Business continuity and disaster recovery go hand-in-hand. Business continuity is the way an organization can prepare for and aid in disaster recovery.
Disaster recovery tends to focus on specific steps to get an organisation back up and running following an incident (usually focusing on technology infrastructure), business continuity tends to take that aspect into account but focus on long terms effects.
We believe that you should have both in place but since our background is in technology we are going to primarily focus on the Disaster recovery aspect.
Why should you make a Business Continuity and disaster recovery plan?
We use technology every day and many organisations are built on technology, if one system or all of them went down it could seriously damage the business. Businesses have been known to go out of business because they couldn’t recover what was lost.
It is also becoming more commonplace with cyber attacks being more prominent.
What type of Disaster should I plan for?
It varies for different organisations but these are the most common types of disaster:
- Natural disaster e.g. Fire
- Terrorist Attack
- Cyber attack
- Epidemic illness
What do you need in your plan?
A plan isn’t a one-size-fits-all approach. There are various circumstances that need to be considered. For instance, what happens in a fire situation may not be the same as what happens in a cyber attack.
It’s best to think of the possible scenarios that your business may face and then start with what seems like the most extreme option and plan it out. You’ll find starting with those most extreme will mean you can pretty much copy and paste some of the elements to the less extreme scenario plans.
The plans should detail what the organisation as a whole should do as well as any particular people who need to do certain tasks should do. It should detail all of the systems that you have in place and expected downtime.
Some key things you need in your DR plan:
- DR Goals – what is the main aim of this plan?
- Detail when to use the plan – when should the plan take effect?
- Business impact – how will it affect the business financially, operationally or otherwise?
- Preventative measures – can this be prevented with regular
- Plan of action – the plan, step-by-step which should include the following
- Summary of key action steps
- Impacted Systems – which systems are likely to be impacted
- Recovery strategies – for each system, including details of downtime.
- Who is responsible for putting the plan in action, including;
- Responsibilities of each person
- Contact information for relevant involved parties
- Risks – any further risks associated with this plan or the ongoing impact to the business
- Potential downtime timeline
- Costs involved in implementing
Test and Review!
It’s important to consistently test and review your plan, especially if you have new systems coming into place.
It is also really important that all staff are aware of their responsibilities in addition to those who have an active part in the plan. It is also important if active participants in the plan leave the organisation.
Surely all of my systems should be fine if they are hosted in the cloud?
This is a common misconception. Whilst the cloud is ideal to host your data and documents, it isn’t fool-proof. What if someone hacked your account and deleted it everything? You need to ensure you have back-ups happening on a regular basis.
Maintenance is an important element to reducing the downtime and cost risk of a disaster.
It sounds expensive. How much is it going to cost me?
You are right, it is going to be expensive IF you don’t plan. On a more serious note, DR planning and implementation has become more affordable over the past few years. Additionally, as above, maintenance is an important element in this which would drastically reduce your costs if it is done.