Hurricane Ian and the path of its destruction serves a reminder of the importance of Business Continuity and Disaster Recovery Planning (BCPDR). For many, the thought of putting together such a plan seems like a daunting task. For others who have established BCPDR plans, they often end up on the “shelf” or in digital storage never to be seen again. BCPDR plans must be viewed as living documents, they require regular maintenance, and should be exercised annually.
“Planning begins with policy.”
BCPDR Planning begins with a BCPDR program policy. The policy should cover the company’s requirement to maintain a well-defined and periodically tested business continuity and disaster recovery plan crafted to protect the company from the loss of ordinary business functions or critical data caused by a disaster. The policy’s scope should be well defined and identify which officer(s) of the company have the authority to maintain, test and report on the efficacy of the plan.
“What’s the plan?”
A written BCPDR plan defines and establishes protocols for protecting a company’s most critical components as well as potential risks or impacts to its operations and revenue streams. Defining this notion requires a Business Impact Analysis (BIA) – the BIA predicts the consequences of disruption to business functions, identifies any potential losses to critical business elements, necessary services and the storage or transmission of company data. The BIA will also outline a desired “recovery point objective” and “recovery time objective” which the BCPDR plan must meet or exceed. The BCPDR plan further includes written procedures, instructions, and diagrams necessary to restore ordinary business processes and should be stored in a secure but accessible manner.
“You play like you practice.”
Asymmetrical response leads the way. Familiarity with the plan, knowing where to go and what to do and when, absent direction from a traditional hierarchical leader is paramount. This point cannot be stressed enough – the staff will respond seamlessly with the right level of training and practice. Think “battle stations” drill on a Navy ship. This can be accomplished through annual tabletop exercises designed to simulate an interruption to business operations. Here we can measure the effectiveness of the BCPDR plan as well as educate the staff on understanding the risks and appropriate response.
Planning coupled with a well-rehearsed workforce will go a long way in ensuring the resiliency of your business in the face of disaster or other disruption. BlueCoat and MethodData have teamed up to support small and mid-market firms to establish such plans and help ensure business continues uninterrupted when the unexpected happens.