Prepare for Emergencies with Business Continuity and Disaster Recovery Plans
How a company responds during an emergency or other unexpected event can drastically impact how quickly it can resume operations and its prospects for future success. Planning ahead and having systems in place for such events can be just as important as the actual response once an event occurs.
To prepare, companies should have both business continuity plans and disaster recovery plans in place. While business continuity and disaster recovery plans are two separate types of plans, they should complement each other as there are many similar concerns for each.
Below, we outline how these plans differ and steps your company can take to design effective plans should an emergency arise:
- What Is a Business Continuity Plan?
- What Is a Disaster Recovery Plan?
- How Does Disaster Recovering Planning Differ from Business Continuity Planning?
- What Types of Events Should Be Included in a Disaster Recovery Plan?
What Are the Benefits of Planning Ahead?
- What Does a Business Continuity Plan Typically Include?
- What Processes and Procedures Belong in a Business Continuity Plan?
- What Is the Purpose of a Disaster Recovery Plan?
- What Does a Disaster Recovery Plan Typically Include?
How Do You Test a Disaster Recovery Plan?
A business continuity plan is a predefined approach and procedure for how a business will continue to run when coping with an emergency.
A disaster recovery plan is a predefined approach and procedure for restoring the business to full functionality, following a system failure or compromise, while keeping the impact to a minimum.
While a business continuity plan focuses on defining how business operations should function under abnormal circumstances during a disaster or emergency, a disaster recovery plan focuses on getting applications and systems back to normal.
Business emergencies can include events that are intentionally or accidentally caused by humans as well as natural disasters.
Potential disasters and threats can include the following:
- Pandemic flu
- Computer and server shutdown or denial-of-service and sabotage
- Ransomware attack
- Bomb threat
- Severe weather or wildfire
Regardless of the origin, business disasters may cause:
- Death or significant injury
- Damage to property or environmental damage
- Closing of business
- Work or service stoppage
- Negative impact on the company’s financial standing or company image
Business continuity planning and disaster recovering planning both provide several benefits to your organization, especially when they’re drafted in tandem, including:
- People and property protection
- Morale boost
- Improved decision-making
- Risk management
People and Property Protection
Having emergency plans in place can help safeguard life and property of the company and its employees. The Occupational Safety and Health Administration (OSHA) even requires companies with more than 10 employees to write these plans in compliance with its Regulation 1910.38 Emergency Action Plans .
Morale Boost
When employees know plans are in place, they may feel safer. This can help boost morale and potentially increase business value perception to buyers who recognize the responsibility and preparedness of the company.
Improved Decision-Making
Planning ahead allows for systemic, structured, and timely implementation of your plan and helps you make decisions based on the best available information, should an emergency occur.
It also provides room to be dynamic and responsive to change. Flexibility can allow you to take human and cultural factors into account, such as supporting workers with medical needs or managing teams that operate across geographic regions, and allows the company to be transparent and inclusive with its plans.
Even if you haven’t faced an emergency, planning for one can help facilitate continual improvement of the organization and become an integral part of all organizational processes.
Risk Management
Managing risk for organizations includes risks posed by relationships with third parties, such as service providers or vendors. These third parties can play a significant part in the overall risk for an organization based on the types of data they have access to or handle. They can also be used to provide recovery services or high availability for systems that need to meet high levels of up time.
For companies serving highly regulated industries, such as health care, financial services, and utilities, third-party risk management often includes assessing business continuity plans and disaster recovering plans. By documenting and testing these plans, organizations are better equipped to meet the expectations of those they serve.
There are several key factors to consider when creating a business continuity plan. While employees and customer safety should be your top concern, there are also other areas of focus that are especially important.
Business continuity planning should focus on:
- Duration your business can last without its tools, assets, operating locations, and other elements crucial to operations
- Possible outcomes if you’re denied access to facilities, servers, customer records, or other needs
- Length of time you can operate without telephone service, electricity, or temporary electricity if running only on generators, water, and other utilities
- Necessary changes to processes and workflows to maintain critical operations until the situation can be returned to normal
- Scenarios most likely to occur that would create the greatest disruption to the organization
To prepare for those concerns, a business continuity plan should define processes and procedures for the following:
- Assessing and planning for threats to business operations
- Maintaining operations and meeting obligations during emergencies
- Testing your plan, including test types, testing schedules, and documentation requirements
Steps to assess various risks should include the following:
- Estimating the likelihood of the event based on data, such as the historical frequency of natural disasters in an area
- Defining risk categories, such as operational, legal, reputational, or security risks
- Estimating the impact to assets or processes based on the defined risk categories—for example, a natural disaster that causes a server outage may affect a public website hosting a storefront, which could impact revenue or relationships with partners
- Mitigating controls such as backups and alternate operating locations
Primary and secondary points of contact should be determined internally and externally. It may help to create templates or prewritten communications as well as communications schedules that can be deployed immediately in the event of an emergency. This helps put plans into action and address employee and public concerns.
Emergencies can require all hands on deck, so it’s important to identify top personnel and their responsibilities in your plan, as well as team members to serve as alternates in case the primary role player is unavailable.
Responsibilities should be defined and assigned for the following roles:
- Crisis manager or site coordinator
- Engineering or maintenance officer
- Human resources officer
- Communications or public relations officer
- Outside members such as police, fire, and government personnel
Employees will need to be notified and provided instruction in an emergency situation. Employee contact information should be up-to-date and easily accessible with departmental organizational charts as well as cell and home phone numbers and emergency contact information included.
Planning should also consider the likelihood that communications systems may be inaccessible and define alternative means of connecting with employees and team members, including any third parties supporting business continuity efforts.
What Safety and Security Measures Are Included?
First-aid kits and other resources should be inspected at least on a monthly basis. Identify local hospitals, medical treatment options, and available 911 services so the correct parties can be contacted as quickly as possible if needed.
Evacuation and Access to Property
Evacuation plans from all company buildings should be readily available, and employees can be instructed on evacuation routes through drills. Additionally, they should be provided directions to shelter and safe areas.
For those not at a company location or to plan for how to access property following an emergency, alternate routes to key facilities should also be provided in the event of damaged roads.
How Will You Access Contractors, Support Equipment, and Utility Companies?
Should you require the assistance of emergency personnel, repairs to infrastructure, or equipment, it’s important to consider how you’ll access these resources. Contractor contact information and tools and equipment requirements, as well as rentals, should be readily available.
Equipment you should consider having access to includes the following:
- Generators for backup power including portable options such as trailers
- Computing equipment and storage
- Trailers to transport fuel to generators, equipment for repairs, or sandbags before storms
In addition to requesting these materials, it’s important to make sure anyone who will come in contact with the equipment has a deep knowledge of how to properly operate machinery and assess any safety concerns.
Other important vendors and contacts to have easy access to include the following:
- Banks and financial institutions
- Computer and IT backup support providers
- Building contractors
- Fuel companies
Do You Have Proper Insurance?
Should damage take place to your property or if people are harmed, you’ll want to make sure the proper insurance protocol is in place. You should be able to easily access the contact and claims reporting information for the following:
- Property-casualty agent
- Group health insurance
- Life or accidental death and dismemberment insurance
Insurance concerns can also extend to cars and other vehicles, so it’s important to have access to vehicle identification numbers (VINs) in case they go missing or are damaged.
The purpose of disaster recovery planning is to support critical operations by returning IT systems to full functionality. This should be prioritized based on customer needs, regulatory requirements, and the importance to your organization or the operations that the IT system supports.
You should be able to determine the availability of workaround options compared to work stoppages to do the following:
- Reduce the likelihood or impact of an event through technology and controls
- Maintain minimum mission-critical systems to allow for eventual full restoration
- Recover post-disaster by bringing all systems back online to full operational state
A disaster recovery plan has many of the same elements of a business continuity plan that need to be documented and defined ahead of time, but there are several key elements that are different. These elements include:
- Business impact analysis
- Assumptions and constraints
- Communication processes
- Data and system backup plan
- Damage and impact assessment
- Response communication and action plan
A business impact analysis is essential for determining and evaluating the effects of an interruption to critical business operations. It assesses a disaster’s impact over time and helps establish recovery strategies, priorities, and requirements based on system criticality.
Business leaders and management should be involved in determining the system recovery priorities as this analysis will be used to document the critical systems, document dependencies with other systems, and prioritize the system recovery efforts.
What Is the Importance of Communication Processes and Role Assignments?
Communication is a key process during the recovery effort so recovery teams should understand their roles and responsibilities. A disaster recovery coordinator should be established, along with a backup to this position. These persons will be responsible for coordinating, communicating, and managing staff during the recovery efforts.
An emergency response team should also be documented as these personnel will be responsible for the actual recovery of the systems. They will need to prepare the recovery site for operation, coordinate recovery steps and activities, interface with system vendors, and ensure recovery is complete once systems are restored.
Disaster preparedness is rooted in an agreed-upon backup strategy that addresses acceptable recovery time and data loss, adequate system redundancy, and sound data restoration processes. The data backup plan details the backup strategy employed to ensure that data is available in order to restore systems during emergency and nonemergency situations.
This plan outlines the backup strategy for all of the critical systems identified in the business impact analysis. The recovery and response action plan provides detailed steps on the recovery procedures that need to be performed in order to restore systems and data. The recovery steps are critical as they will help guide staff in the steps necessary to fully recover a system.
Once a plan is in place, perform tests that help verify that it can be properly executed.
Diverse testing methods must be deployed so that multiple scenarios can be addressed and tested. Suggested testing methods include the following:
- Walkthrough testing
- Simulation testing
- Checklist testing
- Full-interruption testing
- Parallel testing
Testing can be done for several purposes including the following:
- Exercising the recovery processes and procedures
- Familiarizing staff with the recovery process and documentation
- Verifying the effectiveness of the recovery documentation and site
- Establishing if recovery objectives are achievable
- Identifying improvements to the disaster recovery strategy, infrastructure, and recovery processes
We’re Here to Help
Emergency preparedness is all about planning, training, and maintaining a supportive culture. To learn more about how your business can organize business continuity and disaster recovery plans and confidently test and execute them, contact your Moss Adams professional.
Assurance, tax, and consulting offered through Moss Adams LLP. ISO/IEC 27001 services offered through Cadence Assurance LLC, a Moss Adams company. Wealth management offered through Moss Adams Wealth Advisors LLC. Services from India provided by Moss Adams (India) LLP.
Related Topics
Contact us with questions.
- Disaster recovery planning and management
- Share this item with your network:
Tech Accelerator
What is bcdr business continuity and disaster recovery guide.
- John Moore, Industry Editor
- Stephen J. Bigelow, Senior Technology Editor
- Paul Crocetti, Senior Site Editor
Business continuity (BC) and disaster recovery (DR) are closely related practices that support an organization's ability to remain operational after an adverse event.
Resiliency has become the watchword for organizations facing an array of threats, from natural disasters to the latest round of cyber attacks.
In this climate, business continuity and disaster recovery (BCDR) has a higher profile than ever before. Every organization, from small operations to the largest enterprises, is increasingly dependent on digital technologies to generate revenue, provide services and support customers who always expect applications and data to be available.
"Mission-critical data has no time for downtime," said Christophe Bertrand, practice director of data management and analytics at Enterprise Strategy Group (ESG), a division of TechTarget. "Even for noncritical data, people have very little tolerance."
More than two-thirds of respondents to Uptime Institute's 2021 Global Data Center Survey had some sort of outage in the past three years. And disruption isn't just an inconvenience for customers.
"[W]hen an outage occurs, about a fifth are classified as severe or serious, meaning there were big financial, reputational and other consequences," according to Uptime Institute, a Seattle-based data center standards organization.
Why is BCDR important?
The role of BCDR is to minimize the effects of outages and disruptions on business operations. BCDR practices enable an organization to get back on its feet after problems occur, reduce the risk of data loss and reputational harm, and improve operations while decreasing the chance of emergencies.
Some businesses might have a head start on BCDR. DR is an established function in many IT departments with respect to individual systems. However, BCDR is broader than IT, encompassing a range of considerations -- including crisis management, employee safety and alternative work locations.
A holistic BCDR approach requires thorough planning and preparation. BCDR professionals can help an organization create a strategy for achieving resiliency. Developing such a strategy is a complex process that involves conducting a business impact analysis (BIA) and risk analysis as well as developing BCDR plans, tests, exercises and training.
Planning documents -- the cornerstone of an effective BCDR strategy -- also help with resource management, providing information such as employee contact lists, emergency contact lists, vendor lists, instructions for performing tests, equipment lists, and technical diagrams of systems and networks.
BCDR expert and consultant Paul Kirvan noted several other reasons for the importance of BCDR planning:
- Results of the BIA identify opportunities for process improvement and ways the organization can use technology better.
- Information in the plan serves as an alternate source of documentation.
- The plan provides a single source of key contact information.
- The plan serves as a reference document for use in product planning and design, service design and delivery, and other activities.
An organization should strive for continual improvement, driven by the BCDR process.
What is business continuity and disaster recovery?
An organization's ability to remain operational after an incident relies on both BC and DR procedures. The goal of BCDR is to limit risk and get an organization running as close to normal as possible after an unexpected interruption. These practices also reduce the risk of data loss and decrease the chance of emergencies, which helps maintain and even improve the organization's reputation.
The trend of combining business continuity and disaster recovery into a single term, BCDR, is the result of a growing recognition that business and technology executives need to collaborate closely when planning for incident responses instead of developing schemes in isolation.
What's the difference between business continuity and disaster recovery?
BC is more proactive and generally refers to the processes and procedures an organization must implement to ensure that mission-critical functions can continue during and after a disaster. This area involves more comprehensive planning geared toward long-term challenges to an organization's success.
DR is more reactive and comprises specific steps an organization must take to resume operations following an incident. Disaster recovery actions take place after the incident, and response times can range from seconds to days.
BC typically focuses on the organization, whereas DR zeroes in on the technology infrastructure. Disaster recovery is a piece of business continuity planning and concentrates on accessing data easily following a disaster. BC includes this element but also considers risk management and any other planning an organization needs to stay afloat during an event.
There are similarities between business continuity and disaster recovery. They both consider various unplanned events, from cyber attacks to human error to a natural disaster. They also have the goal of getting the business running as close to normal as possible, especially concerning mission-critical applications. In many cases, the same team is involved with both BC and DR.
What's the difference between business resilience and business continuity?
Business resilience and resiliency began appearing in the BCDR vocabulary in the early 2000s. Resilience, at times, has been used interchangeably with business continuity, but the terms have different shades of meaning .
Kirvan said a resilient business can return to its previous operational state following an event that shut it down. Business continuity management, technology disaster recovery and incident response are among the disciplines that fuel an organization's resiliency.
Resilience focuses on building a business to be impervious to potential disruptions of various kinds, according to Jeff Ton, strategic IT advisor at InterVision Systems, an IT service provider with regional headquarters in San Jose, Calif., and Chesterfield, Mo. Business continuity, in contrast, involves resuming operations from an outage once it has occurred, Ton noted.
Resiliency "is more about being able to resist and withstand issues, and business continuity is about being able to continue business after something has disrupted your business," Ton said.
Using a rubber band analogy, Ton said an event might stretch an organization; but, if resiliency has been achieved, it resists and reassumes its shape. Business continuity kicks in when the rubber band snaps and the organization takes steps to address the breakage, he added.
ESG's Bertrand said business continuity revolves around the ability to fail over and maintain systems at a high level of availability, while resilience is the ability to resist disruption and prevent problems from happening in the first place.
What’s the difference between organizational resilience and operational resilience?
The idea of resilience and its role in business continuance has also diversified into the concepts of organizational and operational resilience.
Organizational resilience (OR) is the ability of the entire organization to guard against disruptive events. The entire organization includes all personnel in every department or business unit; the applications, infrastructure and other technologies across the enterprise; facilities, including buildings and workspaces; and the processes and policies involved in running the organization.
In order for OR to be fully realized, every element of the organization must be protected from adverse events and demonstrate the capability to change and adapt -- even just temporarily -- to continue running the business until the disruption is alleviated and normal operations are restored.
Operational resilience (OpR) is generally regarded as a close subset of organizational resilience, but OpR focuses on the people, processes and infrastructure of the business to respond and adapt to changing patterns. It's worth noting that this description isn't solely about BCDR but can apply to any issues or situations that affect business conditions.
Where OR takes a more holistic view of resilience, OpR slants the view in favor of resilience issues involved in running the business day to day. There are several standards that relate to OpR, including international standard ISO 22316:2017 and British standard BS 65000:2014.
OR and OpR require careful attention to prediction and planning so potential disruptions are identified and prepared for in advance. Disruptions that aren't considered or planned for can overcome an organization's resilience posture and cause major, long-lasting business impacts.
The role of risk analysis, BIA and BCDR strategies
Risk analysis and BIA are critical tools for organizations facing the question of how to build a BCDR strategy.
Determining internal and external risks is important to the BCDR process. The risk analysis identifies risks and the likelihood they will occur. This risk assessment works in tandem with the BIA, which helps quantify the potential effects of disruption. Financial analysis is one aspect of a BIA, but this exercise also considers the non-financial costs of unplanned outages. In addition, the BIA identifies the mission-critical functions an organization must maintain or restore following an incident, and the resources needed to support those functions.
It's important to gain management support when pursuing a BIA, given the intensity of the process. The BIA provides a way for an organization to learn about itself and details opportunities for improvement.
An organization uses risk analysis and BIA data to determine business continuity and disaster recovery strategies and the appropriate responses. Each strategy is turned into a series of actions that will help achieve operational recovery, such as data replication, failing over to a cloud-based service , activating alternate network routes and working remotely.
Why should you use BCDR, and when should it be activated?
Motivations for an organization developing a BCDR strategy might include protecting the lives and safety of employees, ensuring the availability of services to customers and protecting revenue streams. Competitive positioning and reputational management are factors that often underlie other motivators: A business perceived as unable to protect employees or deliver services will struggle to attract workers and customers.
The regulatory and compliance environment also influences organizations in their pursuit of BCDR. The HIPAA Security Rule, for example, requires covered entities such as hospitals to provide an emergency mode operation plan, which includes "procedures to enable continuation of critical business processes for protection of the security of electronic protected health information."
The Financial Industry Regulatory Authority (FINRA), an organization that oversees broker-dealers, requires firms to "create and maintain written business continuity plans" that address emergencies or disruptions to the business. FINRA spells out its required business continuity measures in its emergency preparedness rule.
U.S. federal agencies, meanwhile, are also required to develop BCDR strategies, which in government terminology are called continuity of operations plans . The aim is to "ensure that essential government services are available in emergencies -- such as terrorist attacks, severe weather, or building-level emergencies," according to the Government Accountability Office.
Customers might also put pressure on businesses to develop adequate BCDR plans. An assessment of a organization's BCDR stance might be part of a prospective client's vetting process. Federal regulators, such as the Office of the Comptroller of the Currency, encourage banks to include resilience as part of the vendor due diligence process. Specifically, OCC Bulletin 2013-29, "Third-Party Relationships: Risk Management Guidance," states that banks should "determine whether the third party maintains disaster recovery and business continuity plans that specify the time frame to resume activities and recover data."
The "why" of BCDR potentially has many answers, and the "when" of business continuity and disaster recovery is similarly nuanced. Organizations must weigh several factors before declaring a disaster and triggering the BCDR plan. Chief among those are the expected duration of the outage, the outage's effects on the organization, the financial cost of activating the BCDR plan and the BCDR plan's potential for causing disruption. Paradoxically, the process of failing over from an organization's primary place of business to a backup facility -- and then failing back after an event -- might significantly interrupt operations, noted Paul Thomann, regional principal for cloud and data center transformation at Insight Enterprises Inc., an IT services provider based in Tempe, Ariz.
Accordingly, an organization's leadership must carefully size up when to enact the BCDR plan. Migrating to a backup facility, Thomann said, "comes with an impact to the budget." An organization, for instance, might deem a six-hour outage not significant enough to make the disaster call.
That decision, particularly in larger enterprises, is typically made by a committee rather than an individual executive, Thomann said. The committee might consist of the CEO, CFO, CIO and other C-suite executives, he added.
How to build a BCDR plan
Organizations can break down a BCDR plan into BC and DR components.
Specifically, according to BCDR consultant Kirvan, a business continuity plan ( BCP ) contains contact information, change management procedures, guidelines on how and when to use the plan, step-by-step procedures and a schedule for reviewing, testing and updating. A disaster recovery plan ( DRP ) features a summary of key action steps and contact information, the defined responsibilities of the DR team, guidelines for when to use the plan, the DR policy statement, plan goals, incident response and recovery steps, authentication tools, geographical risks and plan history. The DRP should also take staffing into account, ensuring that personnel able to execute the various steps of a DR plan are always available to enact critical recovery tasks.
Good business continuity and disaster recovery plans are clear about the varying levels of risks to the organization; provide well-defined and actionable steps for resilience and recovery; protect the organization's employees, facilities and brand; include a communications plan; and are comprehensive in detailing actions from beginning to end.
A BCDR policy is an important initial step. The policy sets the foundation for the process and typically covers the scope of the business continuity management system, which employees are responsible for it and the activities performed, such as plan development and BIA. A policy might also establish a common set of metrics, such as key performance indicators and key risk indicators. The policy aspect is often overlooked, but it's an important business continuity auditing item.
Developing the BCP and DRP typically starts by gathering BCDR team members and performing a risk analysis and BIA. The organization identifies the most critical aspects of the business, and how quickly and to what extent they must be running after an incident. After the organization writes the step-by-step procedures, the documents should be consistently tested, reviewed and updated.
Although certain aspects of the process involve select members of the organization, it's important that everyone understand the plan and is included at some point. The plan should also encompass third parties and the services they provide. A bank, for example, might rely on data that a third-party firm supplies, so the relationship should be documented in the BCDR plan. Such outside entities must be kept in the loop so they understand how the plan is going to work.
Other steps in a BCDR planning checklist include risk mitigation and an emergency communications plan. The latter details the method, or methods, an organization will use to disseminate information on an emergency to employees.
In summary, the process of building a BCDR plan will typically involve the following activities:
- risk identification
- infrastructure review
- plan design
- plan implementation
BCDR testing
Testing a business continuity and disaster recovery plan provides assurance that the recovery procedures put in place will work as expected to preserve business operations. The testing phase might also highlight areas for improvement, which the organization can address and incorporate into the next version of the plan.
Tests can range from simple to complex. A discussion-based tabletop exercise brings together participants to walk through the plan steps. This type of test helps employees with BCDR roles become more familiar with the response process, while letting administrators assess the effectiveness of the BCDR plan.
On the other end of the testing spectrum, a full-scale test simulation calls for participants to perform their BCDR functions rather than discussing them in a tabletop exercise. These drills might involve the use of backup systems and recovery sites.
Still, testing requires time, funding, management support and employee participation. The testing process also includes pre-test planning, training test participants and reporting on the test.
The frequency of testing varies by organization. Larger enterprises should conduct tabletop exercises at least quarterly, while smaller organizations can test less often, Insight Enterprises' Thomann said. A full BCDR test, which is more time- and resource-intensive, can be conducted annually, he added.
InterVision's Ton also recommended a quarterly testing schedule, with a DR test conducted twice a year with tabletop exercises in between those tests. Business continuity, as a separate test, can be conducted annually. Ton said he's found it more effective to separate the tests because conducting the DR test on its own is less disruptive to the organization.
Periodic testing, plan maintenance and resilience are interrelated. An organization improves its resilience when it updates its BC and DR plans and then tests them continually.
BCDR cost management
Changes in the threat landscape or new business ventures might compel an organization to expand its BCDR coverage. That change in scope could call for spending on consulting services or backup and disaster recovery technologies.
BCDR managers might need to seek new funding for the expanded BCDR plan and resilience technologies if the dollars aren't available in the current budget.
An investment proposal should be built on a business case that emphasizes the positive results the new BCDR capabilities will provide for the organization. The bid for funding should also determine whether the revised BCDR plan will affect other areas, such as cybersecurity. Other steps toward obtaining funding include vetting products and services that support the expanded requirements and preparing a procurement request with enough documentation, according to BCDR consultant Kirvan.
Ton said organizations should strike a balance between the level of investment in BCDR approaches and the anticipated financial effects of a given disaster scenario. "You don't want to come up with a solution that costs 200 times more than the disaster would have," he said.
Asking business leaders from various corporate disciplines to estimate the expected costs associated with different types of events can help organizations establish a baseline from which they can make informed BCDR investment decisions.
Standards, templates, software and services for BCDR planning
Organizations embarking on a business continuity and disaster recovery planning process have numerous resources to draw upon. Those include standards, tools ranging from templates to software products, and advisory services.
"To build a plan, you have many templates that exist and many best practices and many consultants," ESG's Bertrand said. "There's no reason not to have a strong DR plan."
BCDR standards
Government and private sector standards bodies, including the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO), have published BCDR guidelines. The standards, which cover topics from crisis management to risk assessment, provide frameworks on which businesses can build their BCDR plans.
The following is a sampling of standards:
- ISO 22301:2019 Security and resilience -- Business continuity management systems -- Requirements
- ISO 22313:2012 Societal security -- Business continuity management systems -- Guidance
- ISO 22320:2018 Security and resilience -- Emergency management -- Guidelines for incident management
- ISO/IEC 27031:2011 Information technology -- Security techniques -- Guidelines for information and communication technology readiness for business continuity
- ISO 31000:2018 Risk management -- Guidelines
- ISO Guide 73:2009 Risk management -- Vocabulary
- IEC 31010:2019 Risk management -- Risk assessment techniques
- ISO/TS 22317:2021 Security and resilience -- Business continuity management systems -- Guidelines for business impact analysis
- FINRA Rule 4370. Business Continuity Plans and Emergency Contact Information
- National Fire Protection Association 1600: Standard on Continuity, Emergency, and Crisis Management (new consolidated draft pending)
- NIST Special Publication 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems
- American National Standards Institute/ASIS ORM.1.201 Security and Resilience in Organizations and Their Supply Chains
Business continuity and disaster recovery plan templates
Templates provide preset forms that organizations can fill out to create BCDR planning documents. Some templates cover the BCDR plan as a whole or address particular aspects of the BCDR planning.
This general BCP , for example, includes provisions for natural disasters, fires, network service provider outages and floods or other water damage. A planning template can also assist SMBs, which could simplify the process, depending on organization's size and complexity.
A BCDR plan might call for a service-level agreement (SLA), which sets standards for the quality of an organization's BCDR recovery program. It can also help ensure services obtained through third parties, such as DR hot sites, perform at acceptable levels. Kirvan created a template that addresses SLAs for BCDR programs .
As noted above, conducting a BIA can help organizations with business continuity planning. This BIA report template provides a mechanism for documenting parent processes, subprocesses and the financial and operational effects in the event of an interruption.
Organizations can also benefit from scheduling BCDR activities for the ongoing care and maintenance of business continuity strategy. Activities range from scheduling a BIA to reviewing a technology disaster recovery plan.
BCDR software
Specialized BCDR software provides another tool for organizations ready to build a plan. BCDR products, sometimes referred to as business continuity software or business continuity management software, aim to help organizations build business continuity and disaster recovery plans. They typically cover a range of planning activities, such as BIA and risk assessment, and offer incident response capabilities.
Vendors in the market include Castellan Solutions, Continuity Logic, Dell Technologies, eBRP Solutions Network, Fusion Risk Management and SAI Global.
BCDR planning services
Another option is to outsource the organization's BCDR needs to a third-party firm that can provide risk analysis, plan development and maintenance, and training. It's incumbent upon the business to analyze its needs before selecting a BCDR firm, nailing down such information as what it wants to outsource, what services it expects of the vendor, the risks of an outsourcing agreement and how much it plans to spend.
Potential sources of planning support include accounting firms, which can perform BIAs as part of the business continuity planning process. Accounting firms should typically be able to help clients determine the cost of workload outages, but buyers should ideally select a firm with experience in business continuity or IT resource planning, according to technology writer and former CIO Brien Posey. Consulting firms can also help with BCDR planning, Posey added.
Managed service providers (MSPs) often serve as virtual CIOs for their SMB customers. In that role, MSPs can help with planning. Because their business is to manage a customer's IT assets, they are able to develop a plan for dealing with technology outages.
Supporting technologies and strategies
The technology options for executing the DR portion of a BCDR plan have expanded in recent years due to the advent of cloud computing. Traditionally, organizations built or hired out an off-site facility to handle their disaster recovery needs. Such disaster recovery sites require a duplication of in-house production systems, so they could prove out of the financial reach of many SMBs. However, cloud-based offerings such as disaster recovery as a service have made DR more accessible for smaller organizations.
Other resilience offerings include emergency notification systems, cybersecurity systems and incident response systems, which might be included in business continuity management products. Organizations might also tap work area recovery vendors that provide alternative work locations for employees.
BCDR management
The team that builds, manages and -- in the event of a disaster -- executes a BCDR plan should be cross-functional, drawing upon multiple stakeholders and pockets of expertise across the organization.
The team's leadership varies somewhat by organization. In a large enterprise, for example, the risk management officer often chairs the BCDR team with a representative from the IT department as a vice chair, InterVision's Ton said. Smaller organizations lacking a risk management department might appoint the CFO to lead the team, he noted. And, in some cases, the IT department head might direct the BCDR team.
Other members of the team typically include representatives from the organization's key business functions: finance and accounting, facilities, legal -- including in-house and outside counsel -- marketing and public relations, for example.
The task of pulling multiple stakeholders together to develop a BCDR plan -- and conducting the necessary impact and risk analyses -- can prove challenging. Project management thus becomes an important consideration. Organizations should think about appointing a project manager to shepherd the process of building a BCDR plan, Ton noted.
The BCDR team should also take on the task of ongoing business continuity management, making sure plans are up to date. Business initiatives and data center technologies change frequently, so BCDR plans will need regular maintenance to stay on point. As a first step, an organization should assess if the current plan can be updated or whether an entirely new plan is in order, according to George Crump, president of Storage Switzerland, an IT analyst firm. Organizations should conduct BCDR testing to determine the extent to which a plan needs to be overhauled.
In addition to testing, a BCDR team might also want to consider a business continuity plan audit , which assesses the effectiveness of a plan. The audit should detail the risks that could threaten the plan's success and test the controls currently in place to determine whether those risks are acceptable to the organization. An IT General Controls audit can also be used to assess risks to the infrastructure and identify areas for improvement, according to BCDR consultant Kirvan.
The various roles and responsibilities of BCDR team members, from planning to testing, can be detailed in an organization's business continuity policy . Such a policy might also encompass external personnel, such as vendors and customers.
Another aspect of BCDR team building is getting individuals up to speed on BCDR best practices. To that end, BCDR team members can avail themselves of business continuity training and certification programs.
The Business Continuity Institute, a global professional organization, offers its Certificate of the Business Continuity Institute, which covers business continuity management process and practices. The institute also offers a Business Continuity Management BCI Diploma for individuals looking for additional insight into business continuity management.
The BCM Institute, meanwhile, offers its Business Continuity Certified Planner (BCCP) accreditation. The BCCP certification aims to recognize a business continuity professional's understanding of core business continuity management concepts.
Other organizations granting professional business continuity certifications include DRI International, the National Institute for Business Continuity Management and the International Consortium for Organizational Resilience. Such certification bodies usually work with an internal or external training group that prepares students to sit for exams, Kirvan noted.
Conferences also provide an opportunity to educate BCDR team members. Ton cited DRI and Disaster Recovery Journal events as helpful for people looking to learn more about business continuity.
BCDR pitfalls: Mind the gap
Change is perhaps a BCDR plan's key nemesis. As the pace of technology change accelerates, organizations are left updating IT equipment -- from storage and servers to networks and their associated devices. Some IT assets are moving to the cloud. A 5-year-old BCDR plan is unlikely to reflect -- and prove adequate to protect -- the current IT estate.
An organization's change management process can help address this issue. Change management oversees adjustments to systems, networks, infrastructure and documents. It addresses similar situations as BCDR planning and testing, so an organization might decide to include business continuity and disaster recovery in the change management process.
The change management process contains six major activities, according to Kirvan:
- identify a potential change;
- analyze the change request;
- evaluate the change;
- plan the change;
- implement the change; and
- review and close out the change process.
An organization, of course, is also subject to change. Organizations make acquisitions, divest non-core operations and create new lines of business, for example. An effective BCDR plan must be periodically updated to account for those developments. Regularly scheduled BCDR testing can expose gaps in the plan where it has failed to account for technology or business changes.
Perceptual gaps can also undercut BCDR plans. ESG's Bertrand said many organizations adopting SaaS offerings have a false sense of security regarding data protection. A third of the respondents to an ESG survey said SaaS apps, such as Microsoft 365 and Salesforce, don't need to be backed up. Bertrand said that's simply not the case. He cited the example of recovering email an organization's users have sent to the trash bin. He said Office 365, depending on the customer's subscription level, retains deleted email for a limited time.
"SaaS application resilience is being conflated with SaaS data availability," Bertrand said. "SaaS-based applications are not being properly protected today."
Organizations using such cloud-based applications should become acquainted with their vendors' data protection and recovery SLAs and make sure BCDR plans cover SaaS applications and their availability requirements. Bertrand said the percentage of people who are aware of SaaS vendors' SLAs is improving, but not everyone is up to speed. He said 58% of ESG survey respondents said they were familiar with SaaS vendors' data protection and recovery provisions.
An organization can use a BCDR checklist -- or a series of checklists -- covering plans, policies and recovery strategies to root out potential problems and flag BCDR weak points. BCDR teams should also stay abreast of the changing threat landscape to make sure their plans reflect emerging threats. Business continuity risks that organizations should monitor range from evolving cybersecurity attacks to active shooter incidents.
The future of BCDR
BCDR planning and execution will continue to evolve with the changing nature of threats. Below are a few developments to consider.
The confluence of cybersecurity and business continuity. The role of cyber attacks, such as ransomware, in disrupting business operations appears set to continue -- if not accelerate. Cybersecurity and business continuity are typically separate and distinct functions in an organization. Kirvan, speaking on the future of business continuity, said he believes those disciplines "ought to be under the same roof."
Going back to the future with tape storage. Backup files might be encrypted in a ransomware attack. Organizations, however, can isolate the files they need for recovery from the corporate network, creating an air gap. That's where time-testing tape storage comes into play. Bertrand said tape storage is reemerging as a way for organizations to preserve a "gold copy" of their data, offline and off site. "It's coming back," he said of the backup method.
AI's influence on BCDR planning. AI and its cognitive functions might help BCDR teams make decisions on organizing their plans and might also play a role in conducting BIAs and risk assessments, according to Kirvan. AI could also support incident response, recommending actions based on the details of unfolding disaster scenarios.
Service providers play a bigger BCDR role. A large percentage of MSPs are involved in backup and disaster recovery. The MSP sector is likely to emerge as a one-stop shop for business continuity services, particularly for SMBs lacking internal expertise. MSPs, in their trusted advisor role, can advise clients on BCDR planning and make technology recommendations. Some provide their own disaster recovery as a service, while others partner with vendors that provide that tool.
Continue Reading About What is BCDR? Business continuity and disaster recovery guide
- Build a BCDR employee training program for peak resilience
- 12 skills business continuity managers need to succeed
- IT resilience management, planning top of mind for DR pros
- Business continuity interview questions for aspiring managers
- Make a power outage business continuity plan with these tips
Dig Deeper on Disaster recovery planning and management
Where do business continuity plans fit in a ransomware attack?
Why a HIPAA disaster recovery plan is critical
Where does security fit into a business continuity plan?
Free disaster recovery budget template to justify BCDR spending
Asigra's forthcoming SaaSBackup platform lets Asigra data protection technology protect SaaS backups. MSPs will be able to sell ...
A new SaaS backup specialist emerges from stealth to protect data in apps such as Trello, GitHub and GitLab, which CEO Rob ...
A growing number of enterprise Kubernetes users presents an opportunity for CloudCasa, currently a division of Catalogic, with ...
Pure Storage expanded its storage offerings with FlashBlade//E designed for the unstructured data market with an acquisition cost...
Data governance manages the availability, usability, integrity and security of data. Follow these best practices for governance ...
Vast Data Universal Storage brought out data services, including set performance, metadata cataloging, better security, container...
An incident response program ensures security events are addressed quickly and effectively as soon as they occur. These best ...
The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware ...
While ransomware incidents appear to be decreasing, several high-profile organizations, including Dole, Dish Network and the U.S....
Policymakers want federal data privacy legislation limiting businesses' ability to collect data on individuals and banning ...
Public, private, hybrid or consortium, each blockchain network has distinct pluses and minuses that largely drive its ideal uses ...
Get the lowdown on the major features, differentiators, strengths and weaknesses of the blockchain platforms getting the most ...
Business Continuity vs. Disaster Recovery: 5 Key Differences
Fill out the form below and we’ll email you more information about UCF’s online Leadership and Management programs.
- Name * First Last
- Degree * Career and Technical Education, BS Career and Workforce Education, MA College Teaching and Leadership Corrections Leadership Destination Marketing and Management Educational Leadership, MA Emergency and Crisis Management, MECM Engineering Management, MS Event Management Health Informatics and Information Management, BS Health Services Administration, BS Hospitality Management, BS Industrial Engineering, MSIE Local Director of Career & Technical Education Lodging and Restaurant Management, BS Master of Public Administration, MPA Nonprofit Management Nonprofit Management, MNM Police Leadership Project Engineering Public Administration Senior Living Management, BS
- Name This field is for validation purposes and should be left unchanged.
Privacy Notice
Many professionals operate under the assumption that their workplace will remain largely unchanged from one day to the next, finding comfort in rhythms and routines. Sometimes, however, events disrupt business as usual. A critical aspect of leadership is preparing for those interruptions, creating strategies and plans that can keep core business functions intact even under duress.
Two specific fields address potential business interruptions: business continuity and disaster recovery. These disciplines minimize the impact that a catastrophic event might have on a business’s ability to reliably deliver its products and services.
While both fields are important, and even similar in some aspects, they are not synonymous. There are important differences in business continuity vs. disaster recovery, and those in leadership or emergency preparedness roles can benefit from understanding the core distinctions.
One way to develop a clear understanding of business continuity vs. disaster recovery is through studying emergency management. An online program in this field can offer professionals the skills needed to successfully lead companies through different kinds of crises.
Why Business Continuity and Disaster Recovery Matter
Business continuity outlines exactly how a business will proceed during and following a disaster. It may provide contingency plans, outlining how the business will continue to operate even if it has to move to an alternate location. Business continuity planning may also take into account smaller interruptions or minor disasters, such as extended power outages.
Disaster recovery refers to the plans a business puts into place for responding to a catastrophic event, such as a natural disaster, fire, act of terror, active shooter or cybercrime. Disaster recovery involves the measures a business takes to respond to an event and return to safe, normal operation as quickly as possible.
The Importance of Advanced Planning
When businesses face disasters and don’t have the proper plans in place, the effects can be catastrophic. The most obvious effect is financial loss; the longer a business goes without delivering its products and services, the greater its financial losses. Eventually, these losses may force a business to make tough decisions, such as cutting employees. But there can also be technological consequences, including the loss of important or sensitive data.
Having business continuity and disaster recovery plans in place can help companies minimize the consequences of a catastrophic event. They can also provide peace of mind; employees and business owners alike may feel more comfortable in a work setting where there are clear policies for how to respond to disasters.
In many companies, crisis management professionals are responsible for developing and implementing these plans, evaluating and revising them as needed, and training employees to ensure they know how to follow the specified strategies.
Similarities Between Business Continuity and Disaster Recovery
Business continuity planning and disaster recovery planning often seem interdependent. While the two concepts are not the same, they overlap in some areas and work best when developed in tandem.
- Both are proactive strategies that help a business prepare for sudden, cataclysmic events. Instead of reacting to a disaster, both disciplines take a preemptive approach, seeking to minimize the effects of a catastrophe before it occurs.
- Businesses can use both to prepare for a range of ecological and human-made disasters. Business continuity and disaster recovery are instrumental to preparing for pandemics, natural disasters, wildfires and even cyberattacks.
- Both require regular review, and they may sometimes require revision to ensure they match the company’s evolving goals. An emergency management leader will continually test and modify these plans as needed.
Differences Between Business Continuity and Disaster Recovery
A closer look at business continuity vs. disaster recovery reveals some key distinctions. Ultimately, these differences highlight the fact that businesses need to have plans of both kinds in place to be sufficiently prepared for disaster.
- Business continuity focuses on keeping business operational during a disaster, while disaster recovery focuses on restoring data access and IT infrastructure after a disaster. In other words, the former is concerned with keeping the shop open even in unusual or unfavorable circumstances, while the latter focuses on returning it to normal as expediently as possible.
- Unlike business continuity plans, disaster recovery strategies may involve creating additional employee safety measures, such as conducting fire drills or purchasing emergency supplies. Combining the two allows a business to place equal focus on maintaining operations and ensuring that employees are safe.
- Business continuity and disaster recovery have different goals. Effective business continuity plans limit operational downtime, whereas effective disaster recovery plans limit abnormal or inefficient system function. Only by combining the two plans can businesses comprehensively prepare for disastrous events.
- A business continuity strategy can ensure communication methods such as phones and network servers continue operating in the midst of a crisis. Meanwhile, a disaster recovery strategy helps to ensure an organization’s ability to return to full functionality after a disaster occurs. To put it differently, business continuity focuses on keeping the lights on and the business open in some capacity, while disaster recovery focuses on getting operations back to normal.
- Some businesses may incorporate disaster recovery strategies as part of their overall business continuity plans. Disaster recovery is one step in the broader process of safeguarding a company against all contingencies.
Leadership in Times of Crisis
Crisis management is an important skill for all business leaders. In fact, crisis management draws upon many of the other skills necessary for business success. Analytical and problem-solving skills as well as flexibility in decision making are essential for assessing potential threats and determining how to proactively address them. Communication skills, both verbal and written, are necessary for articulating a plan and training employees on how they should act in response to a crisis.
“Leadership in managing crises can minimize the damage imposed by an incident while lack of effective leadership worsens the impact,” says Naim Kapucu, Pegasus Professor and director of the School of Public Administration at the University of Central Florida (UCF) . “Organizations should have leaders with crisis management competencies to effectively manage disasters and crises based on the contingencies and environmental and organizational factors.”
Crisis management skills matter because any company can experience a catastrophe that limits its ability to function as normal, and often it will have little time to pivot and adapt. “Crises are not a good time to reorganize adequately operating organizational systems, much less try to implement wholesale organizational changes or reforms,” says Kapucu. Having a plan in place, ready to be executed, can make all the difference. The COVID-19 pandemic has brought into stark relief the uncertainty that businesses face and the extreme disruptions that can take place.
Programs such as the University of Central Florida’s online Master of Emergency and Crisis Management can help leaders fortify the knowledge, competencies, and skills they need to help their enterprises weather these times of crisis.
Crisis Management Careers
Crisis management is a key part of several careers. Each of the following positions offers a different level of leadership through tumultuous times.
Emergency Management Director
Emergency management directors develop and execute the plans that businesses follow to respond to natural disasters and other emergencies. Strong analytical, problem-solving, delegation and communication skills are essential. According to the U.S. Bureau of Labor Statistics, the annual median salary for emergency management directors in 2019 was $74,590.
Disaster Program Manager
Disaster program managers may coordinate shelters, manage triage centers or organize other services in the wake of a disaster. These professionals must be skilled in remaining calm under extreme pressure; empathy and understanding are also important. The annual median salary for this role was around $48,000, according to May 2020 PayScale data.
Geographic Systems Information Coordinator
Geographic systems information coordinators use a wide range of data sources, such as land surveys, to help anticipate and prepare for different disasters. Technical skills and data analysis competencies are vital for success in this role. PayScale reports that the annual median salary for these coordinators was around $58,000 as of May 2020.
Emergency Preparedness Manager
Emergency preparedness managers are typically responsible for making sure employees and customers are safe. They may report directly to the emergency preparedness director, whose role is more comprehensive. The annual median salary of emergency preparedness managers was around $69,000 as of May 2020, according to PayScale.
Developing a Career in Emergency Management
Business continuity and disaster recovery plans help businesses prepare for worst-case scenarios; they provide peace of mind, a sense of stability and key safeguards against major loss and disruption. The University of Central Florida’s online Master of Emergency and Crisis Management (MECM) degree program helps professionals prepare for this important work.
The MECM curriculum exposes students to key emergency management skills, including developing, testing and communicating plans. It emphasizes the financial, ethical, political and practical dimensions of disaster response. Find out more about the MECM degree program today and embark on a new career on the front lines of crisis management.
Online Leadership and Management Degrees at UCF
- Career and Technical Education, BS
- Career and Workforce Education, MA
- College Teaching and Leadership
- Corrections Leadership
- Destination Marketing and Management
- Educational Leadership, MA
- Emergency and Crisis Management, MECM
- Engineering Management, MS
- Event Management
- Health Informatics and Information Management, BS
- Health Services Administration, BS
- Hospitality Management, BS
- Industrial Engineering, MSIE
- Local Director of Career & Technical Education
- Lodging and Restaurant Management, BS
- Master of Public Administration, MPA
- Nonprofit Management
- Nonprofit Management, MNM
- Police Leadership
- Project Engineering
- Public Administration
- Senior Living Management, BS
You May Also Enjoy
- Partner Portal
- Customer Support
- Partner Login
- Customer Login
BCDR: How Business Continuity and Disaster Recovery Can Improve Business Resilience
In today’s ever-evolving business landscape where there’s zero tolerance for downtime, a simple human error, a cyberattack or natural disaster could bring your business to a standstill. Having a comprehensive business continuity and disaster recovery (BCDR) response plan is key to business resilience and for the survival of your organization.
What Is BCDR?
Techopedia defines BCDR as a set of processes and techniques used to help an organization recover from a disaster and continue or resume routine business operations. It is a broad term that combines the roles and functions of IT and business in the aftermath of a disaster.
BCDR enables organizations to adapt to and bounce back from disruptions while maintaining continuous business operations.
What Is the Difference Between Business Continuity and Disaster Recovery?
The term “business continuity and disaster recovery” is a fusion of two components — business continuity and disaster recovery. BC and DR plans are designed to bring things back to normal in the event of a disaster or a catastrophe. Although they complement each other, they are not the same and their functions are different. While a business continuity plan is a company-wide strategic planning, disaster recovery is mainly IT-focused.
Business continuity: According to the Disaster Recovery Journal (DRJ) and Business Continuity Institute (BCI) , business continuity is “the strategic and tactical capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level.”
A business continuity plan focuses on how an organization maintains critical business operations during and after a disaster. This plan includes every aspect of an organization: its employees, communication channel, office building, IT infrastructure, business partners, etc. It comprises specific actions and pre-determined responsibilities that must be taken when disaster strikes.
Disaster recovery: DR is part of a business continuity plan. The DRJ and BCI define disaster recovery as “the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure, systems and applications, which are vital to an organization after a disaster or outage.”
A disaster recovery plan concerns with restoration of important IT applications and data after a catastrophe. DR focuses on minimizing downtime as well as the impact of a disaster by ensuring vital support systems are up and running as quickly as possible with minimal loss of data.
How Are Business Continuity and Disaster Recovery Connected?
Business continuity and disaster recovery are essential aspects of an organization’s overall risk management strategy. Having a business continuity strategy without a disaster recovery plan would be ineffective, and disaster recovery alone does not ensure business continuity. Both BC and DR plans need to work together to mitigate the business impact of a potential disaster.
A good business continuity plan ensures that business-critical functions are unhindered when disaster strikes and requires a disaster recovery plan that ensures all IT systems, software and applications are accessible and recoverable. Both business continuity and disaster recovery are equally important since they provide specific procedures and strategies on how a business will resume after a crisis.
What Is a BCDR Plan?
A business continuity and disaster recovery plan is a combination of strategies, policies and procedures about how an organization should respond to or adapt to potential threats or unforeseen disruptive events while minimizing the negative impacts. A BCDR plan should account for a variety of scenarios — from accidental deletions and hardware failure to malware attacks and natural disasters. It helps ensure that routine tasks continue smoothly with minimal or no downtime, or data loss following a disaster.
A BCDR plan encompasses what steps should be taken to ensure vital business processes are uninterrupted and how to quickly restore IT systems and data to resume business after a disruptive event.
Goals of BCDR Planning
The fundamental goal of BCDR planning is not only to provide data recovery but also to minimize the effects of a crisis on business operations and enable an organization to get back to normal quickly in the aftermath of a disaster.
Listed below are five goals that you can use to fortify your BCDR plans.
- Assess the state of business: Assessing the current state of an organization can help identify the threats and set priorities for remediation efforts. The plan should be updated routinely to account for changes to things such as personnel or systems.
- Find weaknesses and provide solutions: The risks should be constantly evaluated to identify any gap that could potentially disrupt business operations and jeopardize BCDR strategies. It is important to acknowledge risks and address gaps uncovered during routine assessment of the BCDR plan.
- Review and test the plan: Review the BCDR plan on at least a yearly basis to ensure it remains up to date and covers all aspects of the business for rapid recovery. There are several ways to test your plan, from tabletop simulations to full cut-over. Depending on your environment and the resources available, you may use one or several testing methods throughout the course of your evaluation.
- Identify location for data storage: Identifying where critical business data and assets are being stored is one of the crucial objectives of BCDR planning. This will help disaster recovery personnel to start the recovery process even if the designated IT professionals are unavailable.
- Know the disaster recovery teams: Knowing recovery personnel, their roles and how they can be reached during an emergency is another important goal of a BCDR plan. Communicate roles and responsibilities to all key stakeholders and keep this documentation accessible to employees and updated regularly.
Why Is It Important for an Organization to Have a BCDR Plan?
A business continuity and disaster recovery plan helps organizations prepare for potentially disruptive events. It enhances an organization’s ability to continue business operations with little or no disruption and minimizes the risk in the event of a natural or man-made disaster.
Organizations without a BCDR plan cannot survive or recover from a major disaster. In fact, the effects of large-scale disasters can shut down operations. More than 90 percent of companies without a DR plan that suffer a major disaster are out of business within 12 months. A BCDR plan is like an insurance policy for an organization. BCDR programs help an organization to reduce overall risk, get back up and running after an outage or disruption, mitigate the risk of data loss and protect against reputational damage.
Improve Your Business Resilience with Unitrends
For companies, being able to effectively tackle any disaster can have a positive impact on customers and partners. However, developing a comprehensive BCDR strategy can be a challenge due to its complex nature or lack of in-house expertise. Unitrends can help your organization achieve resiliency and prepare for unforeseen disruptive events.
Unitrends increases uptime, productivity and confidence, enabling you to do more with less. Our all-in-one backup appliances simplify data protection, application spin-up and SLA policy, and integrate seamlessly with the cloud, thereby delivering long-term retention and fast disaster recovery.
To learn how you can minimize downtime and maximize productivity, register for a demo today.
About Unitrends
Unitrends increases uptime, productivity and confidence in a world in which IT professionals must do more with less. Unitrends leverages high-availability hardware and software engineering, cloud economics, enterprise power with consumer-grade design, and customer-obsessed support to natively provide all-in-one enterprise backup and continuity. The result is a “one throat to choke” set of offerings that allow customers to focus on their business rather than backup.
Related Posts
Backup strategy: what it is and how to create one.
Posted by Adam Marget on 09/27/22
In today’s threat-laden environment, having a solid data backup strategy is an absolute...
Achieving a Geo-Redundant Backup Strategy With Unitrends
Posted by Adam Marget on 10/11/22
The evolution of cyberattacks poses new and unique challenges for organizations of all...
Unitrends Awarded 8 Badges for Server Backup and DRaaS in G2’s Fall 2022 Reports
Posted by Adam Marget on 10/14/22
G2, a world-leading business solutions review platform, has awarded Unitrends Backup and Recovery...
Home > Learning Center > EdgeSec > Business continuity planning (BCP)
Article's content
Business continuity planning (bcp), what is business continuity.
In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures.
The core of this concept is the business continuity plan — a defined strategy that includes every facet of your organization and details procedures for maintaining business availability.
Start with a business continuity plan
Business continuity management starts with planning how to maintain your critical functions (e.g., IT, sales and support) during and after a disruption.
A business continuity plan (BCP) should comprise the following element
1. Threat Analysis
The identification of potential disruptions, along with potential damage they can cause to affected resources. Examples include:
2. Role assignment
Every organization needs a well-defined chain of command and substitute plan to deal with absence of staff in a crisis scenario. Employees must be cross-trained on their responsibilities so as to be able to fill in for one another.
Internal departments (e.g., marketing, IT, human resources) should be broken down into teams based on their skills and responsibilities. Team leaders can then assign roles and duties to individuals according to your organization’s threat analysis.
3. Communications
A communications strategy details how information is disseminated immediately following and during a disruptive event, as well as after it has been resolved.
Your strategy should include:
- Methods of communication (e.g., phone, email, text messages)
- Established points of contact (e.g., managers, team leaders, human resources) responsible for communicating with employees
- Means of contacting employee family members, media, government regulators, etc.
From electrical power to communications and data, every critical business component must have an adequate backup plan that includes:
- Data backups to be stored in different locations. This prevents the destruction of both the original and backup copies at the same time. If necessary, offline copies should be kept as well.
- Backup power sources, such as generators and inverters that are provisioned to deal with power outages.
- Backup communications (e.g., mobile phones and text messaging to replace land lines) and backup services (e.g., cloud email services to replace on-premise servers).
Load balancing business continuity
Load balancing maintains business continuity by distributing incoming requests across multiple backend servers in your data center. This provides redundancy in the event of a server failure, ensuring continuous application uptime.
In contrast to the reactive measures used in failover and disaster recovery (described below) load balancing is a preventative measure. Health monitoring tracks server availability, ensuring accurate load distribution at all times—including during disruptive events.
Disaster recovery plan (DCP) – Your second line of defense
Even the most carefully thought out business continuity plan is never completely foolproof. Despite your best efforts, some disasters simply cannot be mitigated. A disaster recovery plan (DCP) is a second line of defense that enables you to bounce back from the worst disruptions with minimal damage.
As the name implies, a disaster recovery plan deals with the restoration of operations after a major disruption. It’s defined by two factors: RTO and RPO .
- Recovery time objective (RTO) – The acceptable downtime for critical functions and components, i.e., the maximum time it should take to restore services. A different RTO should be assigned to each of your business components according to their importance (e.g., ten minutes for network servers, an hour for phone systems).
- Recovery point objective (RPO) – The point to which your state of operations must be restored following a disruption. In relation to backup data, this is the oldest age and level of staleness it can have. For example, network servers updated hourly should have a maximum RPO of 59 minutes to avoid data loss.
Deciding on specific RTOs and RPOs helps clearly show the technical solutions needed to achieve your recovery goals. In most cases the decision is going to boil down to choosing the right failover solution.
See how Imperva Load Balancer can help you with business continuity planning.
Choosing the right failover solutions
Failover is the switching between primary and backup systems in the event of failure, outage or downtime. It’s the key component of your disaster recovery and business continuity plans.
A failover system should address both RTO and RPO goals by keeping backup infrastructure and data at the ready. Ideally, your failover solution should seamlessly kick in to insulate end users from any service degradation.
When choosing a solution, the two most important aspects to consider are its technological prowess and its service level agreement (SLA). The latter is often a reflection of the former.
For an IT organization charged with the business continuity of a website or web application, there are three failover options:
- Hardware solutions – A separate set of servers, set up and maintained internally, are kept on-premise to come online in the event of failure. However, note that keeping such servers at the same location makes them potentially susceptible to being taken down by the same disaster/disturbance.
- DNS services – DNS services are often used in conjunction with hardware solutions to redirect traffic to a backup server(s) at an external data center. A downside of this setup includes TTL-related delays that can prevent seamless disaster recovery. Additionally, managing both DNS and internal data center hardware failover solutions is time consuming and complicated.
- On-edge services – On-edge failover is a managed solution operating from off-prem (e.g., from the CDN layer). Such solutions are more affordable and, most importantly, have no TTL reliance, resulting in near-instant failover that allows you to meet the most aggressive RTO goals.
Latest Articles
- Regulation & Compliance
519.5k Views
155.2k Views
115.1k Views
92.3k Views
91.8k Views
91.7k Views
86.6k Views
The State of Security Within eCommerce in 2022
Learn how automated threats and API attacks on retailers are increasing
Prevoty is now part of the Imperva Runtime Protection
Protection against zero-day attacks
No tuning, highly-accurate out-of-the-box
Effective against OWASP top 10 vulnerabilities
An Imperva security specialist will contact you shortly.
Top 3 US Retailer
Cloudian Products
The object storage buyer’s guide.
Technical/financial benefits; how to evaluate for your environment.
HyperIQ Observability & Analytics
Watch 2-min Intro
Evaluator Group Webinar
Skills Shortage? Ease the Storage Management Burden. Watch On-Demand
Scaling Object Storage with Adaptive Data Management
Get White Paper
Solutions
Industries , 2021 enterprise ransomware victims report.
Don’t Be a Victim
Scalable S3-Compatible Storage, On-Prem with AWS Outposts
Trending topic: on-prem s3 for data analytics.
Watch Webinar
Ransomware 2021: A Conversation with Veeam CISO Gil Vega
Hear His Thoughts
How a Private Cloud Addresses the Kubernetes Storage Challenge
Free White Paper
Data Security & Compliance: 3 ?s Every CIO Should Ask
Ask the Right ??s
5 Things Every MSP Should Know About Sovereign Cloud
Get Free eBook
TCO Report: NAS File Tiering
Learn how object storage can dramatically reduce Tier 1 storage costs
Get TCO Analysis
Satellite Application Catapult Deploys Cloudian for Scalable Storage
Replaces conventional NAS, saves 75%
Read Their Story
On-Demand Webinar
Veeam & Cloudian: Office 365 Backup – It’s Essential
Blog: How to Grow Your Storage and Not Your CAPEX Spend
Pay as you grow, starting at 1.3 cents/GB/month
Read the Blog
Why the FBI Can’t Stop Cybercrime and How You Can
Register Now
8 Reasons to Choose Cloudian for State & Local Government Data
Get 8 Reasons
Cloudian HyperStore SEC17a-4 Cohasset Assessment Report
Read the Assessment
Hybrid Cloud for Manufacturers
Tape: does it measure up, customer testimonial: university of leicester.
Hear from Mark
Public Health England: Resilient IT Infrastructure for an Uncertain Time
Watch On-Demand
How to Accelerate Genomics Data Analysis Pipelines by 10X
Hear from Weka
How MSPs Can Build Profitable Revenue Streams with Storage Services
Get IDC’s Take
Technology Partners
Get scalable storage on-prem for aws outposts.
Hear from AWS
Lock Ransomware Out with Commvault & Cloudian
Cribl stream with cloudian hyperstore s3 data lake, why object storage is best for advanced analytics apps in greenplum.
Explore Solution
Customer Video: NTT Communications
Hear from NTT
How to Store Kasten Backups to Cloudian
Klik.solutions delivers world-class backup-as-a-service with lenovo & cloudian.
Why They Chose Us
Modernize SQL Server with S3 Data Lake
Find Out How
How to Run Cloudian on OpenShift as a Container
Immutable object storage for european smbs from rnt rausch and cloudian, backup/archive to cloudian with rubrik nas cloud direct, on-premises object storage for snowflake analytics workloads.
Get the Details
Splunk, ClearShark, and Cloudian discuss Federal Industry Storage Trends
Teradata & cloudian: modern data analytics for hybrid and multi-cloud, 1-step to data protection: all you need to know about veeam v12 + cloudian.
Step up to Cloudian
Modernize Your Enterprise Archive Storage with Cloudian and Veritas
Read About It
Unified Analytics Data Lake Platform with Vertica and Cloudian HyperStore
Vmware cloud providers: get started in cloud storage, free..
Get Started
Weka + Cloudian: High-Performance, Exabyte-Scalable Storage for AI/ML
Customers , cloudian enables leading swiss financial institution to retain and analyze more big data.
Read Case Study
Indonesian Financial Services Company Replaces NAS With Cloudian
State of california selects storage-as-a-service offering powered by cloudian, cloudian provides utah state agencies with rubrik-compatible backup target, cuts costs by 75 percent, australian genomic sequencing leader accelerates research with cloudian, swiss education non-profit achieves scale and flexibility of public cloud on-prem with cloudian, indonesia ministry of education deploys cloudian object storage to keep up with data growth, leading german paper company meets growing data backup needs with cloudian, vox media automates archive process to accelerate workflow by 10x, wgbh boston builds a hybrid cloud active archive with cloudian hyperstore, large german retailer consolidates primary and secondary storage to cloudian, how a sovereign cloud provider succeeds in cloud storage services.
View On-Demand
IT Service Provider Drives Business Growth with Cloudian-based Offering
Calcasieu parish sheriff deploys hybrid cloud for digital evidence data, montebello bus lines mobile video surveillance with cloudian object storage, resources , storage guides , ransomware protection buyer’s guide.
Get Free Guide
Company
Cloudian named a gartner peer insights customers’ choice for distributed file systems and object storage.
Read Reviews
Disaster Recovery and Business Continuity Plans
Disaster recovery and business continuity are tightly related. In the 1970s, organizations started preparing Disaster Recovery (DR) plans, which were mainly focused on natural disasters. In the 1980s and onwards, the focus shifted to a more holistic view, named Business Continuity (BC).
While disaster recovery narrowly focused on how to bring systems back online after a disaster, business continuity aimed to develop a proactive process that would keep businesses alive and operating even in the face of a major crisis. Accordingly, a disaster recovery plan is limited to ensuring data protection, preventing damage to systems and recovering them as quickly as possible, while a business continuity plan covers all aspects of the business including business processes, manpower, partners and suppliers.
In this article you learn: • What is a business continuity plan? • 7 chapters of a sample business continuity plan • The difference between a DR and BC plan • A BC plan in action: hour by hour • Ensuring business continuity for your data with Cloudian
What is a Business Continuity Plan?
A business continuity plan details how a business will continue operating and serving its customers, even in the face of a dramatic event like a natural disaster, major IT failure, or a cyberattack. The end goal is to preserve a company’s financial viability, market position, reputation, and customers, even in the face of a crisis.
Business continuity planning covers every aspect of the business including:
- Business processes —how can a process continue working even if critical equipment or supplies were missing?
- Human resources —how can critical staff continue performing their work if, for example, workstations are destroyed or there is no Internet connection?
- Business partners and suppliers —how can suppliers continue their work with the company if, for example, lines of communication or road transport is unavailable?
A business continuity plan must consider important questions and provide good answers. What single points of failure exist in the organization? What are the critical dependencies on equipment, in-house staff, suppliers or other third parties? What workarounds exist for disruption of any of these? Which organizational processes, staff, skills and technology are needed to maintain business operations and fully recover from a disaster?
7 Chapters of a Business Continuity Plan
A typical business continuity plan contains the following sections:
- Goals of the plan —should quantify which parts of the business are considered critical and how smoothly they should be able to operate during a crisis
- Budget —resources allocated to business continuity planning and preparation
- Personnel —who is responsible for maintaining the business continuity program and executing practical steps during a crisis. Which other stakeholders exist—senior management, legal, PR, customers, partners, etc—and how they should be involved or notified.
- Business Impact Analysis —a holistic review of critical business processes, their weak points and how they are likely to be affected by different types of disasters.
- Proactive strategies —processes that should be carried out on a regular basis to prevent or more easily overcome disasters.
- This chapter includes an IT disaster recovery plan.
- Long-term reactive strategies —what the organization should do on “day two”, after the disaster has ended, to fully recover and rebuild systems to their original state.
Business Continuity vs. Disaster Recovery Plan
The terms business continuity plan and disaster recovery plan are sometimes used interchangeably. However, as we illustrated in our plan structure above, a disaster recovery plan is an important section within a business continuity plan. See our article about IT disaster recovery plans.
The table below illustrates how a business continuity plan differs from an IT disaster recovery plan—it touches on the same aspects but from a holistic business perspective.
Business Continuity Plan in Action: Hour by Hour
Once you have a business continuity plan, here is what a crisis could look like, hour by hour, as the plan unfolds. The activities below are just examples, and of course, will vary depending on the crisis and the nature of the business.
Ensuring Business Continuity for Your Data with Cloudian
Cloudian offers low-cost disk-based storage that lets you store up to 1.5 Petabytes of backups. The Cloudian appliance can be deployed in your local data center, or in a remote DR site. We provide integrated data management tools that let you store data seamlessly to a remote appliance.
Cloudian also supports a hybrid cloud setup. The Cloudian appliance can replicate your data to a cloud storage service such as Amazon S3, Azure Blob Storage or Google Cloud Storage. This allows you to backup data frequently and enjoy fast local access while keeping a copy of data on the cloud in case the on-premise data center goes down.
Learn more about Cloudian’s data protection solutions.
Get Started With Cloudian Today
Request a Demo
Join a 30 minute demo with a Cloudian expert.
Download a Free Trial
Try Cloudian in your shop. Run on any VM, even your laptop.
Receive a Cloudian quote and see how much you can save.
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Business Continuity Plan
Business Continuity Planning Process Diagram - Text Version
When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential. Development of a business continuity plan includes four steps:
- Conduct a business impact analysis to identify time-sensitive or critical business functions and processes and the resources that support them.
- Identify, document, and implement to recover critical business functions and processes.
- Organize a business continuity team and compile a business continuity plan to manage a business disruption.
- Conduct training for the business continuity team and testing and exercises to evaluate recovery strategies and the plan.
Information technology (IT) includes many components such as networks, servers, desktop and laptop computers and wireless devices. The ability to run both office productivity and enterprise software is critical. Therefore, recovery strategies for information technology should be developed so technology can be restored in time to meet the needs of the business. Manual workarounds should be part of the IT plan so business can continue while computer systems are being restored.
Resources for Business Continuity Planning
- Standard on Disaster/Emergency Management and Business Continuity Programs - National Fire Protection Association (NFPA) 1600
- Professional Practices for Business Continuity Professionals - DRI International (non-profit business continuity education and certification body)
- Continuity Guidance Circular - Federal Emergency Management Agency
- Open for Business® Toolkit - Institute for Business & Home Safety
Business Continuity Impact Analysis
Business continuity impact analysis identifies the effects resulting from disruption of business functions and processes. It also uses information to make decisions about recovery priorities and strategies.
The Operational & Financial Impacts worksheet can be used to capture this information as discussed in Business Impact Analysis . The worksheet should be completed by business function and process managers with sufficient knowledge of the business. Once all worksheets are completed, the worksheets can be tabulated to summarize:
- the operational and financial impacts resulting from the loss of individual business functions and process
- the point in time when loss of a function or process would result in the identified business impacts
Those functions or processes with the highest potential operational and financial impacts become priorities for restoration. The point in time when a function or process must be recovered, before unacceptable consequences could occur, is often referred to as the “Recovery Time Objective.”
Resource Required to Support Recovery Strategies
Recovery of a critical or time-sensitive process requires resources. The Business Continuity Resource Requirements worksheet should be completed by business function and process managers. Completed worksheets are used to determine the resource requirements for recovery strategies.
Following an incident that disrupts business operations, resources will be needed to carry out recovery strategies and to restore normal business operations. Resources can come from within the business or be provided by third parties. Resources include:
- Office space, furniture and equipment
- Technology (computers, peripherals, communication equipment, software and data)
- Vital records (electronic and hard copy)
- Production facilities, machinery and equipment
- Inventory including raw materials, finished goods and goods in production.
- Utilities (power, natural gas, water, sewer, telephone, internet, wireless)
- Third party services
Since all resources cannot be replaced immediately following a loss, managers should estimate the resources that will be needed in the hours, days and weeks following an incident.
Conducting the Business Continuity Impact Analysis
The worksheets Operational and Financial Impacts and Business Continuity Resource Requirements should be distributed to business process managers along with instructions about the process and how the information will be used. After all managers have completed their worksheets, information should be reviewed. Gaps or inconsistencies should be identified. Meetings with individual managers should be held to clarify information and obtain missing information.
After all worksheets have been completed and validated, the priorities for restoration of business processes should be identified. Primary and dependent resource requirements should also be identified. This information will be used to develop recovery strategies.
Recovery Strategies
If a facility is damaged, production machinery breaks down, a supplier fails to deliver or information technology is disrupted, business is impacted and the financial losses can begin to grow. Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are prioritized by the recovery time objectives (RTO) developed during the business impact analysis .
Recovery strategies require resources including people, facilities, equipment, materials and information technology. An analysis of the resources required to execute recovery strategies should be conducted to identify gaps. For example, if a machine fails but other machines are readily available to make up lost production, then there is no resource gap. However, if all machines are lost due to a flood, and insufficient undamaged inventory is available to meet customer demand until production is restored, production might be made up by machines at another facility—whether owned or contracted.
Strategies may involve contracting with third parties, entering into partnership or reciprocal agreements or displacing other activities within the company. Staff with in-depth knowledge of business functions and processes are in the best position to determine what will work. Possible alternatives should be explored and presented to management for approval and to decide how much to spend.
Depending upon the size of the company and resources available, there may be many recovery strategies that can be explored.
Utilization of other owned or controlled facilities performing similar work is one option. Operations may be relocated to an alternate site - assuming both are not impacted by the same incident. This strategy also assumes that the surviving site has the resources and capacity to assume the work of the impacted site. Prioritization of production or service levels, providing additional staff and resources and other action would be needed if capacity at the second site is inadequate.
Telecommuting is a strategy employed when staff can work from home through remote connectivity. It can be used in combination with other strategies to reduce alternate site requirements. This strategy requires ensuring telecommuters have a suitable home work environment and are equipped with or have access to a computer with required applications and data, peripherals, and a secure broadband connection.
In an emergency, space at another facility can be put to use. Cafeterias, conference rooms and training rooms can be converted to office space or to other uses when needed. Equipping converted space with furnishings, equipment, power, connectivity and other resources would be required to meet the needs of workers.
Partnership or reciprocal agreements can be arranged with other businesses or organizations that can support each other in the event of a disaster. Assuming space is available, issues such as the capacity and connectivity of telecommunications and information technology, protection of privacy and intellectual property, the impacts to each other’s operation and allocating expenses must be addressed. Agreements should be negotiated in writing and documented in the business continuity plan. Periodic review of the agreement is needed to determine if there is a change in the ability of each party to support the other.
There are many vendors that support business continuity and information technology recovery strategies. External suppliers can provide a full business environment including office space and live data centers ready to be occupied. Other options include provision of technology equipped office trailers, replacement machinery and other equipment. The availability and cost of these options can be affected when a regional disaster results in competition for these resources.
There are multiple strategies for recovery of manufacturing operations. Many of these strategies include use of existing owned or leased facilities. Manufacturing strategies include:
- Shifting production from one facility to another
- Increasing manufacturing output at operational facilities
- Retooling production from one item to another
- Prioritization of production—by profit margin or customer relationship
- Maintaining higher raw materials or finished goods inventory
- Reallocating existing inventory, repurchase or buyback of inventory
- Limiting orders (e.g., maximum order size or unit quantity)
- Contracting with third parties
- Purchasing business interruption insurance
There are many factors to consider in manufacturing recovery strategies:
- Will a facility be available when needed?
- How much time will it take to shift production from one product to another?
- How much will it cost to shift production from one product to another?
- How much revenue would be lost when displacing other production?
- How much extra time will it take to receive raw materials or ship finished goods to customers? Will the extra time impact customer relationships?
- Are there any regulations that would restrict shifting production?
- What quality issues could arise if production is shifted or outsourced?
- Are there any long-term consequences associated with a strategy?
Resources for Developing Recovery Strategies
- The Telework Coalition (America’s leading nonprofit telework education and advocacy organization)
Manual Workarounds
Telephones are ringing and customer service staff is busy talking with customers and keying orders into the computer system. The electronic order entry system checks available inventory, processes payments and routes orders to the distribution center for fulfillment. Suddenly the order entry system goes down. What should the customer service staff do now? If the staff is equipped with paper order forms, order processing can continue until the electronic system comes back up and no phone orders will be lost.
The order forms and procedures for using them are examples of “manual workarounds.” These workarounds are recovery strategies for use when information technology resources are not available.
Developing Manual Workarounds
Identify the steps in the automated process - creating a diagram of the process can help. Consider the following aspects of information and work flow:
Internal Interfaces (department, person, activity and resource requirements)
- External Interfaces (company, contact person, activity and resource requirements)
- Tasks (in sequential order)
- Manual intervention points
Create data collection forms to capture information and define processes for manual handling of the information collected. Establish control logs to document transactions and track their progress through the manual system.
Manual workarounds require manual labor, so you may need to reassign staff or bring in temporary assistance.
Last Updated: 05/26/2021
Return to top
- en Português Italiano Français Español Deutsch
The Key Differences Between a Disaster Recovery Plan vs. a Business Continuity Plan
As a managed services provider (MSP), you may have been asked for your recommendation on whether to implement a disaster recovery plan or a business continuity plan. At face value, these two terms have a lot in common—they both share the long-term goal of keeping your business up and running. There are, however, key differences between the purposes of a business disaster recovery plan versus a business continuity plan, which is why it’s so important for businesses to prepare both. Your customers should know that these two plans are not interchangeable, because they each perform a specific role.
Manage large networks or scale IT operations with RMM made for growing service providers.
To help you answer this question for your customers, this guide will outline the key differences between a disaster recovery plan, sometimes called a data recovery plan, and a business continuity plan . It will also explain the importance of each and how to go about creating them.
What is a business continuity plan?
A business continuity plan is a broad plan designed to keep a business running, even in the event of a disaster. This plan focuses on the business as a whole, but drills down to specific scenarios that might create operational risks. With business continuity planning, the aim is to keep critical operations functioning, so that your business can continue to conduct regular business activities even under unusual circumstances.
When followed correctly, a business continuity plan should be able to continue to provide services to customers, with minimal disruption, either during or immediately after a disaster. A comprehensive plan should also address the needs of business partners and vendors.
The continuity plan itself should live as a written document that outlines the business’ critical functions. This is likely to include a list of critical supplies, crucial business functions, copies of important records, and employee contact information. The information included in the plan should allow the business to be up and running as soon as possible after a disruptive event has occurred.
What is a disaster recovery plan?
A disaster or data recovery plan is a more focused, specific part of the wider business continuity plan. The scope of a disaster recovery plan is sometimes narrowed to focus on the data and information systems of a business. In the simplest of terms, a disaster recovery plan is designed to save data with the sole purpose of being able to recover it quickly in the event of a disaster. With this aim in mind, disaster recovery plans are usually developed to address the specific requirements of the IT department to get back up and running—which ultimately affects the business as a whole.
Depending on the type of disaster that occurs, the plan could involve everything from recovering a small data set to an entire datacenter. Most businesses are heavily reliant on information technology, which is why the disaster recovery plan is such an important part of successful business continuity planning.
In some cases, disaster recovery planning may also refer to protocols that exist outside the IT department. For example, disaster recovery plans could include steps for recovery personnel to seek a backup business location so that critical operations can be resumed. This might be useful in the event of an environmental disaster, such as flooding, which might render the existing business premises unusable. The plan might also include guidance on how to restore communication between emergency staff if the usual communication lines are unavailable. If your IT department is creating an IT-focused plan, you should include all non-IT recovery protocols in the wider business continuity plan.
A disaster recovery plan vs. business continuity plan
To summarize, disaster recovery refers to the way data, servers, files, software applications, and operating systems are restored following a damaging event. In contrast, business continuity refers to the way a business maintains operations during a time of technological malfunction or outage. In other words, a disaster or data recovery plan dictates how a business should respond to a disaster, while a business continuity plan dictates how a business can continue to operate throughout a disaster.
What specific ways can disaster recovery plans be tested?
To help ensure that any disaster recovery plan can hold its own in the event of a real disaster, it’s advisable to run a series of disaster recovery tests. Here are five common types of disaster recovery tests:
- Paper test: individuals in your IT department read and annotate recovery plans to flag any issues
- Walkthrough test: in a group, your IT department walks through the plans to identify any problems and recommend changes
- Simulation: your IT department simulates a disaster to determine whether the response plans are appropriate
- Parallel test: recovery systems are implemented and tested to see if they can perform actual business transactions in the event of a disaster. Primary systems still carry the full production workload
- Cutover test: primary systems are disconnected and recovery systems are implemented and assume the full production workload to see if they can perform business operations in the event of a disaster
What should you include in a disaster recovery plan?
A disaster recovery plan should encompass all the procedures, technologies, and objectives necessary for making a rapid recovery after a disaster. At minimum, your plan should account for the following:
- Recovery technologies: all systems currently implemented, or those that should be, in support of recovery
- Recovery time objective (RTO) : this refers to your desired timeframe for completing recovery before the situation becomes critical
- Recovery point objective (RPO) : RPO refers to the age of data backups—it’s the desired recovery point for restoring data from a backup
- Recovery protocols: these protocols should identify who does what in the event of a disaster, including clearly defined roles and how you expect recovery personnel to communicate with each other
- Vendors, suppliers, and other third parties: your plan should include a list of any parties who may be needed to support recovery, as well as their emergency contact details
- Recovery testing: outline periodic tests and mock disaster scenarios to confirm your recovery systems work as they should
Your disaster recovery plan and all the above facets should be updated regularly to help ensure that it remains accurate, as you never know when disaster might strike.
What does a business continuity plan typically include?
Your business continuity plan should act as a single, multifaceted document for managing every aspect of disaster preparedness in your business.
A typical business continuity plan will usually require the following sections:
- Contact details: specifically for those who developed the plan, as well as any key recovery personnel
- Plan objectives: describes the overall aim of the plan and what it will try to accomplish
- Risk assessment: this involves conducting a thorough assessment of disaster scenarios, their likelihood, and their impact
- Impact analysis: an outline of how each possible disaster scenario could impact your business (i.e., costs of repair, disruption to services, etc.)
- Prevention: steps and systems for helping prevent each of the disasters listed, such as implementing anti malware to prevent cyberattacks
- Response: this section should detail how the business will respond to each disaster to minimize the impact
- Areas for improvement: any weaknesses identified during the creation of the plan, as well as recommended solutions
- Contingencies: a list of secondary backup assets, such as a backup office location to be used in the event of a disaster
- Communication: protocols for maintaining communication with recovery personnel, such as a text alert system
Choosing the right disaster recovery and business continuity software
Devising a disaster recovery and business continuity plan is a time-consuming, complicated, and ongoing process. For MSPs, creating these types of plans is even more of a challenge, as they typically manage the recovery and continuity strategy for multiple customers. To do this effectively, it’s crucial that MSPs have access to reliable software so they can manage their approach to business continuity and disaster recovery in a cost-efficient and streamlined way.
N-able ® N-central ® helps MSPs tackle disaster recovery and business continuity with an all-in-one solution. N-central is a powerful option because it provides a scalable solution to disaster recovery and business continuity planning—alongside a whole slew of other critical MSP capabilities. N-central includes the capabilities necessary for MSPs to effectively manage complex networks with maximum precision—all from one powerful dashboard.
This remote monitoring and management tool offers a range of backup management features to support effective disaster recovery and business continuity . This includes cloud and on-premises backup, bare metal recovery, virtual machine support, private keys, data archiving, and more. By having such features alongside patch management, network topology mapping , remote monitoring, and more, MSPs gain access to a single dashboard that allows them to offer more streamlined customer services. To learn more, a 30-day free trial of N-central is available.
Want to stay up to date?
Get the latest MSP tips, tricks, and ideas sent to your inbox each week.
Loading form....
If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.
If this issue persists, please visit our Contact Sales page for local phone numbers.
Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site
An educational institution offering market-relevant and unique specializations in Executive MBA, Graduate Diploma and Graduate Certificate programs
A gathering of professionals and experts who discuss on the latest trends and topics
An authentic source of information and inspiration
KATE is a freeware app, web-based available, granting digital access to training materials.
Online store for ISO and IEC standards, Toolkits, eBooks, etc.
- / Resources
Business Continuity and Disaster Recovery
Business Continuity and Disaster Recovery (BCDR) planning is a set of strategies, policies, and procedures that help an organization respond, adapt, continue its operations, and recover in case of a disruptive event. They are essential components of an organization's overall risk management strategy.
The importance of BCDR increases considering that organizations are exposed to a variety of disruptive events, some of which are impossible to be eliminated. However, implementing a good business continuity and disaster recovery plan can keep an organization running through interruptions of any kind: power outages, IT system failures, natural disasters, supply chain risks, and more.
Why is BCDR Planning Important?
BCDR helps an organization prepare for unforeseen risks to its operations. It specifies all the steps that should be taken in such critical events and outlines what precautions should be taken to reduce risks.
The main purpose of BCDR is to minimize the impact of disruptions on an organization. It is what keeps an organization running smoothly, reduces downtime, and recovers from any disruption. Furthermore, it protects the organizations’ staff and assets and makes sure they are able to function under any condition created.
Implementing an effective BCDR helps organizations maintain their reputation, as well as keep their revenue flowing in.
What is the Difference Between Business Continuity and Disaster Recovery?
Although business continuity and disaster recovery are frequently used interchangeably, they differ, especially as each plan is implemented in different periods.
Business continuity refers to an organization’s processes and procedures put in place to ensure that its main operations can continue regardless the unfavorable circumstances. Business continuity is the ability to preserve operations or services in the face of a disruptive event.
On the other hand, disaster recovery focuses on the technology part of your business and aims to restore operations and systems as soon as possible after an incident happens. Disaster recovery is frequently considered to be an essential component of business continuity.
Top Threats to an Organization’s Continuity
Organizations can face a variety of unexpected events which can be physical or virtual. Some of the top threats to business continuity that every organization should be aware of:
- Cyber-attacks or data breaches – Such events can compromise an organization’s system or data. These threats can significantly impact and disrupt organizations and they can damage their reputation, cause loss of customers, and even cause them to go out of business.
- Power outages – Most organizations rely on electrical equipment, so power outages, especially unplanned ones, can cause loss of productivity and organizational downtime leading to loss of revenue.
- Climate change and natural disasters – Earthquakes, floods, storms, heatwaves, droughts, or other extreme weather events can negatively impact organizations’ operations and services.
- Infrastructure failure – IT and infrastructure disruption can cause unaffordable consequences to organizations, loss of productivity, loss of customers, and loss of valuable data.
How to Develop Business Continuity and Disaster Recovery Plans?
To create a BCDR plan for your organization, there are four important general steps that need to be followed:
- Assess the organization’s risks
- Design recovery strategies
- Develop and implement the plan
- Test the plan
Developing a BCDR plan can be broken down into creating two distinguished plans:
Business Continuity Plan
Business continuity planning goes beyond the technology component. It involves many short-term and long-term processes, such as the response, recovery, resumption, and maintenance of the entire organization.
There are eight general steps involved in creating a business continuity plan:
- Identifying the scope of the plan
- Identifying key business areas
- Identifying critical functions
- Identifying dependencies between various business areas and functions
- Determining acceptable downtime for each critical function
- Creating a plan to maintain operations
- Testing your Business Continuity Plan
- Reviewing and improving your Business Continuity Plan
Disaster Recovery Plan
A Disaster Recovery Plan contains detailed instructions on how to respond to unplanned incidents and is more thorough than a business continuity plan.
There are seven steps involved in creating a disaster recovery plan:
- Creating a DR response team
- Identifying critical operations and setting goals
- Evaluating potential disaster scenarios
- Creating a communication plan
- Establishing roles and responsibilities
- Developing a data backup and recovery plan
- Testing your plan
- Reviewing and updating your plan
Benefits of a Business Continuity Plan
Developing an effective business continuity requires a lot of effort, time, and skills. However, it will result in being very beneficial for your organization. A business continuity plan can help in:
- Identifying weaknesses and preventing risks, where possible
- Preparing for risks and unforeseen events that you cannot control
- Mitigating financial risks
- Protecting team members
- Maintaining work operations
- Coping with crisis
- Protecting reputation and brand
- Building customer and employee confidence
- Cultivating a resilient organizational culture
Benefits of Disaster Recovery Plan
Having a disaster recovery plan can help in:
- Being prepared in the event of a disaster
- Securing records and hardware
- Minimizing recovery time
- Minimizing delays
- Improving security
- Improving last-minute decisions
- Increasing employee productivity
- Maintaining high-quality services regardless of the event
- Reducing the risk of human errors
- Increasing confidence of investors and customers
Business Continuity Management and Disaster Recovery Training Courses
Business Continuity Management and Disaster Recovery training courses prepare professionals with the strong knowledge and skills needed to properly implement these systems. They help them understand the principles of BCDR and how to align them with their organization’s needs.
ISO 22301 Business Continuity Management System Training Courses
ISO 22301 Business Continuity Management System is an international standard designed to reduce the likelihood of a disruptive incident occurring, protect from, prepare for, respond to, and recover from them. It is very useful because it is applicable to any type of organization, large or small, and within any industry or public sector.
The business continuity management process helps create a clear understanding of how your organization operates, where failure might occur, and provides improvement points for your business processes.
Additionally, by applying business continuity management you can help your organization get a competitive advantage, increase your reputation, and contribute to continual business improvement.
Being certified against ISO 22301 expands your knowledge of how to align a business continuity management system with organizational objectives, and how to manage a team in the implementation of ISO 22301, it will improve your analytical and decision-making skills, and it will equip you with the necessary expertise.
Disaster Recovery Training Courses
Disaster Recovery training courses provide professionals with the needed expertise, knowledge, and skills to implement, maintain, and manage disaster recovery plans. It contains a variety of policies and procedures for protecting IT infrastructure against disruption caused by humans or natural disasters.
With a Disaster Recovery certification, you will strengthen your capabilities to design, run, and conduct a DR project. You with be able to understand the concepts, approaches, methods, strategies, and techniques related to DR. You will be able to help an organization in implementing DR best practices and meeting their business objectives.
While disaster recovery is sometimes considered a component of business continuity, organizations are more protected and prepared when both plans are developed. They are related to each other and each of them plays a crucial role in building a more resilient organization .
About the Author
Vlerë Hyseni is the Digital Content Officer at PECB. She is in charge of doing research, creating, and developing digital content for a variety of industries. If you have any questions, please do not hesitate to contact her at: [email protected]
- Quality Management System
- Health, Safety, and Environment
- Continuity, Resilience, and Service Management
- Information Security Management
- Risk and Management
- IT Security
- Governance, Risk, and Compliance
- Transportation, Telecom, and Energy
- Cybersecurity
- Sustainability
- Privacy and Data Protection
- Digital Transformation
Latest Articles
Understanding industry 4.0: the fourth industrial revolution.
Lean Management: A Comprehensive Guide
The Plan-Do-Check-Act (PDCA) Cycle: A Guide to Continuous Improvement
SUBSCRIBE TO OUR NEWSLETTER
Training & Certification
- Ethical Hacking
- Training Course Catalog
- Attributed Territories
Examination
- Exam Rules and Policies
- Online Exam Manual
- Invigilator Guide
- Candidate Handbooks
Certification
- Certification Rules and Policies
- Certification Maintenance
- Certificate Verification
- Master Credentials
- Leadership, Committees and Advisory Boards
- PECB Code of Ethics
- Affiliations
Terms, Conditions, and Policies | Privacy Statement
© 2023 Professional Evaluation and Certification Board. All rights reserved.
Business Continuity
What’s the difference b/w disaster recovery plan and business continuity plan, november 3, 2022.
Dale Shulmistra
by Dale Shulmistra Nov 3, 2022 Business Continuity
People often use the terms disaster recovery and business continuity planning interchangeably, but while these two terms are similar, they describe two different approaches businesses take to bounce back in the event of a disaster .
So what is the difference between a disaster recovery plan and business continuity plan? The answer varies a little depending on who you ask, but the basic rule of thumb is this:
A business continuity plan is focused on all aspects of disaster planning as it relates to preventing an interruption to business operations. A disaster recovery plan is focused more specifically on the response and recovery stages of a disaster, especially in regards to IT systems.
To further differentiate these concepts, let’s look at each plan individually:
- A business continuity plan (BCP) refers to a series of protocols designed to ensure the business can continue operating during a disruptive event. In simplest terms, a BCP aims to answer the question: “How can we keep the business running if disaster strikes?”
- A disaster recovery plan (DRP) refers more specifically to the steps and technologies for recovering from a disruptive event, especially as it pertains to restoring lost data, resolving infrastructure failure or troubleshooting other technological components. This plan aims to answer the question: “How do we recover from a disaster?”
According to Dell, a business continuity plan is a strategy that businesses put in place to continue operating with minimal disruption in the event of a disaster. A disaster recovery plan is more specific. It’s a plan to “restore the data and applications that run your business should your data center, servers or other infrastructure get damaged or destroyed.”
Below, we dig a little deeper into the unique components of each plan and how they differ, but first, let’s talk about why they’re essential in the first place.
Why are a DRP and BCP Important?
Businesses face a wide variety of threats that can impede their ability to function. These could result from natural disasters like fires, floods, tornados, earthquakes or hurricanes. There are also many man-made threats, like malware, cyberattacks, ransomware, accidental data deletion or even internal sabotage. Without both a business continuity plan and a disaster recovery plan in place, businesses face the dire consequences of being ill-prepared when disaster strikes.
Research shows that half of all businesses that experience a major disaster “never return to the marketplace.” Of businesses that are involved in a major fire, 70 percent “fail within 3 years.”
The stakes are especially high for small businesses. According to FEMA (Federal Emergency Management Agency), 90% of smaller companies fail within one year after a disaster if they’re unable to resume operations within 5 days. Without detailed plans for preparing for such a disaster, businesses are setting themselves up for failure.
By focusing on both business continuity and disaster recovery planning, you can ensure your business can withstand these challenges.
Alarming Statistics about the Need for Disaster Planning
The rates of business failure are especially high for businesses that do not have a business continuity plan or disaster recovery plan. Consider some of these alarming business continuity statistics :
- Operational downtime can cost as much as $10,000 per hour for small businesses, according to estimates from BC/DR provider Datto. For larger companies, this downtime can cost millions of dollars per hour.
- In a broad survey of businesses conducted by DataCore, more than half of businesses reported they had recently experienced a downtime event lasting at least 8 hours.
- More than 200,000 businesses in the U.S. were forced to close due to disruptions from Covid-19 – a prime example of the impact that a large, unexpected disaster (such as a pandemic) can have on businesses that have not planned for such incidents.
How a Business Continuity Plan and Disaster Recovery Plan Overlap
In reality, both plans are referred to generally when describing a business’s disaster preparedness, whether for prevention or response or both.
But also, it’s important to remember that a comprehensive business continuity plan will actually have a disaster recovery plan built into it. Your BCP is a master document that should encompass all aspects of a company’s disaster prevention, mitigation and response, including the recovery protocols (whether tech-focused or not). You cannot have an effective business continuity plan without addressing how the business will recover from different kinds of disasters.
Confused? Don’t be. Let’s take a closer look at each plan.
Business Continuity Planning
A business continuity plan is a broad plan to keep a business up and running in the event of a disaster. It focuses on the business as a whole, but also drills down to very specific scenarios that create risks for operations.
With business continuity planning, generally speaking, you’re focusing on the critical operations that the business needs to get up and running again after a disruption in order to conduct regular business. If the plan is followed correctly, businesses should be able to continue to provide services to customers during or immediately after a disaster with minimal disruption. The plan also focuses on the needs of business partners and vendors.
A business continuity plan is a written document that lists the business’s essential functions. According to TechTarget, these are things like a list of critical supplies, employee contact information, a list of crucial business functions or copies of important records. Basically, the business continuity plan includes all the necessary information to get the business up and running as soon as possible after a disruptive event.
But even that is only one small component of a BCP, as we address below.
Disaster Recovery Planning
A disaster recovery plan can be considered a more focused, specific part of a business continuity plan.
Depending on who you talk to, a disaster recovery plan is sometimes narrowly focused on a business’s data and information systems. According to Data Center Knowledge , for example, a disaster recovery plan is designed to save “data with the sole purpose of being able to recover it in the event of a disaster.” For this reason, disaster recovery planning is usually focused on the needs of the IT department.
Depending on the type of disaster, the plan could involve everything from recovering a small data set to the loss of an entire datacenter. Since most businesses are increasingly reliant on information technology, the disaster recovery plan is an important part of business continuity planning.
A disaster recovery plan can also refer to protocols that are outside the realm of IT. For example, the plan could include steps for recovery personnel to seek a secondary business location to resume critical operations. Or, it could include guidance for how to restore communication between emergency staff if primary lines of communication are unavailable.
In other words, disaster recovery planning does not always have to be strictly IT-focused, though it often is. If your IT personnel are creating an IT-focused disaster recovery plan, just be sure that all non-IT recovery protocols are included within the larger BCP documentation.
What to Include in a Business Continuity Plan
Your BCP should serve as the single, multifaceted document for managing all ends of disaster preparedness at your organization:
- Prevention : Steps and systems to prevent certain disasters from occurring in the first place.
- Mitigation : Processes to limit the impact of disasters when they occur.
- Recovery : Protocols for restoring operations as quickly as possible to limit downtime or other adverse consequences.
These are broad categories that need to be defined individually for each possible disaster scenario. To do so, you need to gain a better understanding of the unique risks that pose a threat to your organization and how those events will impact the business in terms of downtime, costs, reputation damage and so on.
As such, a typical business continuity plan will usually require the following sections:
- Contact information : Contact details for those who developed the BCP, and/or key recovery personnel within each department.
- Plan objectives : The overall objective for the plan, i.e. its purpose and overall goal – what it aims to accomplish, why it’s critical, what areas it focuses on, etc.
- Risk assessment : A thorough assessment of disaster scenarios that could disrupt operations, prioritized by likelihood and/or severity of impact.
- Impact analysis : Specific outcomes for each disaster scenario in terms of how much they negatively impact the business, i.e. the costs for idle workers, recovery costs, hardware damage and repair, etc.
- Prevention : Steps and systems for preventing each of those disasters, such as the implementation of antimalware systems to prevent certain cyberattacks.
- Response : How the business should respond to each disaster to minimize impact and initiate a rapid recovery, such as restoring backups after a data loss.
- Areas for improvement : Any weaknesses identified in the creation of the BCP, along with recommended solutions and steps for filling these holes. (Your BCP is an evolving document that should be updated periodically to reassess risks and incorporate any changes made.)
- Contingencies : A list of secondary backup assets and/or protocols, such as a backup office location, backup equipment and so on.
- Communication : Protocols for staying in communication with recovery personnel and/or all personnel at large, such as a text alert system, company extranet, calling trees, etc.
What to Include in a Disaster Recovery Plan
A disaster recovery plan is essentially the “Response” component of your business continuity plan. It encompasses all the procedures, technologies and objectives necessary for completing a quick recovery after a disaster. This recovery could pertain to lost data, damaged hardware, network outages, application failure or virtually any other point of failure across your operations.
Here are some things you’ll want to identify within your disaster recovery plan:
- Recovery technologies : All systems currently implemented (or those that should be) that support the recovery process. An example would be a data backup and disaster recovery system that enables you to recover critical files that have gone missing or large datasets that have been infected with ransomware.
- Recovery Time Objective (RTO) : Your RTO is a desired timeframe for completing recovery before things take a turn for the worse. It can be applied to the business as a whole or individual layers of IT, like data recovery. For example, an RTO of 30 minutes would mean that all data should be recovered or restored within 30 minutes after a loss is discovered.
- Recovery Point Objective (RPO) : RPO refers specifically to the age of data backups. It’s the desired recovery point for restoring data from a backup to minimize the amount of data loss. An example RPO might be 6 hours – meaning that your last backup would never be more than 6 hours old. So if your systems were suddenly infected with ransomware, the data you restore from a backup shouldn’t be more than 6 hours old. (Thus, a longer RPO, such as 24 hours, would create the risk of losing a lot more data.)
- Recovery protocols: Who does what in a disaster situation? Your DRP should clearly define the roles of your recovery personnel, so that there is no confusion and not a minute wasted when disaster strikes. In the case of a data recovery, who oversees it? How, exactly, do they do it? Who do they communicate with, and how are updates communicated with other personnel? All of this should be spelled out to ensure that recovery teams know what to do and can refer back to this guidance when needed.
- Vendors, supplies & other third parties : These could be IT providers, telecommunications companies or other third parties that may be needed to support the recovery process. For example, in case of an Internet outage, your DRP should identify your Internet provider’s emergency contact information (ideally a specific point of contact) to ensure a faster resolution.
- Recovery testing : Periodic tests and mock disaster scenarios to confirm your recovery systems work as they should. One example could be a test data recovery to confirm that backups are available and can be restored without integrity issues.
Like your BCP, your disaster recovery plan should also be updated periodically to ensure all the information is still accurate.
Also, remember that the information in your DRP should be dictated in part by a thorough business analysis, like the risk assessments and impact analyses from your overall continuity planning. It is indeed important to understand the differences between a business continuity plan and a disaster recovery plan, but perhaps even more important is understanding how these two documents hinge on each other and play a connected role in maintaining continuity.
Backup & Disaster Recovery
One of the best strategies in disaster recovery planning is to keep all of your data backed up on a server at a secondary site. This way, if a disaster occurs at the primary site, a backup of all vital data is available. A good disaster recovery plan will dictate how you manage and access data from the secondary site as quickly as possible.
For example, in the case of hybrid-cloud backup systems like the Datto SIRIS , you have several recovery options available to you. If a disaster occurs at the primary site, you can restore data from the cloud or boot the entire backup as a virtual machine. The virtualization method allows for instant access to data and applications while a full recovery is in process.
Ultimately, the reliability of your disaster recovery plan is dependent on everything you’ve included in the plan: all the infrastructure, processes, planning and testing.
Frequently Asked Questions
1) what’s the difference between a business continuity plan and a disaster recovery plan.
The main difference is that a disaster recovery plan is more focused on the procedures for recovering from a disaster, especially in regards to IT systems, while a business continuity plan focuses on the bigger picture of preventing all operational disruptions.
Disaster recovery planning is typically considered a subset of business continuity planning.
2) Which comes first: business continuity or disaster recovery?
Business continuity planning is the foundation of a business’s disaster planning and thus should come before disaster recovery planning. Continuity planning will identify the primary threats to a business using a risk assessment and impact analysis. Those assessments can be used to inform IT disaster recovery planning.
3) What is an example of a business continuity strategy?
One example of a business continuity strategy is creating frequent data backups that can be restored in case files are deleted, destroyed or lost. This strategy involves using a dependable business continuity and disaster recovery (BC/DR) system that enables frequent backups and prompt restore methods.
4) What is business continuity and disaster recovery?
Business continuity and disaster recovery (or BC/DR) refers to the systems and procedures that help a business continue operating through a disaster. The term is commonly used in reference to data backup and recovery systems, but it can apply to other IT systems as well.
Don’t Go without a Plan! Get the Protection You Need.
Being prepared for a disaster is one of the most important things a business can do to prevent costly downtime—or permanent closure—when these disruptive incidents occur. Get in touch with our experts at Invenio IT to explore the technology your organization needs for business continuity, data backup and disaster recovery. Request a free demo or contact our specialists at Invenio IT by calling (646) 395-1170 or by emailing [email protected] .
Assessing Threats: A Complete Guide to BCP Risk Management
Jan 11, 2023
Risks are everywhere. They're in your building, the aging utility lines, the...
SMB Ransomware: Why Businesses Face Big Risks from Attackers
Jan 3, 2023
Large organizations like the Colonial Pipeline get major media attention when they...
What is the Cost of Data Loss in 2023?
Jan 1, 2023
Data loss is one of the most common causes of business disruption today—and one of...
IMAGES
VIDEO
COMMENTS
While a business continuity plan focuses on defining how business operations should function under abnormal circumstances during a disaster or
The role of BCDR is to minimize the effects of outages and disruptions on business operations. BCDR practices enable an organization to get back on its feet
Business continuity and disaster recovery have different goals. Effective business continuity plans limit operational downtime, whereas effective disaster
A business continuity and disaster recovery plan is a combination of strategies, policies and procedures about how an organization should respond to or adapt to
Even the most carefully thought out business continuity plan is never completely foolproof. Despite your best efforts, some disasters simply cannot be mitigated
Accordingly, a disaster recovery plan is limited to ensuring data protection, preventing damage to systems and recovering them as quickly as possible, while a
Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are
A business continuity plan is a broad plan designed to keep a business running, even in the event of a disaster. This plan focuses on the
Business Continuity and Disaster Recovery (BCDR) planning is a set of strategies, policies, and procedures that help an organization respond
A business continuity plan is focused on all aspects of disaster planning as it relates to preventing an interruption to business operations. A disaster