The Basics of Business Continuity and Disaster Recovery Planning: Can Your Business Survive When Disaster Strikes

"Doing an upfront risk assessment will ensure you can properly prioritize your response when a disaster happens, and your teams will have accountability and know what steps to take to limit loss"

What if your systems accidentally go down as you move to virtualization or the cloud?

 

What if your security certificates expire and your website suffers an outage?

 

Many different scenarios could play out so it’s important to consider them all and how your business would communicate and respond, in order to stay afloat, when a disaster occurs. To do this, you must have a thorough understanding of all your IT systems and your entire network infrastructure-including the way it’s engineered, process and procedures required to operate it, and you must identify who owns the different systems that need to be kept running 24x7x365. Doing an upfront risk assessment will ensure you can properly prioritize your response when a disaster happens, and your teams will have accountability and know what steps to take to limit loss.

 

A well laid out DRBC plan is given below for your reference: Conduct a Business Impact Analysis (BIA) to identify the systems and processes that are the most critical for the survival of the company that will need to be restored first. This is where asset management comes to play: most people think they know what they have on their networks but they don’t–including, for instance, the number of servers and how they’re configured, which applications are running and where, and what software or operating systems are being used, etc.

 

Understand what resources and personnel are necessary to keep those critical systems going. You may need to train back up staff on what to do, in case your normal staff isn’t available. Find out what possible threats your system is susceptible to and calculate the risks and costs of each one. Your legal and finance departments need to be aware of the costs associated with downtime to ensure the funds will be there when needed.

 

Determine the maximum tolerable downtime of these systems that your business can sustain and create backup/alternative solutions.

Have a crisis communications plan in place so that you can effectively communicate with your employees and customers when a disaster occurs. This may involve hiring an outside public relations firm that specializes in crisis communications and utilizing social media channels.

Create a disaster recovery team that is spread out among your headquarters and remote offices so that they are trained and ready to go in the event a disaster occurs.

At least once a year, conduct simulations and real-world exercises with your teams to play out different scenarios and determine gaps or weaknesses in your DRBC plan, so you can revise it.

Ensure top level executives, including Chief Executive Officers (CEOs), Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs/CSOs) are involved in the DRBC planning process so they know exactly what could happen if the business suffers a disaster and what their role is in responding and communicating to both employees and customers. Senior leaders also need to sign off on the budget required to bring the systems back to normal operation. Having a firm grasp of this information, and knowing who owns the different systems within the business will instill confidence that teams will promptly and effectively take action if a disaster occurs. But you must also practice regular emergency response drills with the team to not only help strengthen the employees’ skill sets in stopping a disaster, but also to determine areas of the plan that need to be updated, either because of system enhancements, new employees, or information learned through other company’s failures that you are not prepared for.