Basics
Business Continuity and Disaster Recovery Planning: The Basics
Good business continuity plans will keep your company up and running through interruptions of any kind: power failures, IT system crashes, natural disasters, supply chain problems and more.
Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events—whether those event might include a hurricane or simply a power outage caused by a backhoe in the parking lot. The CSO's involvement in this process can range from overseeing the plan, to providing input and support, to putting the plan into action during an emergency. This primer (compiled from articles on CSOonline) explains the basic concepts of business continuity planning and also directs you to more CSOonline.com resources on the topic.
- What's the difference between disaster recovery and business continuity planning?
- What does a disaster recovery and business continuity plan include?
- How do I get started?
- Is it really necessary to disrupt business by testing the plan?
- What kinds of things have companies discovered when testing a plan?
- What are the top mistakes that companies make in disaster recovery?
- I still have a binder with our Y2K plan. Will that work?
- Can we outsource our contingency measures?
- How can I sell this business continuity planning to other executives?
- How do I make sure the plans aren't overkill for my company?
- Related articles from CSO
Q: "Disaster recovery" seems pretty self-explanatory. Is there any difference between that and "business continuity planning"?
A: Disaster recovery is the process by which you resume business after a disruptive event. The event might be something huge-like an earthquake or the terrorist attacks on the World Trade Center-or something small, like malfunctioning software caused by a computer virus.
Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. "Business continuity planning" suggests a more comprehensive approach to making sure you can keep making money, not only after a natural calamity but also in the event of smaller disruptions including illness or departure of key staffers, supply chain partner problems or other challenges that businesses face from time to time.
Despite these distinctions, the two terms are often married under the acronym BC/DR because of their many common considerations.
All BC/DR plans need to encompass how employees will communicate, where they will go and how they will keep doing their jobs. The details can vary greatly, depending on the size and scope of a company and the way it does business. For some businesses, issues such as supply chain logistics are most crucial and are the focus on the plan. For others, information technology may play a more pivotal role, and the BC/DR plan may have more of a focus on systems recovery. For example, the plan at one global manufacturing company would restore critical mainframes with vital data at a backup site within four to six days of a disruptive event, obtain a mobile PBX unit with 3,000 telephones within two days, recover the company's 1,000-plus LANs in order of business need, and set up a temporary call center for 100 agents at a nearby training facility.
But the critical point is that neither element can be ignored, and physical, IT and human resources plans cannot be developed in isolation from each other. (In this regard, BC/DR has much in common with security convergence.)At its heart, BC/DR is about constant communication. Business leaders and IT leaders should work together to determine what kind of plan is necessary and which systems and business units are most crucial to the company. Together, they should decide which people are responsible for declaring a disruptive event and mitigating its effects. Most importantly, the plan should establish a process for locating and communicating with employees after such an event. In a catastrophic event (Hurricane Katrina being a relatively recent example), the plan will also need to take into account that many of those employees will have more pressing concerns than getting back to work.
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on Symantec.Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is?Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say.7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions.Ponemon Study: How Much Does a Data Breach "Cost"?
35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals are studied in this report.
- IT Service Management: Metrics That Matter
- Bridge Two Worlds. Unify Your Enterprise Applications & SaaS.
- How Are Open Source Development Communities Embracing Security Best Practices?
- Using Likewise to Comply with PCI Data Security Standard
- Ponemon Study: How Much Does a Data Breach "Cost"?
- Managing SSL Security in Multi-Server Environments
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
Data Loss Prevention
-
November 13, 2008The Roosevelt HotelRegister now »
New York, NY 10017
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
