Overview of IT Business Continuity & Disaster Recovery
What is Business Continuity?
Business Continuity (BC) involves planning to keep all aspects of a business functioning during disruptive events. ICT is therefore only a part of BC which should involve thinking about all aspects of the business on a higher level.
What is business continuity management?
IT Business Continuity Management (BCM) is the process, policies, and procedures related to preparing and protecting business operations from disruptions caused by threats such as cyber-attack and natural disasters, as well as resource unavailability such as restricted office access, power/communication outages, technology loss, staff absenteeism, and supply chain failure.
What is Disaster Recovery?
Disaster Recovery (DR) is considered as a part of business continuity, it focuses on the IT or technology systems that support business functions. DR extends beyond the scope provided by everyday Incident Response and Management because the scale and type of events are extraordinary and require special measures.
Why are business continuity and disaster recovery plans important?
It is important for businesses to create an ICT Business Continuity and Disaster Recovery Plan (BC-DR Plan) which considers different scenarios that could affect operations and to conduct an impact analysis that considers not just the financial loss but also the impact on Customers, Staff, Suppliers and other Stakeholders. From the plan the business should create a Disaster Recovery Policy as well as a Business Continuity Policy, with these policies becoming part of the Standard Operating Procedure for the business.
Clearly not every business is the same and therefore plans need to be unique and should consider the acceptable cost of recovery and the overall impact. The plan needs to consider the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) which is the amount of data the business is prepared to lose and how long it takes to restore systems from the incident. We always recommend that once in place, the plan should be continually reviewed and tested.
This diagram shows the relationships between the factors that need to be considered. While idealised goals can be set there could be significant differences to both the actual data loss and the time to recover.
It’s important to keep in mind that Mission or Business-critical and non-critical applications vary across sectors and each business should determine the relative impact as part of its Impact Analysis. For example, you could use a three-tier model to formulate your business continuity plan:
– Tier-1: Mission-critical services & applications that require a very fast RTO with a Zero RPO
– Tier-2: Business-critical applications & services that require RTO of 24 hrs & RPO of 4 hrs
– Tier-3: Non-critical applications & services that require RTO of 48 hrs & RPO of 24 hrs
We implement resilient systems for businesses as well as security fabric to protect business information from damage or loss. A wide range of replication, backup and restore solutions are matched to a business’s requirements following consultancy and discovery exercises. Continuing support and systems management maintains reliability and availability.