Other

What Does a Business Continuity Plan Typically Include?

Did you know that 93% of companies who fail to have a business continuity plan and who suffer a major data disaster are out of business within one year? Additionally, 96% of companies with a trusted disaster and recovery plan were able to survive such attacks and get back to business almost immediately.

An effective business continuity plan is a plan that allows for contingencies such as natural disasters, virus attacks, or any loss of access to the critical infrastructure of a business.

Business Continuity Planning Process

A business continuity plan is a set of procedures designed to ensure that an organization continues to operate during times of disaster. The purpose of a business continuity plan is to minimize the impact of disasters on operations. An effective business continuity plan should be developed by senior management and reviewed regularly. It includes detailed plans for each critical function within the company.

The steps involved in developing a business continuity plan are:

1. Identify potential threats to the business.
2. Determine the level of risk associated with each threat.
3. Develop strategies to mitigate risks.
4. Implement the mitigation strategy.
5. Review the plan periodically.

Disaster Recovery Planning

Disaster recovery planning (DRP) involves creating a plan for recovering an organization’s IT systems and processes in the event of a natural or manmade disaster. DRP is intended to provide a framework for identifying and implementing the necessary actions to recover the organization’s IT infrastructure.

There are two types of DRPs:

• Business-continuity plans are designed to protect businesses against catastrophic events beyond their direct control. These include acts of terrorism, severe weather, earthquakes, fires, floods, power outages, etc.
• Disaster response plans are used to respond to incidents such as hurricanes, tornadoes, snowstorms, and other emergencies that affect the physical environment.

In addition to these two types, there are three levels of DRP:

• Level 1: This is the basic level of DRP. It focuses on protecting the data center itself.
• Level 2: This level of DRP provides additional protection of the entire enterprise.
• Level 3: This level of DR Plan is the most comprehensive one. It covers all aspects of the business including people, facilities, technology, and supplies.

An effective disaster recovery plan must address the following issues:

• What happens when the disaster occurs?
• How does the organization react to the disaster?
• What do we do after the disaster?
• Who is responsible for what?
• When will it happen again?
• Is this something I can afford?

Planning For Business Continuity

Business continuity planning is a proactive approach to managing risk. It requires organizations to identify and understand the risks facing them, develop appropriate responses to those risks, and implement those responses.

Business continuity planning is not just a matter of having a backup system ready to go; it also means making sure that you have adequate resources available to handle any problems that may arise.

Assessing Threats and Risks

Your continuity plan needs to include everything that could possibly attack the infrastructure of your business to allow for any event that might negatively impact your general operations. The goal is to prevent IT downtime that would naturally occur from such an attack. The attack can be deliberate or it may be accidental. Intention doesn’t matter but getting the business back in working order is the focus.

Secondly, you must have a plan that preserves important data that is central to your business. The data might also include sensitive information that belongs to your clients and customers. Because your credibility is at stake, you must take the time to secure any data that could be used in a negative way and shut down any systems that are vulnerable.

Recovery Time Objectives

Recovery Time Objectives (RTOs) are used to define how long it takes to recover from a major incident. RTOs are typically expressed in hours, days, weeks, months, years, or decades. Recovery time objectives can also be defined by using different metrics such as number of personnel required, equipment needed, number of facilities needed, etc. The following table shows some examples of recovery time objectives for various incidents.

Critical Business Functions

A disaster recovery plan should include all critical business functions such as payroll, human resources, customer service, and finance. The goal is to ensure that these critical business functions continue to operate during a natural disaster or other emergency situation.

Benefits Of a Disaster Plan and Recovery Strategies

The general goal of a disaster or business continuity plan is to improve the level of responsiveness by employees in different situations that might interfere with the daily operations of your business.

Like preparing for disasters such as tornadoes, earthquakes, or other events that are unpredictable, a disaster plan or business continuity plan requires all members to be on board to make it work efficiently.

Emergency Management Plan

Not only should a business have a disaster plan, but they should have the continuity plan outlined succinctly in a place where everyone has access to it. It should be required reading for all executives, employees, and other staff members that work within the facility where the business is operated. Additionally, you should have assigned specific jobs and responsibilities to staff members who will be responsible for various actions in the event of an emergency.

1. Initiate the project – During this stage you will outline the goal of your business continuity plan and decide who will do what and when in the event of an emergency. You will start the project by considering all the resources you have and how you will store data and take care of the little things that preserve critical data points and other important assets.
2. Information-gathering phase – In this phase you will get information and data that applies to your situation planning for a possible emergency or disaster and do a business impact analysis and a risk assessment. In other words, during this stage, you are looking at the worst case scenario and predicting how much downtime you might experience from a disaster such as a cyber-attack, storm outage, or loss of connection that may result in lost files or data.
3. Planned development – In this stage you will plan how you are going to carry out your business continuity plan and how you will recover from a possible disaster by using all the resources you have available. Your plan development could be in the shape of a pyramid with the top being business continuity which is a state of full operations, risk management under that, and Information Technology recovery near the bottom. You will utilize your server storage and network to serve as a backup strategy so that you will always have your data in the event of such an emergency situation.
4. Plan testing maintenance and updating – In this stage, you will plan and test out some of the important aspects of your disaster plan. You may want to back up and make some changes that will allow you to stay current and to make sure your plan is going to work on all levels. You need to rehearse an unplanned event and go through a drill much like you would have fire or tornado drill to make sure everything works as planned. If you find it lacking, you should evaluate the effectiveness of your plan and how it fits areas that need improving.
5. Getting back to Normal – Business as usual getting back to normal is the goal once you have gotten through the main parts of a disaster or downtime in your business. Disaster recovery is the part of your plan that allows for you to get back to a form of normalcy where you can again perform the tasks that run your business.

This may take some time, depending on the type of disaster that occurred and the amount of damage or loss you experienced. If you had a building fire, for example, it will take a lot longer to get back into your building to conduct business than if you had a cyber-attack that could be stopped by your IT team.

Why Does Your Company Need a BCP?

A business continuity plan is sometimes referred to as a disaster recovery plan  because it allows for the preservation of critical data and other elements of your business. Having a good contingency plan ensure you that downtime is limited to the minimum amount of time needed to get it back up and running. Protection of data is the other aspect of this. You must make sure that your customers’ data is safe and secure and it usually involves putting it in a remote location or a SkyDrive outside of your location in which the disaster occurred.

What Does a Business Continuity Plan Typically Include?

Below are the main aspects of a continuity plan that you may want to consider when you are planning.

1. Analysis of Potential Threats – During your planning phases, it is critical that you consider what the potential threats may be and build your plan accordingly. For example, in a natural disaster such as a flood or tornado, your physical space might be destroyed. In a power outage, the damage may be minimal or non-existent, but you still have to account for the downtime.
2. Areas of Responsibility – This is where you establish who will be responsible for what in the event of a shutdown or disaster. Think about the talents of your staff and where they can best be used. Remember that in a physical disaster, some of your staff might be injured and might not be able to carry out their duties. So you may want to assign additional people to some of these roles.
3. Emergency Contact Information – Keep emergency contact information in several places such as on a removable hard drive, your cell phone, and a Rolodex. That way, no matter what type of disaster strikes, you’ll be able to get to this information in a hurry.
4. Recovery Teams – Your disaster recovery team should consist of experts in their fields and should include someone in science, communications, security, and personnel. You will need these people as you start to build back your infrastructure after the disaster is over.
5. Off-site backup of data – Having a remote site for your important data is important since your physical hard drives could be unrecoverable.
6. Backup power – Backup power such as backup generators and other tools are needed to get your electrical system or computers back up and running.
7. Alternative communications plan – Try to imagine all of the possible scenarios and plan for a way to continue to communicate if all of your landline communications devices are down. Cell Phones will still work as long as your service is not interrupted but make sure you keep your battery charged.
8. Alternate operations site – You should have an alternate site if possible so that you could conduct business operations there in the event you cannot operate in your main building. Plan for a few months and make sure you could run your central operations from another location if the need arose.
9. Essential equipment/services blog – You should also plan for using email, web servers, and other essential equipment that is required to keep your business running.
10. Recovery phase – During the recovery phase, you will need to have a plan in place that will help your business get back to normal as soon as possible.

It is important to distinguish between a business continuity plan and a disaster plan. While they both work together in unison, the business continuity is planning how to keep your business going despite the disaster, while the DCP is designed to build back your damaged infrastructure following the disaster.

For help in planning your business continuity planning and disaster plans, contact us for more information. We can help you prepare for the unexpected.

Best Solutions: ExterNetworks to The Rescue

It’s wise to think ahead and we can help. We offer the following services to help you build your unique business continuity plan.

IT Managed Services – Managed services is a strategy that we use to streamline your technical operations to save you money while keeping focused on the important aspects of your business operations.

Managed Security Services – Our managed security services consider every type of threat to your business that might occur. We also utilize our resources to keep your software up-to-date at all times. This often deters online threats before they come.

NOC Support – This service is one of the best things we do to protect you from a disaster before it happens. Our team of certified professional IT experts, engineers, and threat assessment experts will monitor your issues and let you know of any possible threat. We offer routine troubleshooting through proactive network monitoring, as well as round-the-clock protection from outside cyber-attacks, and more.

Managed Firewall Services – Our managed firewall services provides a way to deflect possible swarm attacks from outside virus or malware that can infiltrate and knock down your network, causing downtime and loss of revenue.