search

What is the relationship between business impact analysis a disaster recovery plan and business continuity management?

1 years ago
Comments: 0
Views: 179

Disaster recovery and business continuity are tightly related. In the 1970s, organizations started preparing Disaster Recovery (DR) plans, which were mainly focused on natural disasters. In the 1980s and onwards, the focus shifted to a more holistic view, named Business Continuity (BC).

Show

While disaster recovery narrowly focused on how to bring systems back online after a disaster, business continuity aimed to develop a proactive process that would keep businesses alive and operating even in the face of a major crisis. Accordingly, a disaster recovery plan is limited to ensuring data protection, preventing damage to systems and recovering them as quickly as possible, while a business continuity plan covers all aspects of the business including business processes, manpower, partners and suppliers.

In this article you learn:
• What is a business continuity plan?
• 7 chapters of a sample business continuity plan
• The difference between a DR and BC plan
• A BC plan in action: hour by hour
• Ensuring business continuity for your data with Cloudian

What is a Business Continuity Plan?

A business continuity plan details how a business will continue operating and serving its customers, even in the face of a dramatic event like a natural disaster, major IT failure, or a cyberattack. The end goal is to preserve a company’s financial viability, market position, reputation, and customers, even in the face of a crisis.

Business continuity planning covers every aspect of the business including:

  • Business processes—how can a process continue working even if critical equipment or supplies were missing?
  • Human resources—how can critical staff continue performing their work if, for example, workstations are destroyed or there is no Internet connection?
  • Business partners and suppliers—how can suppliers continue their work with the company if, for example, lines of communication or road transport is unavailable?

A business continuity plan must consider important questions and provide good answers. What single points of failure exist in the organization? What are the critical dependencies on equipment, in-house staff, suppliers or other third parties? What workarounds exist for disruption of any of these? Which organizational processes, staff, skills and technology are needed to maintain business operations and fully recover from a disaster?

7 Chapters of a Business Continuity Plan

A typical business continuity plan contains the following sections:

  1. Goals of the plan—should quantify which parts of the business are considered critical and how smoothly they should be able to operate during a crisis
  2. Budget—resources allocated to business continuity planning and preparation
  3. Personnel—who is responsible for maintaining the business continuity program and executing practical steps during a crisis. Which other stakeholders exist—senior management, legal, PR, customers, partners, etc—and how they should be involved or notified.
  4. Business Impact Analysis—a holistic review of critical business processes, their weak points and how they are likely to be affected by different types of disasters.
  5. Proactive strategies—processes that should be carried out on a regular basis to prevent or more easily overcome disasters.
  6. Immediate reactive strategies—what the organization should do at the moment disaster strikes to continue operations. This will typically include temporary measures, for example, delivering electricity using a portable generator while power is out.
    1. This chapter includes an IT disaster recovery plan.
  7. Long-term reactive strategies—what the organization should do on “day two”, after the disaster has ended, to fully recover and rebuild systems to their original state.

Business Continuity vs. Disaster Recovery Plan

The terms business continuity plan and disaster recovery plan are sometimes used interchangeably. However, as we illustrated in our plan structure above, a disaster recovery plan is an important section within a business continuity plan. See our article about IT disaster recovery plans.

The table below illustrates how a business continuity plan differs from an IT disaster recovery plan—it touches on the same aspects but from a holistic business perspective.

Business Continuity Plan IT Disaster Recovery Plan
Aimed at ensuring business operations continue during and after a crisis, to preserve financial stability and reputation Aimed at ensuring minimal damage to IT assets in a disaster and speedy, complete recovery
Inventory of all critical business assets—staff, suppliers, vehicles, buildings, etc. Inventory of IT assets—network equipment, servers, endpoints, etc.
Business Impact Analysis of all threats affecting business operations Analysis of threats affecting IT infrastructure
Includes an ongoing proactive component to prevent and prepare for disaster Only focused on reactive measures in case disaster happens

Business Continuity Plan in Action: Hour by Hour

Once you have a business continuity plan, here is what a crisis could look like, hour by hour, as the plan unfolds. The activities below are just examples, and of course, will vary depending on the crisis and the nature of the business.

Timeframe Example Activities
First 4 hours Business continuity team is alerted to the crisis

Contact made with authorities (firefighters, police, etc)

Alternate physical facility is activated, or employees directed to work from home

Critical IT systems switched over to remote DR site
Hours 5-24 In case of casualties among employees, succession plan activated

Assessment of damage to physical facilities

Assessment of damage to IT resources

Notifying customers, press, and suppliers

Switching to backup vendors in case a vendor or supplier was also affected by the disaster
Days 2-4 Restoring critical parts of the primary facility

Transitioning critical staff back to the facility

Restoring critical IT systems

Routing activity back to recovered systems
Days 5-14 Fully rebuilding primary facility

Transitioning all staff back to the facility

Restoring all IT systems

Resuming normal operations

Ensuring Business Continuity for Your Data with Cloudian

Cloudian offers low-cost disk-based storage that lets you store up to 1.5 Petabytes of backups. The Cloudian appliance can be deployed in your local data center, or in a remote DR site. We provide integrated data management tools that let you store data seamlessly to a remote appliance.

What is the relationship between business impact analysis a disaster recovery plan and business continuity management?

Cloudian also supports a hybrid cloud setup. The Cloudian appliance can replicate your data to a cloud storage service such as Amazon S3, Azure Blob Storage or Google Cloud Storage. This allows you to backup data frequently and enjoy fast local access while keeping a copy of data on the cloud in case the on-premise data center goes down.

What is the relationship between business impact analysis a disaster recovery plan and business continuity management?

Learn more about Cloudian’s data protection solutions.

People often use the terms disaster recovery and business continuity planning interchangeably, but while these two terms are similar, they describe two different approaches businesses take to bounce back in the event of a disaster.

So what is the difference between a disaster recovery plan and business continuity plan? The answer varies a little depending on who you ask, but the basic rule of thumb is this:

A business continuity plan is focused on all aspects of disaster planning as it relates to preventing an interruption to business operations. A disaster recovery plan is focused more specifically on the response and recovery stages of a disaster, especially in regards to IT systems.

To further differentiate these concepts, let’s look at each plan individually:

  • business continuity plan (BCP) refers to a series of protocols designed to ensure the business can continue operating during a disruptive event. In simplest terms, a BCP aims to answer the question: “How can we keep the business running if disaster strikes?”
  • disaster recovery plan (DRP) refers more specifically to the steps and technologies for recovering from a disruptive event, especially as it pertains to restoring lost data, resolving infrastructure failure or troubleshooting other technological components. This plan aims to answer the question: “How do we recover from a disaster?”

According to Dell, a business continuity plan is a strategy that businesses put in place to continue operating with minimal disruption in the event of a disaster. A disaster recovery plan is more specific. It’s a plan to “restore the data and applications that run your business should your data center, servers or other infrastructure get damaged or destroyed.”

Below, we dig a little deeper into the unique components of each plan and how they differ, but first, let’s talk about why they’re essential in the first place.

Why are a DRP and BCP Important?

Businesses face a wide variety of threats that can impede their ability to function. These could result from natural disasters like fires, floods, tornados, earthquakes or hurricanes. There are also many man-made threats, like malware, cyberattacks, ransomware, accidental data deletion or even internal sabotage. Without both a business continuity plan and a disaster recovery plan in place, businesses face the dire consequences of being ill-prepared when disaster strikes.

Research shows that half of all businesses that experience a major disaster “never return to the marketplace.” Of businesses that are involved in a major fire, 70 percent “fail within 3 years.”

The stakes are especially high for small businesses. According to FEMA (Federal Emergency Management Agency), 90% of smaller companies fail within one year after a disaster if they’re unable to resume operations within 5 days. Without detailed plans for preparing for such a disaster, businesses are setting themselves up for failure.

By focusing on both business continuity and disaster recovery planning, you can ensure your business can withstand these challenges.

Alarming Statistics about the Need for Disaster Planning

The rates of business failure are especially high for businesses that do not have a business continuity plan or disaster recovery plan. Consider some of these alarming business continuity statistics:

  • Operational downtime can cost as much as $10,000 per hour for small businesses, according to estimates from BC/DR provider Datto. For larger companies, this downtime can cost millions of dollars per hour.
  • In a broad survey of businesses conducted by DataCore, more than half of businesses reported they had recently experienced a downtime event lasting at least 8 hours.
  • More than 200,000 businesses in the U.S. were forced to close due to disruptions from Covid-19 – a prime example of the impact that a large, unexpected disaster (such as a pandemic) can have on businesses that have not planned for such incidents.

How a Business Continuity Plan and Disaster Recovery Plan Overlap

In reality, both plans are referred to generally when describing a business’s disaster preparedness, whether for prevention or response or both.

But also, it’s important to remember that a comprehensive business continuity plan will actually have a disaster recovery plan built into it. Your BCP is a master document that should encompass all aspects of a company’s disaster prevention, mitigation and response, including the recovery protocols (whether tech-focused or not). You cannot have an effective business continuity plan without addressing how the business will recover from different kinds of disasters.

Confused? Don’t be. Let’s take a closer look at each plan.

Business Continuity Planning

A business continuity plan is a broad plan to keep a business up and running in the event of a disaster. It focuses on the business as a whole, but also drills down to very specific scenarios that create risks for operations.

With business continuity planning, generally speaking, you’re focusing on the critical operations that the business needs to get up and running again after a disruption in order to conduct regular business. If the plan is followed correctly, businesses should be able to continue to provide services to customers during or immediately after a disaster with minimal disruption. The plan also focuses on the needs of business partners and vendors.

A business continuity plan is a written document that lists the business’s essential functions. According to TechTarget, these are things like a list of critical supplies, employee contact information, a list of crucial business functions or copies of important records. Basically, the business continuity plan includes all the necessary information to get the business up and running as soon as possible after a disruptive event.

But even that is only one small component of a BCP, as we address below. 

Disaster Recovery Planning

A disaster recovery plan can be considered a more focused, specific part of a business continuity plan.

Depending on who you talk to, a disaster recovery plan is sometimes narrowly focused on a business’s data and information systems. According to Data Center Knowledge, for example, a disaster recovery plan is designed to save “data with the sole purpose of being able to recover it in the event of a disaster.” For this reason, disaster recovery planning is usually focused on the needs of the IT department.

Depending on the type of disaster, the plan could involve everything from recovering a small data set to the loss of an entire datacenter. Since most businesses are increasingly reliant on information technology, the disaster recovery plan is an important part of business continuity planning.

A disaster recovery plan can also refer to protocols that are outside the realm of IT. For example, the plan could include steps for recovery personnel to seek a secondary business location to resume critical operations. Or, it could include guidance for how to restore communication between emergency staff if primary lines of communication are unavailable.

In other words, disaster recovery planning does not always have to be strictly IT-focused, though it often is. If your IT personnel are creating an IT-focused disaster recovery plan, just be sure that all non-IT recovery protocols are included within the larger BCP documentation.

What to Include in a Business Continuity Plan

Your BCP should serve as the single, multifaceted document for managing all ends of disaster preparedness at your organization:

  • Prevention: Steps and systems to prevent certain disasters from occurring in the first place.
  • Mitigation: Processes to limit the impact of disasters when they occur.
  • Recovery: Protocols for restoring operations as quickly as possible to limit downtime or other adverse consequences.

These are broad categories that need to be defined individually for each possible disaster scenario. To do so, you need to gain a better understanding of the unique risks that pose a threat to your organization and how those events will impact the business in terms of downtime, costs, reputation damage and so on.

As such, a typical business continuity plan will usually require the following sections:

  • Contact information: Contact details for those who developed the BCP, and/or key recovery personnel within each department.
  • Plan objectives: The overall objective for the plan, i.e. its purpose and overall goal – what it aims to accomplish, why it’s critical, what areas it focuses on, etc.
  • Risk assessment: A thorough assessment of disaster scenarios that could disrupt operations, prioritized by likelihood and/or severity of impact.
  • Impact analysis: Specific outcomes for each disaster scenario in terms of how much they negatively impact the business, i.e. the costs for idle workers, recovery costs, hardware damage and repair, etc.
  • Prevention: Steps and systems for preventing each of those disasters, such as the implementation of antimalware systems to prevent certain cyberattacks.
  • Response: How the business should respond to each disaster to minimize impact and initiate a rapid recovery, such as restoring backups after a data loss.
  • Areas for improvement: Any weaknesses identified in the creation of the BCP, along with recommended solutions and steps for filling these holes. (Your BCP is an evolving document that should be updated periodically to reassess risks and incorporate any changes made.)
  • Contingencies: A list of secondary backup assets and/or protocols, such as a backup office location, backup equipment and so on.
  • Communication: Protocols for staying in communication with recovery personnel and/or all personnel at large, such as a text alert system, company extranet, calling trees, etc.

What to Include in a Disaster Recovery Plan

A disaster recovery plan is essentially the “Response” component of your business continuity plan. It encompasses all the procedures, technologies and objectives necessary for completing a quick recovery after a disaster. This recovery could pertain to lost data, damaged hardware, network outages, application failure or virtually any other point of failure across your operations.

Here are some things you’ll want to identify within your disaster recovery plan:

  • Recovery technologies: All systems currently implemented (or those that should be) that support the recovery process. An example would be a data backup and disaster recovery system that enables you to recover critical files that have gone missing or large datasets that have been infected with ransomware.
  • Recovery Time Objective (RTO): Your RTO is a desired timeframe for completing recovery before things take a turn for the worse. It can be applied to the business as a whole or individual layers of IT, like data recovery. For example, an RTO of 30 minutes would mean that all data should be recovered or restored within 30 minutes after a loss is discovered.
  • Recovery Point Objective (RPO): RPO refers specifically to the age of data backups. It’s the desired recovery point for restoring data from a backup to minimize the amount of data loss. An example RPO might be 6 hours – meaning that your last backup would never be more than 6 hours old. So if your systems were suddenly infected with ransomware, the data you restore from a backup shouldn’t be more than 6 hours old. (Thus, a longer RPO, such as 24 hours, would create the risk of losing a lot more data.)
  • Recovery protocols: Who does what in a disaster situation? Your DRP should clearly define the roles of your recovery personnel, so that there is no confusion and not a minute wasted when disaster strikes. In the case of a data recovery, who oversees it? How, exactly, do they do it? Who do they communicate with, and how are updates communicated with other personnel? All of this should be spelled out to ensure that recovery teams know what to do and can refer back to this guidance when needed.
  • Vendors, supplies & other third parties: These could be IT providers, telecommunications companies or other third parties that may be needed to support the recovery process. For example, in case of an Internet outage, your DRP should identify your Internet provider’s emergency contact information (ideally a specific point of contact) to ensure a faster resolution.
  • Recovery testing: Periodic tests and mock disaster scenarios to confirm your recovery systems work as they should. One example could be a test data recovery to confirm that backups are available and can be restored without integrity issues.

Like your BCP, your disaster recovery plan should also be updated periodically to ensure all the information is still accurate.

Also, remember that the information in your DRP should be dictated in part by a thorough business analysis, like the risk assessments and impact analyses from your overall continuity planning. It is indeed important to understand the differences between a business continuity plan and a disaster recovery plan, but perhaps even more important is understanding how these two documents hinge on each other and play a connected role in maintaining continuity.

Backup & Disaster Recovery

One of the best strategies in disaster recovery planning is to keep all of your data backed up on a server at a secondary site. This way, if a disaster occurs at the primary site, a backup of all vital data is available. A good disaster recovery plan will dictate how you manage and access data from the secondary site as quickly as possible.

For example, in the case of hybrid-cloud backup systems like the Datto SIRIS, you have several recovery options available to you.  If a disaster occurs at the primary site, you can restore data from the cloud or boot the entire backup as a virtual machine. The virtualization method allows for instant access to data and applications while a full recovery is in process.

Ultimately, the reliability of your disaster recovery plan is dependent on everything you’ve included in the plan: all the infrastructure, processes, planning and testing.

Frequently Asked Questions

1) What’s the difference between a business continuity plan and a disaster recovery plan?

The main difference is that a disaster recovery plan is more focused on the procedures for recovering from a disaster, especially in regards to IT systems, while a business continuity plan focuses on the bigger picture of preventing all operational disruptions.

Disaster recovery planning is typically considered a subset of business continuity planning.

2) Which comes first: business continuity or disaster recovery?

Business continuity planning is the foundation of a business’s disaster planning and thus should come before disaster recovery planning. Continuity planning will identify the primary threats to a business using a risk assessment and impact analysis. Those assessments can be used to inform IT disaster recovery planning.

3) What is an example of a business continuity strategy?

One example of a business continuity strategy is creating frequent data backups that can be restored in case files are deleted, destroyed or lost. This strategy involves using a dependable business continuity and disaster recovery (BC/DR) system that enables frequent backups and prompt restore methods.

4) What is business continuity and disaster recovery?

Business continuity and disaster recovery (or BC/DR) refers to the systems and procedures that help a business continue operating through a disaster. The term is commonly used in reference to data backup and recovery systems, but it can apply to other IT systems as well.

Don’t Go without a Plan! Get the Protection You Need.

Being prepared for a disaster is one of the most important things a business can do to prevent costly downtime—or permanent closure—when these disruptive incidents occur. Get in touch with our experts at Invenio IT to explore the technology your organization needs for business continuity, data backup and disaster recovery. Request a free demo or contact our specialists at Invenio IT by calling (646) 395-1170 or by emailing .

Q&A What

Related Posts

What are the 7 decision making tools?
What are the 7 decision making tools?

What is a product line discuss some decisions related to the product line length with a suitable example?
What is a product line discuss some decisions related to the product line length with a suitable example?

How long does it take for mugwort tea to kick in
How long does it take for mugwort tea to kick in

What type of refrigerant does not need to be recovered?
What type of refrigerant does not need to be recovered?

What is the best rationale for trying to decrease the incidence of cold stress in the neonate?
What is the best rationale for trying to decrease the incidence of cold stress in the neonate?

What are some examples of insurable interest?
What are some examples of insurable interest?

What conic section can be formed when a plane cuts the cone parallel to the base of the cone?
What conic section can be formed when a plane cuts the cone parallel to the base of the cone?

What type of persuasive claim focuses on the denotation or classification of what something is?
What type of persuasive claim focuses on the denotation or classification of what something is?

What is it called when the media only discusses draws attention to or runs stories on one aspect of an issue?
What is it called when the media only discusses draws attention to or runs stories on one aspect of an issue?

In how many different ways can the letter of the word ‘armour’ be arranged?
In how many different ways can the letter of the word ‘armour’ be arranged?

What brand of castor oil is best for hair?
What brand of castor oil is best for hair?

What are control charts based on?
What are control charts based on?

Vscode No server install found in WSL, needs x64
Vscode No server install found in WSL, needs x64

How do you get to Motion settings on iPhone?
How do you get to Motion settings on iPhone?

How long is a furlong in horse?
How long is a furlong in horse?

Replace the underlined word with the correct form
Replace the underlined word with the correct form

How many spinach plants per person
How many spinach plants per person

Bread clip in wallet when traveling
Bread clip in wallet when traveling

What aisle is heavy cream on?
What aisle is heavy cream on?

How do you play Roblox on a Chromebook without downloading it
How do you play Roblox on a Chromebook without downloading it

Advertising

LATEST NEWS

How fast does hair grow per day
1 years ago . by TranquilBabbling
Which of the following allows different operating systems to coexist on the same physical computer?
1 years ago . by UnmarkedDuchess
What is being defined as the degree to which something is related or useful to what is happening or being talked about?
1 years ago . by ComingCarcass
Which of the following is NOT a pathway in the oxidation of glucose
1 years ago . by ScarredAccreditation
Juan is the person employees go to when knowledge of a topic was needed. juan holds ________ power.
1 years ago . by AmbitiousExamination
Which of the following is not a standard mounting dimension for an electric motor? select one:
1 years ago . by MiserableSweepstakes
Which set of characteristics will produce the smallest value for the estimated standard error?
1 years ago . by GenerousIntercourse
Is a program that assesses and reports information about various computer resources and devices.
1 years ago . by SeriousBondage
How much energy is needed to move one electron through a potential difference of 1.0 102 volts
1 years ago . by CrackedKnocking
Includes procedures and techniques that are designed to protect a computer from intentional theft
1 years ago . by UneasyInvasion

Advertising

Populer

Advertising

About

Legal

Help

Social

Copyright © 2024 SignalDuo Inc.