Business continuity plan and disaster recovery plan sykes

Business continuity and disaster recovery plans are risk management strategies that businesses rely on to prepare for unexpected incidents. While the terms are closely related, there are some key differences worth considering when choosing which is right for you:

Regardless of how you choose to approach the development of BCDR at your organization, it’s worth noting how quickly the field is growing worldwide. As the results of bad BCDR like data loss and downtime become more and more expensive, many enterprises are adding to their existing investments. Last year, companies worldwide were poised to spend USD 219 billion on cybersecurity and solutions, a 12% increase from the year before according to a recent report by the International Data Corporation (IDC) (link resides outside ibm.com).

Why are business continuity and disaster recovery plans important?

Business continuity plans (BCPs) and disaster recovery plans (DRPs) help organizations prepare for a broad range of unplanned incidents. When deployed effectively, a good DR plan can help stakeholders better understand the risks to regular business functions that a particular threat may pose. Enterprises that don’t invest in business continuity disaster recovery (BCDR) are more likely to experience data loss, downtime, financial penalties and reputational damage due to unplanned incidents.

Here are some of the benefits that businesses who invest in business continuity and disaster recovery plans can expect:

How to build a business continuity disaster recovery plan

Business continuity disaster recovery (BCDR) planning is most effective when businesses take a separate but coordinated approach. While business continuity plans (BCPs) and disaster recovery plans (DRPs) are similar, there are important differences that make developing them separately advantageous:

Before we dive into how you can build effective BCPs and DRPs, let’s look at a couple of terms that are relevant to both:

How to build a business continuity plan (BCP)

While each business will have slightly different requirements when it comes to planning for business continuity, there are four widely used steps that yield strong results regardless of size or industry.

1. Run a business impact analysis

Business impact analysis (BIA) helps organizations better understand the various threats they face. Strong BIA includes creating robust descriptions of all potential threats and any vulnerabilities they might expose. Also, the BIA estimates the likelihood of each event so the organization can prioritize them accordingly.

2. Create potential responses

For each threat you identify in your BIA, you’ll need to develop a response for your business. Different threats require different strategies, so for each disaster you might face it’s good to create a detailed plan for how you could potentially recover.

3. Assign roles and responsibilities

The next step is to figure out what’s required of everyone on your disaster recovery team in the event of a disaster. This step must document expectations and consider how individuals will communicate during an unplanned incident. Remember, many threats shut down key communication capabilities like cellular and Wi-Fi networks, so it’s wise to have communication fallback procedures you can rely on.

4. Rehearse and revise your plan

For each threat you’ve prepared for, you’ll need to constantly practice and refine BCDR plans until they are operating smoothly. Rehearse as realistic a scenario as you can without putting anyone at actual risk so team members can build confidence and discover how they are likely to perform in the event of an interruption to business continuity.

How to build a disaster recovery plan (DRP)

Like BCPs, DRPs identify key roles and responsibilities and must be constantly tested and refined to be effective. Here is a widely used four-step process for creating DRPs.

1. Run a business impact analysis

Like your BCP, your DRP begins with a careful assessment of each threat your company could face and what its implications could be. Consider the damage each potential threat could cause and the likelihood of it interrupting your daily business operations. Additional considerations could include loss of revenue, downtime, cost of reputational repair (public relations) and loss of customers and investors due to bad press.

2. Inventory your assets

Effective DRPs require you to know exactly what your enterprise owns. Regularly perform these inventories so you can easily identify hardware, software, IT infrastructure and anything else your organization relies on for critical business functions. You can use the following labels to categorize each asset and prioritize its protection—critical, important and unimportant.

3. Assign roles and responsibilities

Like in your BCP, you’ll need to describe responsibilities and ensure your team members have what they need to perform them. Here are some widely used roles and responsibilities to consider:

4. Rehearse your plan

Just like with your BCP, you’ll need to constantly practice and update your DRP for it to be effective. Practice regularly and update your documents according to any meaningful changes that need to be made. For example, if your company acquires a new asset after your DRP has been formed, you’ll need to incorporate it into your plan going forward or it won’t be protected when disaster strikes.

Examples of strong business continuity and disaster recovery plans

Whether you need a business continuity plan (BCP), a disaster recovery plan (DRP), or both working together or separately, it can help to look at how other businesses have put plans in place to boost their preparedness. Here are a few examples of plans that have helped businesses with both BC and DR preparation.

Business continuity and disaster recovery solutions

Even a minor interruption can put your business at risk. IBM has a wide range of contingency plans and disaster recovery solutions to help prepare your business to face a variety of threats including cloud backup and disaster recovery capabilities and security and resiliency services.