Business continuity and disaster recovery planning: The basics | CSO Online


business continuity and disaster recovery planning

Jan 01,  · Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for unforeseen risks to continued operations. Business Continuity Planning. Business continuity planning is an enterprise's strategic framework for responding to natural and manmade disasters. The design and execution of the plan is collectively outlined by the management and leadership teams in line with the organization's resiliency objectives. Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events—whether those events might include a hurricane or simply a power outage Author: Derek Slater.

Disaster Recovery Plan (DRP) | IT Disaster Recovery | Business Continuity Plan

Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events—whether those events might include a hurricane or simply a power outage caused by a backhoe in the parking lot. The CSO's involvement in this process can range from overseeing the plan, to providing input and support, to putting the plan into action during an emergency.

This primer compiled from articles on CSOonline explains the basic concepts of business continuity planning and also directs you to more resources on the topic. Disaster recovery is the process by which you resume business after a disruptive event. The event might be something huge-like an earthquake or the terrorist attacks on the World Trade Center-or something small, like malfunctioning software caused by a computer virus.

Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. The details can vary greatly, depending on the size and scope of a company and the way it does business.

For some businesses, issues such as supply chain logistics are most crucial and are the focus on the plan, business continuity and disaster recovery planning.

For example, the plan at one global manufacturing company would restore critical mainframes with vital data at a backup site within four to six days of a disruptive event, obtain a mobile PBX unit with 3, business continuity and disaster recovery planning within two days, recover the company's 1,plus LANs in order of business need, and set up a temporary call center for agents at a nearby training facility.

But the critical business continuity and disaster recovery planning is that neither element can be ignored, and physical, IT and human resources plans cannot be developed in isolation from each other. Business, security and IT leaders should work together to determine what kind of plan is necessary and which systems and business units are most crucial to the company.

Together, they should decide which people are responsible for declaring a disruptive event and mitigating its effects. Most importantly, the plan should establish a process for locating and communicating with employees after such an event. In a catastrophic event Hurricane Katrina being a relatively recent examplethe plan will also need to take into account that many of those employees will have more pressing concerns than getting back to work.

A good first step is a business impact analysis BIA. This will identify the business's most crucial systems and processes and the effect an outage would have on the business. The greater the potential impact, the more money a company should spend to restore a system or process quickly.

For instance, business continuity and disaster recovery planning, a stock trading company may decide to pay for completely redundant IT systems that would allow it to immediately start processing trades at another location. On the other hand, a manufacturing company may decide that it can wait 24 hours to resume shipping. A BIA will help companies set a restoration sequence to determine which parts of the business should be restored first. Let us give you an example of a company that thinks tabletops and paper simulations aren't enough.

And why their experience suggests they're right. Every year or business continuity and disaster recovery planning, top-level staffers would gather in a conference room to role-play; they would spend a day examining different scenarios, business continuity and disaster recovery planning, talking them out-discussing how they thought the procedures should be defined and how they thought people would respond to them.

Live exercises were confined to the company's technology assets. USAA would conduct periodic data recovery tests of different business units-like taking a piece of the life insurance department and recovering it from backup data. Yates wondered if such passive exercises reflected reality. He also wondered if USAA's employees would really know how to follow such business continuity and disaster recovery planning plan in a real emergency.

When Sept. Yates engaged outside consultants who suggested that the company build a second data center in the area as a backup.

After weighing the costs and benefits of such a project, USAA initially concluded that it would be more efficient to rent space on the East Coast. But after the attack on the World Trade Center and Pentagon, when air traffic came to a halt, Yates knew it was foolhardy to have a data center so far away.

Instead, USAA built a center in Texas, only miles away from its offices-close enough to drive to, but far enough away to pull power from a different grid and water from a different source. The company has also made plans to deploy critical employees to other office locations around the country, business continuity and disaster recovery planning.

Yates made site visits to companies such as FedEx, First Union, Merrill Lynch and Wachovia to hear about their approach to contingency planning. Finally, Yates put together a series of large-scale business continuity exercises designed to test the performance of individual business units and the company at large in the event of wide-scale business disruption. When the company business continuity and disaster recovery planning a loss of the primary data center for its federal savings bank unit, Yates found that it was able to recover the systems, applications and all 19 of the third-party vendor connections.

USAA also ran similar exercises with other business units. For the main event, however, Yates wanted to test more than the company's technology procedures; he wanted to incorporate the most unpredictable element in any contingency planning exercise: the people. USAA ultimately found that employees who walked through the simulation were in a position to observe flaws in the plans and offer suggestions.

Furthermore, those who business continuity and disaster recovery planning for emergency situations are less likely to panic and more likely to remember the plan. Some companies have discovered that while they back up their servers or data centers, they've overlooked backup plans for laptops.

Many businesses fail to realize the importance of data stored locally on laptops. Because of their mobile nature, laptops can easily be lost or damaged. It doesn't take a catastrophic event to disrupt business if employees are carting critical or irreplaceable data around on laptops. One company reports that it is looking into buying MREs meals ready-to-eat from the company that sells them to the military.

MREs have a long shelf life, and they don't take up much space. If employees are stuck at your facility for a long time, this could prove a worthwhile investment.

Many companies, he said, were able to recover data, but had no plans for alternative work places. The World Trade Center had provided more than 20 million square feet of office space, and after Sept. The issue of where employees go immediately after a disaster and where they will be housed during recovery should be addressed before something happens, not after.

USAA discovered that while it had designated a nearby relocation area, the setup process for computers and phones took nearly two hours. During that time, employees were left standing outside in the hot Texas sun. Seeing the plan in action raised several questions that hadn't been fully addressed before: Was there a safer place to put those employees in the interim?

How should USAA determine if or when employees could be allowed back in business continuity and disaster recovery planning building? How would thousands of people access their vehicle if their car keys were still sitting on their desk? And was there an alternate transportation plan if the company needed to send employees home? Smart question—you should definitely define a process for keeping an eye on technology trends. Here are four current trends that, for the most part, actually help with business continuity.

However, they do introduce some challenges and complications as well. Sample benefits: Fewer physical devices to track, smaller data center footprint, easy failover capabilities. Cloud computing. Be sure your contracts clearly spell out your requirements.

Also, testing across multiple cloud providers is complex. Mobile computing. Makes crisis communications and the process of locating employees potentially easier. Social networks. Enables better communication not only with employees but with the world at large.

Read more details and caveats in 4 critical trends in business continuity, business continuity and disaster recovery planning. There isn't a one-size-fits-all answer.

The critical thing is for the BCDR program leader to have a broad perspective and enough clout to get the right elements in place. Here are the latest Insider stories. More Insider Sign Out. Sign In Register. Sign Out Sign In Register. Latest Insider. Check out the latest Insider stories here.

More from the IDG Network. How to start a business continuity program. CSO50 winners announced. What's the difference between disaster recovery and business continuity planning? Get the best of CSO Sign up for our FREE email newsletters!


What is business continuity and disaster recovery (BCDR)? - Definition from


business continuity and disaster recovery planning


Jan 01,  · Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for unforeseen risks to continued operations. Oct 19,  · The terms business continuity and disaster recovery are often mistakenly used interchangeably. And while cloud computing services can be used to address both business continuity and disaster recovery, you must have a fundamental understanding of . Data can be lost, corrupted, compromised or stolen through hardware failure, human error, hacking and malware. Loss or corruption of data could result in significant business disruption. Data backup and recovery should be an integral part of the business continuity plan and information technology disaster recovery plan. Developing a data backup.