The Importance of Business Continuity
The intent of a business continuity plan is to sustain business operations while recovering from a significant disruption. An event has created a disturbance in the environment, and now you need to know how to maintain the business.
A key part of the plan is communication, including multiple contact methodologies and backup numbers in case of a disruption of power or communications. Many organizations will establish a phone tree, so that if one person is not available, they know who else to call. Organizations will go through their procedures and checklists to make sure they know exactly who is responsible for which action. No matter how many times they have flown, without fail, pilots go through a checklist before take-off. Similarly, there must be established procedures and a thorough checklist, so that no vital element of business continuity will be missed.
We call the appropriate individuals and start to activate the business continuity plan. Management must be included, because sometimes priorities may change depending on the situation. Individuals with proper authority must be there to execute operations, for instance, if there are critical areas that need to be shut down.
We need to have at hand the critical contact numbers for the supply chain, as well as law enforcement and other sites outside of the facility. For example, a hospital may suffer a severe cyberattack that affects communications from the pharmacy, the internet or phone lines. In the United States, in case of this type of cyberattack that knocks out communications, specific numbers in specific networks can bypass the normal cell phone services and use military-grade networks. Those will be assigned to authorized individuals for hospitals or other critical infrastructures in case of a major disruption or cyberattack, so they can still maintain essential activity.
Business continuity refers to enabling the critical aspects of the organization to function, perhaps at a reduced capacity, during a disruption caused by any form of disturbance, attack, infrastructure failure or natural disaster. Most incidents are minor and can be handled easily with minimal impact. A system requires a reboot for example, but after a few minutes the system is back in operation and the incident is over. But once in a while a major incident will interrupt business for an unacceptable length of time, and the organization cannot just follow an incident plan but must move toward business continuity. Business continuity includes planning, preparation, response and recovery operations, but it does not generally include activities to support full restoration of all business activities and services. It focuses on the critical products and services that the organization provides and ensures those important areas can continue to operate even at a reduced level of performance until business returns to normal. Developing a business continuity plan requires a significant organizational commitment in terms of both personnel and financial resources. To gain this commitment, organizational support for business continuity planning efforts must be provided by executive management or an executive sponsor. Without the proper support, business continuity planning efforts have little chance of success.
Components of a Business Continuity Plan
Business continuity planning (BCP) is the proactive development of procedures to restore business operations after a disaster or other significant disruption to the organization. Members from across the organization should participate in creating the BCP to ensure all systems, processes and operations are accounted for in the plan.
The term business is used often, as this is mostly a business function as opposed to a technical one. However, in order to safeguard the confidentiality, integrity and availability of information, the technology must align with the business needs.
Here are some common components of a comprehensive business continuity plan:
- List of the BCP team members, including multiple contact methods and backup members
- Immediate response procedures and checklists (security and safety procedures, fire suppression procedures, notification of appropriate emergency-response agencies, etc.)
- Notification systems and call trees for alerting personnel that the BCP is being enacted
- Guidance for management, including designation of authority for specific managers
- How/when to enact the plan
- Contact numbers for critical members of the supply chain (vendors, customers, possible external emergency providers, third-party partners)
The business continuity plan needs to be maintained somewhere where it can be accessed. Often, in modern organizations, everything is digital and not provided as a hard copy. This can be dangerous, just like storing everything within the main company building. Some organizations have what is called the Red Book, which is given to the appropriate individual outside the facility. All the procedures are outlined in that document—in case, for example, a hurricane hits, the power is out and all the facilities are compromised and there is no access to electronic backups. It is important to update this hard-copy Red Book any time the electronic copy is updated so both versions remain consistent.
Understand Disaster Recovery (DR)
Disaster recovery planning steps in where BC leaves off. When a disaster strikes or an interruption of business activities occurs, the Disaster recovery plan (DRP) guides the actions of emergency response personnel until the end goal is reached—which is to see the business restored to full last-known reliable operations.
Disaster recovery refers specifically to restoring the information technology and communications services and systems needed by an organization, both during the period of disruption caused by any event and during restoration of normal services. The recovery of a business function may be done independently of the recovery of IT and communications services; however, the recovery of IT is often crucial to the recovery and sustainment of business operations. Whereas business continuity planning is about maintaining critical business functions, disaster recovery planning is about restoring IT and communications back to full operations after a disruption.
Components of a Disaster Recovery Plan
Depending on the size of the organization and the number of people involved in the DRP effort, organizations often maintain multiple types of plan documents, intended for different audiences. The following list includes various types of documents worth considering:
- Executive summary providing a high-level overview of the plan
- Department-specific plans
- Technical guides for IT personnel responsible for implementing and maintaining critical backup systems
- Full copies of the plan for critical disaster recovery team members
Checklists for certain individuals:
- Critical disaster recovery team members will have checklists to help guide their actions amid the chaotic atmosphere of a disaster.
- IT personnel will have technical guides helping them get the alternate sites up and running.
- Managers and public relations personnel will have simple-to-follow, high-level documents to help them communicate the issue accurately without requiring input from team members who are busy working on the recovery.
Good day! This is kind of off topic but I need some guidance from an established blog. Is it very hard to set up your own blog? I’m not very techincal but I can figure things out pretty fast. I’m thinking about creating my own but I’m not sure where to begin. Do you have any points or suggestions? Thank you