It appears as if there is an increase in disasters striking companies around the globe. From something as small as a hacker stealing important information, to as large as a disaster that leaves your premises in ruins, disaster can strike at any time. Many companies are starting to develop plans to prepare for any disasters, two of the most common being Disaster Recovery (DR) and a Business Continuity Plan (BCP).
What is a BCP?BCP entered the mainstream just before the year 2000, with the Y2K scare. It's a plan that covers the way a business plans for and maintains critical business functions, directly before, during and after a disaster.
The majority of plans are comprised of activities that ensure maintenance, stability, and recoverability of service. The plan is typically set up on a day-to-day basis, and covers the whole organization. In other words, it's a plan on how to remain operational during and after a disaster.
The main reason companies implement a plan like this is because they wish to remain able to provide their service or product to customers. If something happens and you are not able to deliver to your customers, there is a risk that they will simply go to another company. This will obviously cause you to lose not only customers, but valuable income, some of which may be needed to further recovery.
What is DR?Disaster Recovery is really more focused on what happens after a disaster. Many times, it's actually a part of the overall continuity plan. While BCP focuses on the whole business, DR plans tend to focus more on the technical side of the business. This includes components such as data backup and recovery, and computer systems.
It's best to think of a BCP as an umbrella policy, with DR as part of it. If companies don't have a DR component of their overall continuity plan, there is a good chance the whole strategy will be either less effective, or useless. On the other hand, DR can actually stand alone, and many companies can do just fine without a full continuity plan.
What should DR and BCP contain?While these plans are slightly different, they do share the same common goals - to offer support and assistance during a disaster. Therefore, regardless of what type of plan you decide to adopt, there are common elements both need to incorporate in order to be successful.
- An operational plan for potential disasters that could happen in your geographical area.
- A succession plan for you or your top management.
- Employee training and cross-training. Your employees should know their role in the plan and be trained in other responsibilities should someone else be unable to perform their role.
- A communication plan that includes ways of communicating if networks are down.
- Off-site locations for staff and managers to meet and work.
- A focus on safety. Foster partnerships and communication with local and emergency response services. Ideally, all employees should at least know basic first aid. Employees who are members of local Emergency Response Teams make great team leaders.
- Daily backups of your systems and data. Be sure to also train staff in the testing and recovery of systems.
- Training and testing of all employees to practice recovery activities in realistic role-playing scenarios.
- Regular audits and updates of your plans to ensure they are still relevant and able to protect your systems and company.