Business continuity planning refers to the set of processes and procedures that organizations have put in place to ensure minimum disruption to their business operations in the event of a disaster. Business continuity also refers to an organization’s ability to ensure that the core business functions have minimum or zero impact following a disruption. Disaster Recovery, on the other hand, is a subset of business continuity, which ensures business processes are not impacted in the event of a disaster.

Disasters or disruptions to an organization’s business function could be  impacted due to

• natural calamities such as earthquakes or floods, fires etc
• outages or disruptions due to power failure
• Hardware failures
• Employee negligence or insider threats
• Cyber attacks
• Pandemic

With the outbreak of the pandemic in 2019, it is all the more critical than ever before to ensure a robust business continuity plan is deployed for an organization that could allow to mobilize the resources and continue to run their businesses seamlessly. A Business continuity and disaster recovery (BCDR) plan ensure the business operations are resumed with minimal disruptions after an unexpected interruption and with minimum loss of data. Properly implemented, the BCDR plan enables an organization to minimize downtime and costs incurred due to a disruption.

Difference between Business Continuity & Disaster Recovery

The business continuity part of a BCDR plan deals with the resources (people, hardware etc) as well as the processes that would be required to minimize the interruptions to the business before, during and after an incident as well as the associated costs. This includes

Business continuity core team: A business continuity core team is central to ensuring effective business continuity for an organization. The business continuity plan can only be effective if it is adequate and well designed as well as the core team can be formed at short notice to execute the steps defined in the plan.

Business Impact Analysis (BIA): The BIA refers to a detailed analysis of the potential threats to an organization and how they impact the business, usually in terms of dollars. The BIA helps identify the business functions that are most critical to the business and helps restore them

Resource Planning: Resource planning involves identifying the required hardware, software, and alternate locations for the office, as well as the key staff that can perform the activities to restore business operations in the event of a disaster

Disaster recovery is used interchangeably with business continuity planning but is actually a subset of business continuity planning. Disaster recovery involves in making sure the IT systems are up and running following a disaster.

Planning for disaster recovery includes the following:

Defining parameters such as Recovery time objective (RTO): RTO is defined as the maximum time the IT systems of the organization can be non-operational without causing a significant impact to the business.

A recovery point objective (RPO) is defined as the variable amount of data that will be lost or will have to be re-keyed following network downtime.

Objectives of a BCDR Plan

The aim of a Business Continuity and Disaster recovery plan is to provide protection to the organization from incurring financial if disruption to the business occurs. Loss of data and application downtime can lead to loss of customer confidence and ultimately they may be forced to do a business shutdown.  A well-planned and robust BCDR plan helps in

• Reduction of the financial risk to the organization
• Enables adherence of the organization to comply with legal, regulatory and contractual requirements
• Prepares the organization to proactively respond in the event of a disaster and resume operations in the shortest possible time following the crisis

Steps involved in executing a  robust BCDR Plan

The following steps are pre-requisite to executing a robust BCDR plan:

Identify the core team: The core business continuity team will be responsible to perform the steps outlined in the business continuity plan in the event of a disaster. The team will also be responsible for the planning, communication and stakeholder management

Conducting a business impact analysis: A business impact analysis identifies the impact that could occur due to an unplanned loss of business functionality in terms of cost. A BIA identifies the business functions that are most critical to the business and prioritizes those functions during recovery

Designing the recovery plan:  Based on the acceptable downtime, the backup and disaster recovery solutions for the business-critical systems has to be implemented

Testing the backups: Disaster recovery testing or testing of the backups forms an integral part of the backup and recovery cycle. Without a proper periodic test of the backups, it cannot be determined if the backups can be properly recovered. A planned and regular testing of the backups is a key to successful recovery and business continuity in the event of a disaster

Execution of BCDR plan: In case a disaster occurs that causes the disruption of the organization’s business, the processes defined in the BCDR plan have to be executed to ensure the systems and business are restored based on business criticality

Review and Continual Improvement: Periodic review and execution of the BCDR are key to successful recovery in the event of a disaster. Based on gaps identified, it is recommended to update, and revisit the plan.