. Build a culture of resilience
Many people think of disaster recovery and business continuity planning as the responsibilities of business leadership or the IT department. The truth is that everyone has a role to play when it comes to keeping your operations running smoothly. Embedding business continuity across your organisation requires a cultural shift whereby everyone is aware of their responsibilities.
A collaborative approach to business continuity and disaster recovery sees all departments, teams, and stakeholders working together. Staff should be trained to identify and report risks and threats, and they should always know who to report to. In the case of disaster recovery, an effective strategy depends on the ability of individuals to respond quickly and appropriately. Business continuity, on the other hand, depends on people knowing how to best continue to carry out their work during a disruption.
Digital tools, such as backup and disaster recovery solutions with automatic rollovers, can help greatly to mitigate disruptions. That said, everything ultimately starts and ends with your staff, so it makes sense to incorporate a robust training program and have policies in place that all members of your team are aware of and onboard with.
Remember, it’s not a matter of if… but when
The best approach to disaster recovery and business continuity is to think of it as a matter of when , as opposed to if , an incident will occur. That might sound overly pessimistic, but it’s also a proven starting point for developing, testing, and updating a rock-solid plan for keeping your organisation safe through almost any eventuality.
C-BCM is a business continuity management software and disaster recovery planning solution . It is part of the ContinuSys integrated business management system , an all-in-one software suite that enhances productivity and decision-making. Request your demo today to see how it works.
Maintaining Crew Wellbeing and Productivity With Maritime HR Software
Top BambooHR Alternatives for Effective HR Management in 2023
5 Best Employee Management Software in 2023
Join us to get update about our existing & upcoming products.
Back to the Learning Center
By: Angela Cook on October 14, 2021
Business Continuity vs. Disaster Recovery: What Is The Difference?
What happens when a critical issue arises and affects the momentum of your company’s day-to-day business operations? Whether your business is faced with a major disaster, your business needs to have a plan in place for the business to operate normally again.
When it comes to averting security risks and planning for a disaster, most businesses think that the terms business continuity and disaster recovery are interchangeable when they are not.
Running a business while preparing and planning for a disaster can be hard to do. At LDI, our Managed IT team, we first provide a complimentary IT Security Risk Assessment to assess our client’s current security posture. We then work closely with clients to create a business continuity or disaster recovery plan that aligns with their security needs and goals.
This article will first identify what a disaster is. We will then define business continuity and disaster recovery, along with how they’re different. By the end of this article, you will be able to consider which suits your business.
What Constitutes As A Disaster?
The practice of business continuity and disaster recovery revolves around the before and after events of a disaster. Events are often categorized as a disaster when they are pretty severe and stop a business’s operations from running normally.
These disasters often align with one of the two categories listed below:
Cyber attacks can include malware, distributed denial-of-service (DDoS) attacks, and ransomware attacks .
Essentially any attacks instigated by a malicious perpetrator who wants to gain access to your business’s confidential data, operating systems, and overall IT infrastructure.
Natural disasters include fires, floods, earthquakes, tornadoes, hurricanes, industrial accidents, and even epidemics or pandemics, such as COVID-19.
These natural disasters are at times unavoidable and can affect a business’s entire IT infrastructure.
According to The Hacker News , IBM’s studies have found that human error has been a major contributing cause to 95% of all data security breaches. Common human errors such as an employee clicking on a link included in a phishing email or a malvertisement can lead to significant damage to your company’s data and operations.
Whether your company faces a cybersecurity disaster or natural disaster, it’s best to know the difference between business continuity and disaster recovery to decide which is better for your organization.
What Is Business Continuity (BC)
Business continuity involves keeping your business operational while a disaster is in effect.
How? Well, a major part of business continuity is abiding by a business continuity plan (BCP). This plan typically begins with a business impact analysis (BIA) that identifies the plan’s scope and calculates the legal, contractual, and regulatory obligations associated with the disaster.
This analysis acts as the foundation for planning and justification of the costs associated with the business continuity program.
An IT security risk assessment and penetration test often get conducted simultaneously as the BIA; this way, the impacts that may affect your managed service providers (MSPs) can be considered.
Next, your BCP must include a documented plan for maintaining and continuing business operations when a natural or cybersecurity disaster occurs.
Business continuity means implementing risk management tools for your managed IT provider or in-house IT department to follow.
Most importantly, a BCP will include practical alternatives that allow your business to maintain customer services and protect your data even though a disaster is occurring. A few helpful options may consist of data backup or relying on emergency office locations.
What Is Disaster Recovery (DR)?
Rather than finding a way to prepare for the damage a catastrophic event can cause, disaster recovery primarily focuses on getting your business back to normal.
While disaster recovery focuses mainly on restoring your IT environment and data access after a disaster, it also enables your business to return to full functionality after a disaster occurs.
Disaster recovery incorporates a set of tools and procedures that enable the recovery or continuation of your IT infrastructure and systems following a natural, cybersecurity, or human-induced disaster.
Moreover, a disaster recovery plan (DRP) can help your company transition from alternative business processes back to processes your business would follow regularly.
A DRP will contain detailed instructions on how to best respond to unexpected disasters and incorporate strategies to minimize the effects of the disaster on your IT infrastructure and business operations.
This plan aims to help your business regain access to its data and critical IT systems after a disaster has occurred. A DRP ensures that your business can handle and respond effectively to a disaster.
What Is the Difference Between Business Continuity and Disaster Recovery?
While business continuity and disaster recovery focus on helping businesses cope when disaster strikes, there are a few differences.
Here are two main differences to consider.
1. Different Priorities
Business continuity focuses on keeping your business operational during a disaster . In contrast, disaster recovery focuses on restoring your IT infrastructure and data access after a disaster.
Both business continuity and disaster recovery have different priorities, and it’s up to your business to choose which it wants to focus on should a disaster ever occur.
2. Different Plans
Another key difference between business continuity and disaster recovery revolves around when the plan for each takes place.
Business continuity requires your business to keep operations functional during the disaster and right after . Disaster recovery focuses on dealing with the aftermath of the disaster.
While each includes an “after” response, disaster recovery mainly focuses on getting your business back to normal.
For example, let’s say a flood destroys your office’s IT equipment. A business continuity solution may allow employees to work remotely or from another office location that your business has unaffected by the flood.
However, this solution is not sustainable long-term because your company isn’t properly set up for remote work. This solution would not be a sustainable long-term solution.
Your disaster recovery solution would involve getting employees back in their original office location and incorporating ways to replace damaged equipment.
Which Is Right For Your Business?
The truth of the matter is, both business continuity and disaster recovery can help your business. Business continuity acts as a strategy that allows your business operations to carry on with minimal service downtime or outage.
Disaster recovery plans focus on immediately restoring data and critical applications you are operating when a disaster occurs.
Before deciding which one is suitable for your company, identify your priorities. It would also help clarify how long your company can wait to get back to full operation before it starts affecting your finances and reputation.
If your business transactions occur mainly online, your business should prioritize data protection and disaster recovery.
Suppose the disaster mainly affects the safety of your employees and the current work they’re completing. In that case, your business should focus on business continuity.
LDI’s Managed IT team takes a proactive and reactive approach to ensuring your IT environment is equipped to handle disasters. Our Managed IT team can help you craft a detailed BCR, DRP, or both.
Reach out to an LDI representative today to learn more about business continuity and disaster recovery options .
Cybersecurity Plans: Top 4 Reasons To Have One In Place
5 min. read
How Much Do Managed IT Services Cost? (2 Pricing Models)
3 min. read
Managed IT Services vs. IT Outsourcing: What’s the Difference?
Business Continuity and Disaster Recovery (BCDR) Best Practices for 2023
Business continuity (BC), as well as disaster recovery (DR), are mutually reinforcing practices that aid in an organization’s capacity to continue activities following an outage, disruption, or crisis.
Business continuity and disaster recovery (BCDR) is more prominent than ever before in 2023. Every company, from modest businesses to multinational corporations, is reliant on digital technologies – making BCDR a business must-have. Further, the pandemic has demonstrated precisely how much damage an unexpected business interruption could cause to economies.
Yet, 14% of companies have not tested their BCDR plans in six months to three years, and research suggests that few are business continuity and disaster recovery best practices. Here are the 10 guidelines that you need to follow:
1. Evaluate the risk associated with different components and conduct a business impact analysis (BIA)
Risk analysis and BIA are essential tools for organizations tasked with creating a BCDR strategy. The act of identifying internal and external risks and threats is crucial to business continuity and disaster recovery. The risk research uncovers potential threats and their likelihood of occurrence. This risk assessment is complementary to the BIA, which assesses the possible effects of disruption.
A BIA includes financial analysis, but it additionally takes into account the non-fiscal aspects of unanticipated disruptions. Plus, the BIA determines the mission-critical services that a company must continue to perform following an incident, as well as the resources needed for sustaining those functions.
2. Determine WHEN to activate BCDR for optimal results
Before calling an untoward situation a disaster and activating the BCDR plan, businesses must consider multiple variables. The anticipated length of the disruption, the outage’s impact on the organization, the monetary burden of activating the BCDR plan, and the BCDR strategy’s potential to cause further interruption are among the most important considerations.
Ironically, the act of shifting from a company’s principal location to a secondary center, and then returning to the primary base of operations – after an incident – may significantly disrupt processes. Consequently, company leadership must carefully assess when to implement the BCDR plan. For instance, an organization may determine that a six-hour disruption is insufficient to warrant a disaster proclamation.
3. Be ready to advocate for changes and updates in BCDR
Developments in the threat landscape or the emergence of new business ventures could compel a company to increase its BCDR coverage. This has frequently been the case in 2022-2023, as companies return to office-based working and new risks come to light.
If the necessary resources for the extended BCDR strategy and recovery technologies are not included in your current budget, you may need to pursue additional funding. A proposal for investment should be based on the following:
- Developing a business proposal that highlights the advantages of the enhanced BCDR competencies
- Deciding if the updated BCDR strategy will have an impact on other domains, like cybersecurity.
- Obtaining funding, including product and service assessment
- Creating a request for procurement with adequate documentation
Remember that you must establish an equilibrium between the BCDR expense and the projected economic consequences of a specific disaster scenario. You do not want to devise a solution that is 10X times more expensive than the crisis in itself.
4. Test the business continuity and disaster recovery plans for any loopholes
Tabletop training, planned walk-throughs, as well as simulations are common test formats. Typically, test teams consist of the recovery supervisor and reps from every functional group. Typically, a tabletop exercise is conducted in a conference room, with the team examining the plan for flaws and guaranteeing every company division is represented.
In a planned walk-through, every member of the team examines his or her designated plan components extensively to identify weaknesses. Frequently, the team goes through the assignment with a specific catastrophe in mind. Some organizations incorporate disaster role-playing and associated activities into the planned walk-through. Any shortcomings should be addressed, and a revised plan ought to be sent to all relevant personnel.
5. Double your focus on documentation
The business continuity plan has to be drafted in accordance with the business’s risks and disaster recovery protocols. For instance, the plan should specify what staff members have to do in the event of a crisis, as well as the most stringent delivery timeframe for mission-critical IT support.
Identifying critical systems and compiling an inventory of key applications is also crucial. In addition, organizations must maintain an inventory of external contacts, such as financiers, IT specialists, and utility workers. As the coronavirus outbreak taught us, only companies with a well-documented business continuity plan had the ability to recover quickly.
6. Determine your unique level of risk resilience and the IT support it mandatorily requires
Given that every organization is unique and distinct, you must evaluate the risks and develop an individualized business continuity plan. For instance, in the instance of a bank, just a few seconds of delay may result in millions of dollars in damages. Healthcare institutions may risk critical patient care if there is downtime.
Additionally, a company’s recovery options must be determined based on the sector in which it operates. RTO and RPO are among the most vital concepts in this regard. RPO or Recovery Point Objective refers to the utmost permissible loss of data over a period of time. RTO or Recovery Time Objective is the time that passes between an interruption and a resumption of processes.
You can choose the appropriate DR alternatives along with recovery technologies by selecting the appropriate RPO as well as RTO based on your company’s business rules and guidelines.
7. Invest in redundancy for virtualized infrastructure
Following the pandemic, virtualization has become critical and pervasive within businesses. Nevertheless, a business continuity plan has to account for the necessity of a hybrid physical and virtual infrastructure.
Possessing virtual servers, storage spaces. as well as workstations reduces the risk of service interruptions, but virtual machines can still malfunction. Having a backup strategy for virtual machines should be among your top priorities, particularly if you’ve increased your virtualization blueprint for mission-critical processes between 2020 and 2023.
8. Consider partnering with a managed BCDR provider
Almost every IT services provider is going to say that they can help with service interruption repair and recovery. However, there is a significant difference between a partner who offers offsite backup facilities compared to a partner who has the necessary BCDR infrastructure. A managed service provider will offer a number of services:
- Military-grade infrastructure
- Tools for disaster recovery as well as backup
- Facilities for archiving and restoring
- Multiplatform administration of storage
- Well-known and proven expertise in emergency evac and shifting to any of several recovery locations
9. Work with procurement to evaluate vendors for BCDR readiness
Modern enterprises are not self-sufficient entities operating as islands in the sea. On the contrary, they are deeply interconnected institutions with profound interdependencies on third-party suppliers who deliver anything from mission-critical IT infrastructure to finished goods and basic materials. Identify every company-supplier partnership and the potential risk it presents to business continuity if the vendor’s supply is interrupted. What pressures are suppliers facing, and how robust/resilient are your associates when they’re under stress?
At the outset of the relationship, third-party suppliers must be subjected to stringent due diligence and constantly monitored for any signs of new threats. What exactly are their individual plans for business continuity, and are they enough to safeguard your company?
10. Look into colocation options
Finally, colocation offers companies with large-scale IT infrastructure a way to spread out their risk exposure across geographically diverse regions.
Built-in redundancies in third-party data centers are intended to encourage uptime and resilience. In addition, colocation provides multiple power sources and options for connectivity. This works as a backup route in the event that the primary pathway fails.
Several colocation service providers may additionally provide a selection of geographically dispersed data centers, allowing businesses to select the premises that most closely meet their specific requirements. An organization can choose a primary location closer to its headquarters for convenience and a secondary, more remote location for recovery following a disaster. Business continuity is also supported by colocation data centers’ scheduled maintenance programs and machinery updates, which optimize system availability and performance.
As disasters and business interruptions become more complex to deal with, these BCDR best practices will help your IT team prepare. You can also explore the potential of cloud computing to aid in disaster recovery planning (DRP) , and use data recovery tools to retrieve lost information after minor incidents.
Techfunnel Author | TechFunnel.com is an ambitious publication dedicated to the evolving landscape of marketing and technology in business and in life. We are dedicated to sharing unbiased information, research, and expert commentary that helps executives and professionals stay on top of the rapidly evolving marketplace, leverage technology for productivity, and add value to their knowledge base.
Techfunnel Author | TechFunnel.com is an ambitious publication dedicated to the evolving landscape of marketing and technology in business and in life. We are dedicate...
How the Google Cross Cloud Network Can Improve Enterprise Interconnectivity
How to Trim SaaS Bloat for a Lean IT Approach
Why The Future of Artificial Intelligence in Hybrid?
Customize Cookies ×
Five Best Practices for Business Continuity and Disaster Recovery
In our previous post we defined business continuity and disaster recovery, distinguished between a business continuity plan and a disaster recovery plan, and motivated why you need these. Today’s post deals with best practices when it comes to disaster management and ensuring business continuity.
Best practices are those practices that render the best results with the least amount of effort based on tested procedures. But, before we discuss best practices, and b efore compiling your BCP and DRP it is worthwhile considering what types of incidents or crises you should make provision for. Below we have listed the types of incidents or crises that could occur:
- Natural disasters – as the title indicates, these are disasters that you have no control over: fires, floods, earthquakes, etc.
- Malicious attacks – malicious attacks are not limited to ransomware or hacking; vandalism, riots, terrorism and reputational threats all mean your company harm and can lead to data loss.
- Technological disasters – these include computer network failures, hardware failures or problems associated with using outdated equipment.
- Human error – disasters are not always natural or malicious and human error is as big a consideration. For example, employees can accidentally delete important data, bring in external devices that contain malicious software or something as simple as a discarded cigarette but can cause a fire and data loss.
In what follows, we discuss 5 best practices to prepare for disaster and ensure business continuity:
1. Design a business continuity plan that ensures that all components can be accessed in the event of a disaster
The purpose of a BCP does not end after its creation. No matter how much time you have spent compiling the perfect documentation and allocate the appropriate resources, if these are not available on demand when disaster strikes, your BCP has failed. The main aim of your BCP should therefore be unhindered access and, to this end, the files should be saved in a consistently available location.
2. Update your business continuity and disaster recovery plans in line with organizational changes
As your organization’s operations may change between compiling your BCP and DRP and when a disaster may occur, it is important to keep your BCP and DRP up to date. A practical example to demonstrate: You have compiled and tested your BCP and DRP; both plans have proven to work. Six months later, your organization has changed from running its application system on-prem to running it in the cloud. All the hard work to compile and test your BCP and DRP would have been for naught if you did not update your plans in line with this change and you won’t be able to recover anything quickly and so ensure business continuity. Change management is therefore an important component of a successful BCP and DRP.
3. Perform realistic tests to ensure it works.
As mentioned above, it is crucial to test your plan to ensure its successful execution. In the chaos that ensues in the face of a disaster, an untested plan will undoubtedly fail. When testing your BCP and DRP you should therefore consider all possibilities from the smallest systems fails to the entire business being wiped out by a tornado. Your plan should furthermore clearly indicate what is working and what not. This will lay the groundwork for maturation of your plan over time which will ultimate see your business continuity being maintained and any business losses of revenue or customer trust, curbed. A final benefit of testing is that it can serve as practice training an anticipation of the real disaster.
4. Keep full copies of critical data offsite
If, for example, your organization stores its primary data in location X, it is not sensible to store your secondary backup 30 miles away. Natural disasters (fires, floods, earthquakes) will still affect the secondary data center and so hamper operations. A copy of critical data and services should be kept at least 150 miles away from the primary data center. If, for operational reasons, you have to keep the primary and secondary data centers in close proximity, approach an expert consultant to assess the particular case to establish where close proximity is indeed a requirement.
5. Empower your personnel
Your personnel as the frontline of your organization and the backbone of your operations, should be trained and empowered to execute your BCP and DRP. Personnel that has not been properly trained to use your BCP and DRP in the event of a disaster, will cause more disruption. Ensuring your personnel is prepared and has the knowledge and skills to face a critical event will not only reduce downtime but also increase performance through wiser use of IT assets
Our next post will discuss the critical components of a well-designed business continuity plan.
Securing your company’s data via cloud disaster recovery solutions is crucial to protect your business in the event of an unforeseen disaster. Stage2Data is one of North America’s most trusted cloud solution providers, offering secure data management at a cost effective price. Contact our team for more information today.
Recent posts, recent poll sheds light on businesses’ backup strategies, 2023 ransomware preparedness: lighting the way to readiness and mitigation, cloud data without a disaster recovery plan: a ticking time bomb, understanding ransomware protection: techniques and best practices, congratulations to tyler jurgens: stage2data’s cloud infrastructure engineer, veeam legend, and vmware vexpert extraordinaire, pioneering the future of data protection and disaster recovery.
- [email protected]
- 2305 Wyecroft Rd, Suite 201, Oakville, ON L6L 6R2, Canada
- Ransomware Security
- Disaster Recovery
- Network Recovery
- Incident Response
A deep dive into 24 disaster recovery use cases, ransomware readiness: an in-depth evaluation guide, counter ransomware attacks with cohesity, can you tell if your data recovery is predictable, please call me, how resilient is your cloud against ransomware attacks.
- Your Email *
- Your Telephone *
- Your Company *
Download Ransomware Readiness: An In-Depth Evaluation Guide
- Name * First Last
Cyber Risk Intelligence Report
Please provide the following details and we will send you a free Risk Intelligence Report. This will help to identify vulnerabilities in your current cyber security.
- Your Name *
- Your Surname *
Disaster Recovery Plan Vs. Business Continuity Plan
- Small Business
- Business Planning & Strategy
- Disaster Recovery Plans
- ')" data-event="social share" data-info="Pinterest" aria-label="Share on Pinterest">
- ')" data-event="social share" data-info="Reddit" aria-label="Share on Reddit">
- ')" data-event="social share" data-info="Flipboard" aria-label="Share on Flipboard">
SWOT in Marketing Analysis
Elements of an emergency action plan, dynamic business strategies.
- Gap Analysis Compliance
- Normal Distribution Uses for Inventory Forecasting
Disaster recovery and business continuity plans are just as important as business and marketing plans. Unlike the business and marketing plans, the disaster recovery and business continuity plans provide detailed strategies on how the business will continue after severe business interruptions and disasters. The U.S. Small Business Administration reports that approximately 25 percent of businesses that are affected by disaster fail to reopen. The disaster recovery and business continuity plans strive to ensure that your business can withstand the disaster with a rapid reopening.
Disaster Recovery Plan
The disaster recovery provides detailed strategies on the steps that employees must follow during, and immediately after, a disaster. Not only does the plan provide exit procedures, it outlines communication instructions that ensure that every employee is accounted for and in communications with the central hub. This business hub includes emergency supplies, flashlights, backup business information and other items that have been outlined as important to the business and the safety of its employees and customers.
Business Continuity Plan
The business continuity plan takes the disaster recovery plan one step further. This plan outlines how the business will continue its operations after the disaster. It also outlines how the business will continue its operations after smaller, less disastrous events, such as power outages. The plan outlines how and where the business will operate if it is forced to move to a temporary location. It identifies the long-term, crucial strategies that are needed to ensure that the business maintains stability and generates profits.
The disaster recovery and business continuity plans are interdependent. These plans are so interdependent that they are often solidified into one detailed plan that covers all unexpected possibilities that the business may encounter. Both plans identify many of the same aspects, such as communication factors, temporary locations and security features. However, both plans cover items that the other does not. For instance, the disaster recovery plan includes preventative strategies that the business will take, such as installing smoke alarms and conducting fire drills. The business continuity plan introduces strategies that the business will use to maintain smooth operations, such as obtaining disaster recovery loans and securing replacement equipment.
Similar to the business and marketing plans, the disaster recovery and business continuity plans require periodic reviews. Although these plans do not require quarterly reviews, the disaster recovery and business continuity plans should be reviewed every year for consistency. These plans should be adjusted as your business changes and expands. The emergency kits should be replenished, and the strategies should be analyzed to ensure that they still meet the anticipated needs of your business.
When developing disaster recovery and business continuity plans, business owners must not only consider the internal factors of the business, they must consider the external factors. Businesses must consider customer need, economic demands, environmental possibilities and supplier deviations. For instance, the business must consider how their suppliers have been affected, how these external factors will affect your business’ ability to operate and the steps your business will take to overcome these challenges.
- U.S. Small Business Administration: Planning Can Cut Disaster Recovery Time, Expense
- U.S. Small Business Administration: Expect The Unexpected
- CSO: Business Continuity and Disaster Recovery Planning: The Basics
- Disaster Recovery: Business Continuity & Disaster Recovery Planning
Writing professionally since 2004, Charmayne Smith focuses on corporate materials such as training manuals, business plans, grant applications and technical manuals. Smith's articles have appeared in the "Houston Chronicle" and on various websites, drawing on her extensive experience in corporate management and property/casualty insurance.
What is a business model and how does it differ from a business plan, how to do a drp proposal, what is strategic contingency planning, the differences between business planning & corporate planning, what is the difference between a marketing & business plan, swot analysis for promotion & marketing, what is contingency management in a business, factors that influence contingency planning, define a business plan, most popular.
- 1 What Is a Business Model and How Does It Differ From a Business Plan?
- 2 How to Do a DRP Proposal
- 3 What Is Strategic Contingency Planning?
- 4 The Differences Between Business Planning & Corporate Planning