Go to Top

Developing a Business Continuity Plan and Disaster Recovery Plan

business continuity

The ever-increasing amount of data has become a huge challenge to companies in the last couple of years. The method of gathering, processing, transferring and storing data in internal or external data centers is becoming more common than ever before. Big Data analysis is becoming a mainstream trend in companies and is becoming more affordable. However, with more and more data, the risk of becoming a victim of data loss also rises.

Over the years, Kroll Ontrack has carried out several surveys surrounding data loss in companies and individuals. The results found in these surveys are obvious: despite better software solutions and hardware, data loss still occurs, and at some point in time, everybody will face its consequences. Regardless of the reason, whether the storage hard drive was malfunctioning or came to its end of life, data loss can have severe effects for the company or individual. When data is the center of a business, a loss of frequently used data can sometimes lead to bankruptcy, e.g. when deadlines can´t be met in an ongoing project or databases are not available anymore.  Kroll Ontrack surveys also show that having backups doesn’t necessarily mean that they will work when disaster strikes. Therefore, having a solid business continuity plan as well as a sound disaster recovery plan is an absolute necessity.

What is a business continuity plan (BCP) and what does it include?

A business continuity plan (BCP) will help a company in the event that the business experiences a disruption. When a business goes through a disruption, it typically costs money. To keep these loses to a minimum, a BCP document should cover all necessary steps and time frames to get resources, processes and functions up and running again.

What is a disaster recovery plan (DRP) and what does it cover?

A disaster recovery plan (DRP) is a documented process to recover a business IT infrastructure in case of a disaster. A disaster could happen because of natural or man-made reasons.  Examples of natural disasters include blizzards, storms or floods, while terrorism or hacking attacks, such as the recent Ransomware cases, are examples of a man-made disaster. When disaster strikes, the IT environment often suffers from severe disruptions, which can result in data loss.

What should you consider when developing a BCP and DRP?

  1. Good business continuity (BC) and disaster recovery (DR) plans should cover everything from usual reasons for data loss, like hardware failure, human failure, smoke, fire and water damage. to not so common incidents like data loss due to hackers and criminals. Every company should prepare their BC and DR plans to be adaptable to any possible hazard.
  2. Creating a good BC and DR plan should involve the participation of everybody in the process. The more people involved in creating these plans, the higher the risk is for error. Additionally, employees can identify vulnerabilities and capacity planning requirements way in advance.
  3. IT consultants often state that a Risk Assessment is necessary in order to create decent BC and DR plans. Risk Assessment defines what can cause a failure.
  4. Tests are necessary to make BC and DR plans work when a disaster strikes. Therefore, when developing a plan, testing is an integral part of the process. Trying to cut costs and resources does not create effective security and only helps to stay in budget. When a disaster strikes, the cost will be much higher in the end
  5. Frequent updates are not only necessary for the soft- and hardware in your company, but also for your BC and DR plans. It is not so uncommon for BC and DR plans to have 100 or more pages of detail. Since technologies changes so often, it is wise to divide the plan into individual steps for a better overview.
  6. Is it really necessary to develop large BC and DR plans that are hundreds of pages long? The answer is no. Sometimes a simple 2-10 page-long document with the needed information should be enough to cover all the necessary steps. However, this depends highly on the structure of the company and its rules and regulations. When a large document is required, it is wise to create a separate smaller version of the plans.

Leave a Reply

Your email address will not be published. Required fields are marked *