MSP360 For IT PROs
Articles about cloud backup, cloud storage and more
BLOG MENU

New to Business Continuity? Understand These 10 Concepts

New to Business Continuity? Understand These 10 Concepts

The Disaster Recovery Institute, in its 2019 predictions, has published a list of potential disasters that could disrupt the world. Some of these are pretty dramatic but realistic nonetheless. 

The list covers natural, political, economic, and other kinds of human-made disasters. While nobody can tell which disaster will occur and when it’s reasonably certain that there will be significant disruptions. 

The question is: which businesses will be impacted. And, to that, the answer is – all organizations are equally exposed, equally vulnerable, and hence, equally responsible for proactive business continuity efforts. 

And that’s where we intend this guide to act as a refresher for executives and business leaders who are already versed with the concepts of business continuity. 

Plus, we hope this serves as a roadmap for those looking to understand how the concepts of business continuity can help then make their businesses more secure and better prepared for the unknown.

Here are the 10 most essential concepts of business continuity:

Resilience, Recovery, and Contingency 

Businesses have to be equipped with tools, technologies, processes, and leadership vision to tackle disasters as and when they strike. They can minimize their losses only if they can rise to the situation and continue to operate effectively even in the event of a catastrophe.

Resilience focuses on:

  • Identifying critical elements of business
  • Mitigating risks
  • Engineering systems for high availability and the capability of recovering quickly
  • Ensuring business resumes to normalcy after disaster strikes, as soon as possible

Recovery focuses on:

  • Relocating systems, if needed
  • Planning to ensure optimized use of limited resources in a disaster situation
  • Creating backups
  • Determining the level of availability/performance for systems to be deemed ‘recovered

Contingency planning focuses on:

  • Developing a contingency planning policy
  • Conducting business impact analysis (BIA)
  • Putting preventive controls in place
  • Creating contingency strategies
  • Developing a contingency plan for information systems
  • Ensuring planning, testing, training, and drills
  • Ensuring plan maintenance and upgrades

By imbibing resilience, recovery, and contingency in the BCP, the downtime of a business is reduced significantly.

Business Impact Analysis (BIA)

Business Impact Analysis plays a pivotal rule in BCP. The steps involved in creating a BIA are simple.

  • The first step is to gather information around the kind of threats that an organization is prone to. 
  • The next step is to associate each of these calamities with a probability factor.
  • Rank them in descending order.
  • According to the nature of the hazard, prepare a detailed report involving the type, possible after-effects, and how to cope in such an event.
  • After signing this off with the senior folks of the organization, a BIA is set in place.

Business Continuity vs. Disaster Recovery

Business continuity is a detailed plan of action an organization will take to ensure that its regular operations continue even when a disaster strikes. It has a much broader scope than disaster recovery.

  New call-to-action

Disaster recovery is best understood as a subset of business continuity planning and aims at reducing the downtime to a minimum. Disaster recovery is imperative to ensure that business continuity is not lost in a crisis. 

It includes tools, policies, infrastructure, or technology that is deemed necessary to restore a business to normalcy.

Further reading Business Continuity vs Disaster Recovery vs BCDR: Difference Explained

Recovery Time Objective 

In the event of a hazard, it is essential to recover any data that is lost in the process. Recovery Time Objective (RTO) refers to the maximum time allowed to restore a business or a website to its fully functional mode after a disaster, such that the downtime remains ‘tolerably’ low. 

Lower your process’ tolerance for downtime, shorter the allowed duration of RTO becomes. 

Further reading Recovery Time Objective (RTO)

Recovery Point Objective

Recovery Point Objective (RPO) is a measure of ‘how latest and updated’ the files must be, which, when recovered, ensure normal operations. RPO is expressed in ‘past time,’ with reference to the moment at which the disaster/downtime occurs. The unit of measure is hours or minutes.  

A low number on this metric indicates a robust BCP.

Further reading Recovery Time Objective (RTO)

Roles and Responsibilities

A BCP is effective only when the team that manages it is clear on the different roles that must be played, and who plays which role when the disaster strikes.

Your business continuity plan is a living document and must be regularly updated. Relevant teams must be well aware of the latest version of the plan, and any changes in roles and responsibilities it implies.

To make sure everybody is equipped to perform their respective roles, conduct dry runs, simulations, plan reviews within team members.

Recovery Procedures and Checklists

Recovery procedures are a set of documents that explain how to cope with a disaster and recover from its after-effects.

It specifically caters to the IT department and covers rules such as keeping the server room safe from fire and physical damage, having proper backup for data and easy restoration.

It also involves regular inspections and scouring for possible vulnerabilities to keep the company’s IT ecosystem safe.

Checklists are the ideal planning documents that help executives ensure their organization’s IT systems comply with the recovery procedures. 

Further reading Disaster Recovery Planning Checklist

Response and Recovery Log

Response and recovery logs refer to documents that record the details of the hazard. 

A response log registers:

  • The type of hazard
  • Who/what was affected
  • The damage incurred
  • The plan that was followed

Recovery log records:

  • How long it took for the business to restore itself to normalcy
  • The steps carried out
  • Information regarding the breakdown of the different operations and their recovery times

Change Management and Business Continuity & Disaster Recovery (BCDR) Testing 

Any disaster management plan is effective only when it is subject to continual testing and improvement.

The same holds for BCDR testing. Some of the methods that can be implemented to test the effectiveness of a BCDR plan are:

Review

The BCDR plan has to be reviewed multiple times and with different stakeholders to assess its effectiveness and usefulness.

Seek assistance from disaster management experts who will be able to see through any loopholes and fine-tune it.

Simulation

Mock drills of the disaster recovery exercise are a great way to prep the staff for any unanticipated hazard. This will also help identify any bottlenecks in the existing plan and make it robust.

TableTop Test

This involves going through every step of the BCP with every staff member by the disaster management team. This ensures that everyone is armed to face any calamity. It also helps in identifying people who may not have enough information and in turn, train them to brave the hazard.

Latest Business Continuity Standards

Irrespective of the scale of hazard, business downtime means loss of time and money. As the nature of threats keeps on changing, so does the state of business continuity standards. 

ISO 22301 is a management system process that helps in ensuring business continuity in the time of a calamity.

  • It helps in identifying the potential risk factors and the kind of hazards that the business is vulnerable to. 
  • The next step is for the business to identify critical operations that cannot suffer as a result of a catastrophe.
  • Once a business identifies that it is imperative to keep them running in the event of a hazard and minimize the impact.
  • The last step focuses on recovering quickly and demonstrating this ability to mitigate a disaster to clients and partners.
  • This framework ensures that business doesn’t suffer a setback due to any calamity.  

BS EN ISO 22301:2014 is another business continuity planning standard, released by British Standards Institution (BSI), and endorsed by British organizations. 

Contingency Planning

Abrupt calamities cannot be predicted. But that doesn’t mean that they can be eliminated while planning to run a business. It is vital to account for unforeseen extremities and have a plan in place.

DR whitepaper icon
Guide to Disaster Recovery Planning
  • Main steps for creating a DR plan
  • Best practices to keep in mind
  • Disaster recovery plan basic template
New call-to-action