What Is a BCDR Plan and Why Is It Important?
In 2020 business continuity and disaster recovery (BCDR) has a higher profile than ever before. The rapid spread of COVID-19 around the globe caught many businesses unprepared to deal with sudden disruption resulting in devastating consequences for some.
However, disaster for business doesn’t always occur in the form of a headline-grabbing global event but is more often a local or even targeted incident for example fire, flood, hardware failure or cyber-attack. The one thing they all have in common is they can strike at any time with hugely damaging outcomes for business.
Business owners often believe that their business is protected from disaster because their critical files are backed up and, although this is a central aspect of business continuity and disaster recovery (BCDR), there is much more to it than data recovery alone.
The purpose of BCDR is not only the restoration of data, it’s fundamental role is to minimize the impact of disruption on business operations and enable business to get up and running again in the aftermath of a disaster. Despite the terms disaster recovery and business continuity often being used interchangeably they are actually quite different strategies.
Business continuity is a plan of action that enables a business to continue to operate during and immediately after a disaster. In essence, the BC part of BCDR refers to a set of processes and procedures that consider all aspects of business operations and how they might be affected. These could include staffing, availability of services, supply chain disruption and business impact analysis to ensure that the business can continue to function during a major disruption.
Disaster Recovery is a subset of business continuity that focuses on IT. Disaster recovery deals with the protection, security and recovery of IT infrastructure and data. It handles processes such as data backup and server and network restoration to get technical operations up and running in as short a time as possible after a disruption.
Most IT support companies offer disaster recovery planning as a service. If you would like to find out more about Firstline IT’s comprehensive disaster recovery planning service, feel free to get in contact with one of our IT experts.
The difference between business continuity and disaster recovery
Business continuity is a proactive activity to create a comprehensive written plan that ensures the continuity of business operations in the event of a disaster. It deals with how to keep operations functioning during and immediately after a disruption.
In contrast, disaster recovery is more reactive and focuses on how to return to normal after the event is over. An IT disaster recovery plan is a subset of the business continuity plan and is typically concerned with the recovery of technology infrastructure.
Why is it important to have a BCDR plan in place?
With the many demands on time and resource of running an SME, planning for an emergency often slips to the bottom of the priority list. But when disaster strikes, the companies without a plan are the ones who are most likely to suffer most and sometimes with fatal consequences for the business.
Whether your company is large or small, public, private or a nonprofit organization having a business continuity disaster recovery plan is essential.
The Covid-19 pandemic has turned the traditional response to business continuity planning and disaster recovery on its head. In most disaster scenarios restoring technology is the major concern however, in the case of a pandemic, unavailability of people and social distancing are the greatest issues.
In fact, technology has come to the rescue allowing many businesses to function by enabling new ways of working. The pandemic has demonstrated the importance of having not only a disaster recovery plan in place that focuses primarily on IT but also has driven home the necessity of a business continuity plan that looks at every function of your entire organization.
How to build a BCDR plan
There’s a lot to think about when creating a BCDR plan, from identifying your key business processes to understanding the threats and contingency planning. A good place to start is by assessing your key business processes, determining the risks that could affect them and evaluating the potential losses if these processes were to go down for a period of time.
BCDR plan activities
Creating a BCDR plan may not be simple but is vital to allow your business to succeed in the event of disaster. Simplify the process by following a business continuity plan checklist:
- Identify critical business processes essential to the function of your business. These are different for each company depending on the type of business but may include functions such as sales, supply chain and IT.
- Understand the potential threats that could cause disruption to your company for example, cyber-attack, power outage or a natural disaster and rank them in order of risk posed.
- Carry out a Business Impact Analysis (BIA) to determine the potential losses if any of the key business processes go down for a day, a week, a month or longer.
- Identify key resources that are necessary to the run your organization. These may include staff, data files and equipment.
- Consider key personnel without whom your operation couldn’t function.
- List your essential external contacts such as suppliers, accountants and distributors.
- Record the data and equipment that are vital to run your operation and the location of any back-up files.
- List the key documents that your business depends on and work out how they could be accessed in the event of a disaster. Storing copies off-site would be a good idea.
The future of BCDR
A term that has become popular in recent years is “organizational resilience”. In their 2020 report Gartner describes resilient organizations as those who can recover rapidly following business disruptions, “response, recovery and contingency are the basis of resilience.”
According to the Gartner survey, senior executives agree that rapidly increasing IT complexity and types of threat means that resiliency is more important than ever before.
However, despite this a significant proportion of business leaders see Business Continuity Management (BCM) as an IT/DR activity and do not take resilience planning seriously enough. Executives continue to overestimate their ability to recover from disruption and underestimate the threats to their business, an issue commonly referred to as “resiliency perception gap”.
Gartner warns that the rapid pace of digital transformation and ever evolving threat of cyber-attacks, along with increasing need for 24/7 availability of technology services to deliver on customer expectations, demands that companies adopt a culture of resilience for future resilience management. BCM should not be considered an IT-only issue but is an integrated strategy looking at both IT and ongoing delivery of business objectives in any circumstances.
At Firstline IT we will work with you to build resilience into your business, so that no matter the circumstances you can keep your business up and running.
Our skilled technicians will help you to identify your key business processes and critical systems to develop a robust BCDR strategy. As a Cyber Essentials Certified MSP we partner with leading software vendors including Sophos, Datto and Microsoft to bring you the best solutions tailored to your business needs.
To find out more about our Business Continuity and Disaster Recovery plans, please see our IT Disaster Recovery Planning page. Or, if you’d like to talk to us about how we can protect your business, we welcome you to contact us today.