Business continuity/disaster recovery (BC/DR) is another popular topic always in the news. There are more horror stories than you can count. The key is to realize the importance of planning and begin preparing your business. BC/DR covers disruptions from Internet service outages, natural disasters and data loss. That is why BC/DR is a best practice to help insure the stability of your business. This article addresses the basics of defining BC/DR and an overview of planning and testing.
What is Business Continuity/Disaster Recovery?
According to the Business Continuity Institute, business continuity (BC) is defined as: “the strategic and tactical capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level.” Disaster recovery (DR) is defined as: “the strategies and plans for recovering and restoring the organization’s technological infrastructure and capabilities after a serious interruption.”1 In summary, BC is considered a business function, whereas, DR is a technology function. However, it is important that BC & DR are interrelated to ensure all critical areas are covered. Communication is vital to BC/DR.2
Business Continuity Plan Overview
It is important to understand the scope and resources when developing a plan. The Federal Emergency Management Agency (FEMA), provides a number of resources for BC/DR. FEMA developed a list of four steps for BC planning: (1) business impact analysis, (2) recovery strategies, (3) plan development and (4) testing and exercises (see Figure 1).3 Businesses must understand and document all of the processes as a part of business continuity. This includes items such as: how is business conducted, key stakeholders, communication, ability to locate resources, etc. Business continuity goes beyond the technical aspects which are incorporated in DR.
Disaster Recovery Plan Overview
Disaster recovery focuses on re-establishing connectivity for the technology infrastructure. DR is different than business continuity, but is a very important because technology is the tool that facilitates communication for businesses. Part of the DR plan is to identify the vital technology systems and software for conducting business. According to FEMA, “priorities for IT recovery should be consistent with the priorities for recovery of business functions and processes that were developed during the business impact analysis.”4
Why is BC/DR Important?
It is important to develop and test BC/DR plans so that your business is prepared. All businesses are susceptible to an outage. Here are three examples of major companies experiencing an outage.
- Social media outage January 2015: Facebook engineers made a change to their system configuration causing an outage on Facebook, Instagram and Tinder.5
- PayPal outage October 2015: This outage affected eBay and Etsy online transactions. Here is an example scenario describing the impact: “the economic impact of a PayPal outage is actually significant for the company’s 173 million users. PayPal processed $235 billion in payment volume in 2014, or $644 million per day on average. For two hours, that would equal $51 million in payments. While these are estimates, that’s a large loss for merchants.”6
- JFK Airport outage May 2016: A server outage at JFK airport caused major delays requiring security lines to check individuals by hand. It was reported that a Verizon outage caused the issue.7
BC/DR can be conducted internally or externally. It is recommended that businesses at least consult with an expert on their BC/DR plan; however, the most important thing is that you develop and implement a BC/DR plan. There is a quotation by Benjamin Franklin that provides a great summary on the importance of planning: “By failing to prepare, you are preparing to fail.”8