Historically IT departments have been responsible for data recovery during a disaster – whether it is one server failing or the entire loss of a facility due to fire or flood. However, with increased concerns due to cyber-crime (ransomware) and workplace violence, there is shift into planning for business restoration or Business Continuity.
Often disaster recovery and business continuity are thought to be inter-changeable, but they are two different but related plans.
Business Continuity Plans (BCP) are proactive strategies for maintaining the flow of business in the event of a disaster. It is an organizational wide plan and requires input and buy-in from all areas of the business. The plan should include an analysis of business requirements, risks, and processes to define mission critical applications, data, and functional areas. From this assessment the plan will outline key factors such as:
- Definition of a disaster
- Communication plan
- Time required for access to systems, data
- Prioritization of recovery
- Location(s) for teams to work – off-site space, home?
- Key resources
A Disaster Recovery Plan (DRP) provides the reactive guidelines for restoring systems as outlined in the BCP and is technically focused. DRP defines the IT assets, data, and hardware required to get the business running as soon as possible. It leverages different technologies to support replication and backup\restore across data centers and\or the cloud.
DRP should also address recovery from malware, hardware failures, and full data center restoration. An inventory of hardware and software with current editions and versions should be included and updated accordingly.
Whether BCP or DRP, a test of the plan is required, and the plan should be fully tested at least once a year.
Peters & Associate has assisted many organizations in building, assessing and testing their plans. If you would like more information on how we can help you plan for the unexpected, please contact us at firstname.lastname@example.org.