Business Continuity Planning
Business Continuity and Disaster Recovery
Being prepared is crucial to protecting your organization in case of a systems disaster.
Disasters can take many forms. While natural catastrophes like flooding, hurricanes or earthquakes may be infrequent events, more common causes of systems disasters can strike at any time, from system outages to computer viruses to disruption by discontented employees. Resuming normal operations as quickly as possible minimizes business disruption, and good preparation will ensure that.
Many organizations and companies aren't adequately prepared for systems disasters. Recent research shows that major barriers to preparation include lack of executive support and funding. Adequate funding for disaster recovery efforts requires a shift in priorities of an organization's IT initiatives. In the past, organizations implemented technology as a cost savings measure. Now, IT initiatives that support business continuity and revenue generation are getting top priority.
Terminology
In the early days of data processing, the mainframe computer was usually housed in a large room with very large windows so everyone could see the computer. This led to the term "glass house." The term "Disaster Recovery" is usually related to only the restoration of the "glass house." In the same vein, the term "Disaster Recovery Plan" related more to a plan on how to restore the "glass house" and its contents in the event of a crisis.
In today’s complex work environment, we not only have to take the concept of the "glass house" into consideration, but also the client/server computer networks and the work-areas where essential business functions occur. The work-area includes all the needed facilities, such as desks, chairs, telephones, office supplies, and so on. Another often-overlooked aspect is the human factor. Any recovery efforts would surely fail without having an adequate number of trained personnel on hand to actually perform the critical business functions. Today’s more encompassing recovery environment is usually referred to as "Business Continuity."
According to the Business Continuity Institute (http://www.thebci.org), a Business Continuity Plan (BCP) is:
A document containing the recovery timeline methodology, test-validated documentation, procedures, and action instructions developed specifically for use in restoring organization operations in the event of a declared disaster. To be effective, most Business Continuity Plans also require testing, skilled personnel, access to vital records, and alternate recovery resources including facilities.
Properly written, a BCP is a collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an emergency or disaster. This would include the elements of a disaster recovery plan (DRP).
Putting it simply, business continuity is the process of planning to ensure that an organization can survive an event that causes interruption to normal business processes. Disaster recovery is the process that takes place during and after an organizational crisis to minimize business interruption and return the establishment as quickly as possible to a precrisis state.
The process of creating, testing, and maintaining an organization-wide plan to recover from any form of disaster is called Business Continuity Planning (BCP). Every BCP strategy includes three fundamental components: risk assessment, contingency planning, and the actual disaster recovery process. BCP should encompass every type of business interruption -- from the slightest two-second power outage or spike up to the worst possible natural disaster or terrorist attack. (http://www.sun.com/datacenter/continuity/recovery)
The objective of disaster recovery planning is to enable an organization to recommence normal IT functions as quickly and as effectively as possible following a disaster or disruption to computing services.
An impartial, bottom line assessment of the true impact of a systems disaster on an organization can quickly point out the need to be prepared. Up-front integration of BCP budgeting into all of an organizations' strategic IT initiatives will help spread the financial overhead fairly among all users of IT systems. It will get people thinking about the importance of BCP as an essential ingredient of any computing initiative.