In a recent post, we discussed the need for businesses to set up a disaster recovery (DR) plan for hurricane season. A solid DR plan can help a business to avoid losing data if the worst should happen to their primary data center during a hurricane.
However, there’s more to ensuring the continued viability of your business than just preventing the loss of data. Business continuity (BC) plans go beyond simply protecting data to ensure that your business can remain operational even after your primary data storage and production environment is obliterated by a natural disaster. The question is: How can you create a hurricane-proof BC plan?
The first step is knowing what components your business needs. A comprehensive, hurricane-ready business continuity plan is going to require the following:
In a DR plan, you need to know what your most important data is and prepare a backup of that data. In a BC plan, you need to conduct an analysis of all of your business’ core functions and identify any processes that are time-sensitive or absolutely vital to the continued function of the business so you can prepare redundant systems to carry out those processes.
This analysis should be able to separate “critical” from “non-critical” processes based on criteria that you establish for your business. It’s hard to generalize about what would be vital to a specific business, but some examples of “critical” processes could include things like:
In one TechTarget article on the subject of business continuity planning, it is recommended that you ask the following questions when preparing to create a BC plan:
Asking yourself these questions can help when you’re trying to establish what your minimum requirements are for keeping your business going. When prioritizing which assets to include in the BC plan, consider this additional question: How much will "X" process being down cost me for each day that it’s down?
Consider shopping these questions around to various people within your organization to get a broader perspective on what is mission-critical—this can help prevent gaps in your BC plan later.
Odds are that your processes are going to need specific tech and data resources to function at peak efficiency—so setting up a disaster recovery solution to preserve/restore these resources is a must.
The basic steps of DR solution setup include:
There are other specific elements of a DR solution that you may wish to implement based on your business’ needs and resources, such as platform-as-a-service (PaaS) solutions that can take over for your business’ primary production environment should it goes down.
If a disaster occurs, who is responsible for enacting/overseeing your business continuity plan? A lack of management for your BC plan could lead to a failure to implement it when the time comes.
This is one reason why Ready.gov recommends that businesses “Organize a business continuity team” and “Conduct training for the business continuity team.” This way, there is someone in your organization who can assume responsibility for enacting your BC plan and is prepared to ensure its smooth implementation.
With any emergency plan, testing is vital to ensure things will work when you need them to. Without any kind of testing, it can be impossible to identify weaknesses in your BC plan and, when a disaster really happens, those weaknesses could ruin everything.
In fact, this is why Lorraine O’Donnell, global head of business continuity at Experian, says in a CIO article that you should “try to break it” when it comes to testing your BC plan. She further states “Don’t go for an easy scenario; always make it credible but challenging. This is the only way to improve.” The goal of these tests should be to identify potential weaknesses, such as single points of failure, so you can find ways to overcome those weaknesses.
The CIO article points out three general levels of BC plan testing. These three tests are, in order of least to most intensive:
Tabletop exercises simply have the team get together and review the plan with an eye towards any glaring weaknesses in the plan—such as single points of failure. Structured walkthroughs take things a bit further by having people “walk through” their responsibilities/tasks in detail.
Disaster simulations take things to the penultimate level by recreating the actual conditions of a disaster and having all of the components of the plan enacted to see everything in motion. Because of the complexity and expense of a full BC plan deployment, CIO recommends performing this test annually.
Following each test, be sure to review your findings and make adjustments to the plan as needed to remediate any weaknesses that you may have discovered.
Need help finding the right business continuity and disaster recovery solutions to meet your needs, or formulating your BC plan? Contact the experts at Compuquip Cybersecurity. We have years of experience helping organizations of all sizes find the perfect solutions to fulfill their cybersecurity needs to ensure continuity in the face of disaster—whether natural or manmade.