Business Continuity and Disaster Recovery Plan (BC/DR)

Business continuity and disaster recovery are related but they are not the same. Business continuity is concerned with the continued operation of business services when key business delivery components have ceased to function. Disaster recovery is concerned with the restoration of service disruptions.

Because business continuity plans often involve the restoration of services, the two plans are often merged into what has become known as the BCDR plan.

The BCDR plan should include all the information necessary to enable business continuity including all the contacts, processes, procedures, plans, documentation, knowledge and access requirements needed to enable or facilitate the continued operation of key business services.

One key consideration when creating the plan is the availability of key staff. The planners should consider that the event that caused the service disruption may have also affected staff on a personal level. Fires, floods, health related outbreaks or security incidents are just some events that may prevent key staff from affecting their responsibilities detailed in the BCDR plan.

A good BCDR plan should address or include the following items:

1. The definition of an emergency incident - what events will trigger the application of the business continuity and disaster recovery plan? These events may include;

  • Environmental disasters
  • Serious health related outbreaks
  • Hardware failure
  • Deliberate physical or electronic attacks
  • Loss of core services such as electricity

2. Emergency procedures - many emergency incidents occur suddenly and unexpectedly. Emergency procedures will help to bring some order at the height of the incident and will ensure that key tasks are carried out. This includes any existing procedures where the workflow may change. Change management is a prime example where processes and procedures may need to change in order to cater for reduced communication capacity between staff.

3. A communication plan - clear communications can help to reduce damage and speed up the restoration of services. Key contacts, communications devices and mediums as well as the format of the communication should be identified in the communication plan.

It is also important that management and leaders have a medium by which to receive and disseminate information quickly and efficiently. In a disaster event, desicions are made using the most current assesments but they may also change just as quickly as newer information comes to hand.

4. A business risk assessment - Core business services should be well documented and the impact of the loss of those services should be clearly defined to assist in decision making and prioritizing during the incident and services restoration.

5. A clear hierarchy - roles and responsibilities can become blurred during an incident, especially if key staff members are not available or infrastructure or services that are serviced by a number of departments are hindered. Clear roles will facilitate the decision making process.

The recovery effort will also require a clear hierarchy if the workforce returns in a diminished capacity, without the regular resources or if there is confusion about revised priorities in terms of selecting the order in which key services are restored.

6. Technical service restoration tools and documentation - all information necessary to restore, re-build or migrate services should be available. This information may include;

Key technical contacts names and numbers
  • Technical documentation including hardware and software necessary to view the documentation.
  • Passwords and pin numbers
  • Access (or instructions for access) to premises such as data centers and communications rooms
  • The process required to backup and recover of data
  • Telecommunications capability if remote connections or wide area connections are required as part of the service restoration.
  • Infrastructure availability such as laptops, computers, servers, monitoring stations and any other tools
  • Procurement process for the purchase of emergency gear such as computers and cables if a makeshift computer room is required.

7. Ongoing and regular testing of the entire plan. Organizational structure, technology, key staff, contact numbers and core services change over time. The business continuity and disaster recovery plan should always reflect the current business. A serious incident should not be the first time that the plan is implemented.

8. Consider the details. The most pressing problems in a disaster scenario will be what was not considered. As an example, consider the position of your elevators in a flood scenario. If they are parked in the basement then they will get flooded, if they are parked in the top floor then it is likely that they will remain dry. These small overshights can delay the re-establishment of normal operations into a building.
Share |
Custom Search
IT Pathways - The IT Careers Encyclopedia
Menu filter