Google Play icon

6 Key Considerations for a Business Continuity and Disaster Recovery Plan

Posted October 25, 2018

Disasters, industrial accidents and other catastrophic incidents are events that can strike any organization without warning. One of the greatest dangers with such events is the likelihood of grounding a business for good. Think about what would happen if, for instance, your organization lost all of its customer and financial records following a natural disaster.

In the best case, disasters can disrupt your operations for minutes or hours. In the worst case, you may have to shut down the business permanently. Developing a business continuity and disaster recovery (BC/DR) plan is key to ensuring your organization is always prepared for such unexpected incidents.

Flood after the hurricane. Image credit: andrewtheshrew via Pixabay, CC0 Public Domain

Flood after the hurricane. Image credit: andrewtheshrew via Pixabay, CC0 Public Domain

Here are the main considerations for developing such plans.

1.   Classify Enterprise Data

The average organization is home to a wide range of information. Such data comprises spreadsheets, emails, contact lists, computational data, physical files, document printouts, payroll information and more.

The business must categorize its data based on its value. The classification will help define the most appropriate backup, archival, retention and retrieval policies. The data classification determines system classification.

2.   Classify Enterprise Systems

System classification lies at the heart of every effective BC/DR plan. It’s important because first, not all systems are created equal. Some are more important to organization survival than others. Second, no business has infinite resources. That means more resources should be expended on high priority systems and less on low priority systems.

Information systems can be classified as either business support, business critical or mission critical. Mission critical should enjoy the highest level of protection and redundancy.

3.   Choose a BC/DR Location

BC/DR-associated standards such as ISO 27001, ISO 22301, NIST SP 800 and BS25999-2 don’t usually specify the minimum distance there should be between a production site and a disaster recovery site. That’s mainly because the definition of sufficient distance will vary depending on whether the disaster is a fire, flood, earthquake, tsunami, hurricane, tornado, data corruption or ransomware infection.

At the minimum, your choice of a BC/DR site should be driven by your business model, your main revenue streams and regulatory requirements. As much as possible, use cloud-based disaster recovery solutions for your BC/DR since this will almost certainly fulfil any distance requirements.

4.   Get Senior Leadership to See the Value

Implementing a BC/DR plan costs money. The larger the organization, the more expensive the redundancy setup is likely to be. The size of the expenditure is likely to raise eyebrows when presented to senior management. The key to getting the expenditure approved is ensuring the business leadership focuses on the value and not the cost.

For starters, BC/DR plans often uncover plenty of otherwise hidden issues with the production environment during the risk assessment. This inadvertently helps make production systems more robust even before you factor the recovery plan. Another way to soften management is to recommend cloud-based DR systems the organization only pays for when the DR plan is invoked.

5.   Document the Plan

This may sound obvious except if industry surveys are anything to go by, as much as 40 percent of companies don’t have a DR plan. Many organizations will set up elaborate backup systems and redundant network links but won’t have a specific well-thought-out step-by-step BC/DR plan. Yet, documentation cannot be overemphasized.

Remember that certain disasters may come with massive loss of human life including key employees. Documenting a plan that details server architecture, network infrastructure, system applications, interdependencies, interfaces, contacts, assets and the recovery sequence ensures business continuity after such a deadly event.

6.   Test the Plan

A Forrester/Disaster Recovery Journal survey found that 1 in 5 organizations do not test their BC/DR plans at all. Creating a working BC/DR plan is intense work that may involve several months of meetings, workshops, training, documentation and testing. After such an exhausting process, too many businesses will consider their work as complete and will only refer to the plans again when disaster does strike. This is a catastrophic mistake.

First, the production environment is never static. As systems and procedures change and evolve, so should the BC/DR plan. Second, regular testing is an effective way to unearth unforeseen challenges or gaps such as configuration problems, version inconsistencies, data conversion failures and incomplete recovery. BC/DR plans should be tested via a drill at least once a year.

BC/DR planning is a painstaking process. But it pales in comparison to the disastrous repercussions of not having an effective BC/DR plan. A good plan minimizes downtime and prevents reputational damage and lost market share.

Featured news from related categories:

Technology Org App
Google Play icon
83,374 science & technology articles

Most Popular Articles

  1. Bright Fireball Explodes Over Ontario, Meteorite Fragments Might Have Reached the Ground (August 5, 2019)
  2. Why older people smell the way they do? Japanese have even a special word for it (August 4, 2019)
  3. Terraforming the Surface of Mars with Silica Aerogel? (July 23, 2019)
  4. Moisturizers May Be Turning Your Skin Into ‘Swiss Cheese’ (4 days old)
  5. Swarm Autonomy Tested in Second Major DARPA OFFSET Field Experiment (August 8, 2019)

Follow us

Facebook   Twitter   Pinterest   Tumblr   RSS   Newsletter via Email