Business Continuity and IT Disaster Recovery

BCP and DRP Planning Approach

Fortunately, improving an organization’s management of risk exposures across the business, and strengthening its responses to threats and real attacks, does not have to be overwhelming. As part of my CIO roles or general IT management consulting I have followed a formal, structured and best practices approach to Business Continuity planning and IT Disaster Recovery planning based upon:

  • ISO 22301 – ″Societal Security — Business continuity management systems — Requirements″
  • ISO 22313 – ″Societal Security — Business continuity management systems — Guidance″

There are five stages of Business Continuity Planning and IT Disaster Recovery planning that include: 

  • Business Impact Analysis (BIA)
  • Strategy Selection 
  • Detailed Plan 
  • Plan Testing 
  • Plan Maintenance 

The Business Impact Analysis Planning includes: 

  • Data collection and fact finding 
  • Critical functions and recovery timescales 
  • Resource identification for critical functions 
  • Threat assessment and risk reduction measures 
  • Identification of possible disaster scenarios 

Strategy Selection Phase of Planning BCP and DRP Includes: 

  • Minimum recovery resources 
  • Recovery locations 
  • Vital records identification 
  • Backup strategies    
  • Recovery strategies with costs 

Planning a BCP and DRP Includes: 

  • Plan development 
  • Identification of a command center 
  • Business recovery team organization 
  • Assignment of team personnel 
  • Team procedures 
  • Preparation & documentation of the plan 

The Plan Testing Includes: 

  • Selection of a formal testing methodology 
  • Communication with company personnel or third parties, and a walkthrough and execution of a test 

The Plan Maintenance Stage Includes: 

  • Tasking and individual with oversight of BCP 
  • Continual monitoring of business and IT strategy 
  • Periodical review of operational risks 
  • Updating and reviewing all documentation and changes 
  • Review of third-party contracts and SLAs
  • Review insurance coverage
  • Creation of a document repository and physical distribution of copies as needed 
  • Perform regular walk throughs and emergency drills 
  • Documenting any issues with the walk through and taking corrective action 

A properly developed business continuity program should provide an organization a flexible and adaptable framework for addressing potential disaster risks that involves all critical business functions in designing and executing the plan. The resulting approach will promote cooperation across all significant functions in the corporation, which is vital but a difficult management challenge for most companies.

In approaching companies that Techserity works for, our objective is to partner with you in understanding your business and implementing actionable Business Continuity and Disaster Recovery Plans.

Learn More

Transform how your IT organization delivers value and realize its full potential by contacting Techserity today.