Business Continuity and Disaster Recovery Planning: why bother?
Disaster Recovery (DR) and Business Continuity Planning (BCP)
DR and BCP is not just about IT/Technology, it is however an organizational responsibility and ultimate accountability sits with that of the CEO to ensure their business continues to operate in the event of a Disaster. The Disasterrecovery.org defines “Business Continuity Plan or BCP as how an organization guards against future disasters that could endanger its long-term health or the accomplishment of its primary mission. BCPs take into account disasters that can occur on multiple geographic levels-local, regional, and national-disasters like fires, earthquakes, or pandemic illness”. Where as Disaster Recovery is defined as a set of processes or procedures required to enable the recovery of business critical systems/infrastructure in the event of disaster, so your DR plans should form part of any Business Continuity Planning.
More than IT?
Any planning should encompass more than IT/technology and should cover how your systems and supporting infrastructure will be recovered in the event of a disaster. That said organisational planning must include potential disasters that may or may not include IT, such as a bus crashing (for a tour operator) or reputational damage on social media (for a PR agency). A number of likely disaster scenarios must be planned for as part of an organisation’s proposed response to a disaster (a definition of which should also be agreed by the organisation). Each business unit’s Disaster Recovery plan must be included in the overall organisational business continuity planning and, of course, must be supported by the IT/technology plans. In the digital era where the use of social media by organisations is becoming common place any disaster planning must be included in an organisation’s response to a “social media disaster” such as negative product publicity which can quickly go viral. A recent example of this being when a US pizza company jumped on a trending hashtag without knowing its full context, in this case it was referring to domestic violence.
Disaster Recovery Scope
Business Continuity Planning is bigger than just IT, but for most organisations ,IT and its reliance on technology is huge. Therefore, any planning must include IT and technology recovery as part of the organization and business unit scenario planning. In previous roles I focused on IT/technology DR Planning for those critical IT services/systems that were required to support the vital business processes of an organization and it customer’s. The impact of the organizational “loss” should be quantified through the business impact analysis (BIA) involving all aspects of the organisation and must be completed in collaboration with the other business units to decide which systems/infrastructure/people were critical to the running of the organization and in the case of IT systems which order they would be recovered. Not only should you create a DR plan but you must test it out using real life scenarios.
During the process of completing a BIA a large number of scenarios will be identified and may cause considerable debate and litigation between the business units. To ensure consistency and clarity I have included some examples of scenarios that would impact an organization and its ability to provide continued service to its customer’s. An organization must agree these scenarios (to be included in their Business Continuity Planning) as well as on the findings of the BIA. Example scenarios may include:
- Single service or system failure;
- Multiple services or systems failure (concurrently);
- Total loss of the Data Centre services (and its facilities);
- Total devastation of the localized region (e.g. volcanic eruption, tsunami, earthquake, significant loss of life);
- Pandemic management;
- Cloud hosted solution (SaaS) failure;
- Building evacuation: Relocating critical staff or supporting the relocation of critical business staff should a building be inaccessible or due to be evacuated or unusable because of power issues on site;
- Loss of power to a data centre: which could be the company’s own or a hosted environment;
- Supply chain interruption
- Brand damage going viral on social media
Have you struggled to start your Organisational DR & Continuity Planning?
If you have, try downloading my Business Continuity Plan template by clicking the button below. I have used it successfully on a number of occasions, so feel free to use as much or as little as you require…just an acknowledgement will do.
It’s not a case of if, but when…………..
Disasters happen, be they natural, human-made, on social media or in the cloud. It’s how your organization is prepared for, and ultimately responds to a disaster that will be the measure of success for any Business Continuity Planning (BCP), do not delay and get yours in order today as it could be the difference between being in business or not.
Its how your organization responds to a disaster that will be the measure of success for any Business Continuity Plan
What have you learnt from how you planned to cope with a disaster compared with the reality, please put your stories in the comments section below……