Hurricane Ian and the path of its destruction highlight the importance of Business Continuity and Disaster Recovery Planning (BCPDR). For many, the thought of creating such a plan can seem like a daunting task. For others who have already established BCPDR plans, these plans often get placed on the “shelf” or stored in digital files. However companies must treat BCPDR plans as living documents. These plans require regular maintenance and should undergo annual exercises.
“Planning begins with policy.”
BCPDR Planning starts with a clear BCPDR program policy. Crafting this plan protects the company from losing ordinary business functions or critical data due to a disaster. The policy’s scope must clearly define and identify which officer(s) of the company hold the authority to maintain, test and report on the plan’s efficacy.
“What’s the plan?”
A written BCPDR plan defines and establishes protocols for protecting a company’s most critical components and addressing potential risks or impacts to its operations and revenue streams. Defining this notion requires a Business Impact Analysis (BIA). The BIA predicts the consequences of disruptions to business functions, identifies any potential losses to critical business elements, necessary services and the storage or transmission of company data. The BIA also defines the “recovery point objective” and “recovery time objective” which the BCPDR plan must meet or exceed. The BCPDR plan further includes written procedures, instructions, and diagrams necessary to restore ordinary business processes and stores them securely but ensures easy access.
“You play like you practice.”
Asymmetrical response leads the way. Familiarity with the plan, knowing where to go and what to do and when traditional hierarchical leader direction is absent is paramount. This point cannot be stressed enough – the staff will respond seamlessly with the right level of training and practice. Think of “battle stations” drill on a Navy ship. This is achieved through annual tabletop exercises that simulate disruptions to business operations. These exercises help measure the effectiveness of the BCPDR plan as well as educate the staff on understanding the risks and appropriate responses.
Planning coupled with a well-rehearsed workforce goes a long way in ensuring the resiliency of your business in the face of disaster or other disruption. BlueCoat and MethodData have teamed up to support small and mid-market firms in establishing such plans and helping ensure business continuity when the unexpected occurs.