Business Continuity and Disaster Recovery Plan

A Business Continuity and Disaster Recovery (BCDR) Plan is a set of techniques and processes that are used by organizations to assist in recovering from a disaster and resuming everyday business operations. It is easier to understand the BCDR processes when it is broken down into two sections:

Business Continuity (BC) 

This side of the procedure deals with the business side of things. The procedure is about creating policies and procedures that ensure essential business functions are operational during and after a disaster. This involves:
  • Replacement of staff
  • Service availability issues
  • Business Impact Analysis
  • Change Management Process

Disaster Recovery (DR)

Disaster Recovery primarily deals with the IT side of the process. This process will define how an organization or business recovers from a natural or digital disaster. This involves:
  • Server and Network restoration
  • Copying backup data
  • Ensuring backup systems are operational

There are a few other critical terms you should be familiar with when discussing and creating and testing your BCDR plans. These include:

Recovery Point Objective (“RPO”):  What is the requirement in your plan for data to be restored back to.  Put another way, if things crashed today, how far back in time would you have to go to recover valid data, and is that amount of lost data acceptable to the business?  Some companies set an RPO of a week. This means if they had to restore from backups, they would restore data from a week-old backup losing up to a week’s worth of transactional data and activities.

Recovery Time Objective (“RTO”): How quickly should you be able to execute your recovery plan is your RTO.  If you started your BCDR at this moment, and your RTO is 24 hours, then your full operations should be restored to 100% within 24 hours of starting to execute the BCDR plan.

Should SMB’s have a BCDR Plan?

Yes. Unless your business can withstand an extended outage of a week or more, you should have a BCDR plan developed by your technology team or Managed Services Provider.  Furthermore, that plan should be tested.

What can Happen if you don’t Test your Plan?

In one recent nightmare scenario, a BCDR plan was needed and had an RPO of 24 hours and an RTO of 24 hours. The problem was, the backups could not be restored quickly enough from their storage location offsite due to a very slow Internet connection and a large volume of data to be transferred for restoration. Ultimately, the BCDR plan was modified to have a local backup of the data performed once a month so it could be the restoration point onto which incremental changes would be restored from the Internet backup location one week at a time until the RPO was achieved. This impacted the RTO which had to be expanded to 48 hours (from 24) to accommodate the additional restoration steps but was the most economical approach the company could afford and accept.

To learn more about BCDR, watch this short video:

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.