,

Disaster Recovery and Business Continuity Planning During a Crisis

With so many new technologies at the disposal of IT departments to help during an emergency, IT departments need to be proactive while planning for natural disasters, outages, cyber –crime and a dozens of potential events that could jeopardize network accessibility.

In a current white paper from Century Link, Century Link provides some insights as to how if departments put the right people and process in place, the effects of a crisis can be mitigated. Interestingly, there was a distinction made within the report of a “disaster recovery” plan and a “business continuity” question. By having both plans in place when a crisis occurs, agencies can quickly get IT systems up and running to help with the recovery, and have the right people and systems in place to immediately start the recovery process.

Century Link lists four best practices:

Know your priorities.

If you don’t focus on what is most critical and prioritize, you’ll be fighting an uphill battle.

Remember your suppliers.

The popular trend toward outsourcing provides most businesses with the option of offsetting workloads so you can still meet customer needs while you’re recovering. Make sure you know who are the vendors and partners that support your business. Consider your supply chain for daily business operations, and have a backup-plan. Also, validate that your suppliers can do what they say they’re going to do in case of disaster.

Keep planning

Keep an eye on your changing environment and stay informed about what types of applications
you need to continue to plan. Make sure new employees familiarize themselves with the plan as they come on-board. Being proactive is also essential. If there is a large-scale disaster, it can be difficult to get staff back in the area to take care of the issues that occur, particularly if you’re working for an infrastructure provider or bank, where the pain is severe and immediate. Work with state agencies now to determine necessary credentials and processes to get people back into damaged areas quickly.

Communicate

During a disaster, buildings are evacuated and people may scatter. It can be difficult to locate the people responsible for executing your DR plan. Have in place a simple, effective way to communicate with all parties –— one that will not be affected by the outage. Make sure department heads maintain up-to-date contact lists and have a centralized number that employees can call for information. Use new forms of communication technology, such as text messaging, to disseminate critical information, if needed.

The report states, “No matter how solid your infrastructure, local accidents and natural disasters can happen, causing big problems in a short amount of time. Making sure your business keeps running despite the unexpected requires solid Disaster Recovery (DR) and Business Continuity (BC) strategies that go beyond redundant components or storage backup.”

There are also two interesting case studies in the report, and I’d encourage you to take a look.

What are some of your best practices for disaster recovery?


CenturyLink (formerly Qwest Communications) is a proud partner of GovLoop and is committed to the communication missions of state, local and federal governments. Its concept of operations is driven by an unwavering commitment to provide best-in-class customer service. CenturyLink is positioned to support your mission objectives with global reach, expanded network and financial strength. Check out the Technology Sub-Community of which they are a council member.

Leave a Comment

2 Comments

Leave a Reply

Mihail Sadeanu

Hello Pat,

Some important aspects of the strategic field covering Disaster Recovery (DR) and Business Continuity (BC) representing two major strategic planning directions of the Business Continuity Management (BCM).

BCM is a strategic management process identifying potential impacts of negative risks occurence which might threaten an organisation. It provides a framework for assembling a full capability for an effective planned response to safeguard the interests of the organisation key stakeholders, reputation, brand and market value creating business activities (ISO 22301, ISO 27301). BCM main objective is to ensure the uninterrupted availability of all key resources required to support critical business processes. BCM includes specific aggregated plans for the following strategic directions:Disaster Recovery (DR), Business Processes Analysis (BPA), Business Impact Analysis (BIA, Risk Management, Business Recovery, Business Continuity (BC), Crisis/Incident/Emergency Management, Product Recall (recovery of product and/or services delivered with defects/errors), Contingency Planning.

This BCM holistic view differs from the old one by which corporate’s top & IT managers usually call Disaster Recovery Planning (DRP) and respectively Business Continuity Planning (BCP), tightly associated with IT&C field. Changing the former corporate vision to the holistic one, the emphasis must be placed on the whole corporate business, not only on IT&C issues. It strengthens and motivates the concept of continuity of all corporate key business processes, extending beyond IT&C area. The BC related process in the BCM operational framework is the Business Continuity Planning (BCPl).

BCPl identifies an organization exposure to any possible internal and external threats, performs a global auditing and organizes all IT&C assets for planning the supply of service support for corporate business effective prevention and recovery. This complex planning should ensure to prevent interruption and failure of mission/business-critical process services, and to recover for complete functionality as fast as possible. Also called Business Continuity and Resiliency Planning (BCRP).

The BCPl process result is the Business Continuity Plan (BCP). BCP represents the corporate roadmap for continuing all strategic business operations under severe abnormal functioning conditions. It supplies the ongoing methodology on how corporate strategic business processes should be managed. A fully aggregated BCP includes 4 main (sub)plans:

  1. Disaster Recovery Plan (DRP) – specifies an organization’s planned strategies for post-incident/failure processes and procedures to be strictly followed.
  2. Business Resumption Plan (BRnP) – which specifies the strategic ways for maintaining essential services (IT&C, but many other also) at the disaster site. This plan must clearly define and state how, where, when, and who will be responsible inside different recovery teams.
  3. Business Recovery Plan (BRyP) – specifies the ways for recovering corporate business functions at an alternate recovery site.It includes the minimal organization structure with most important departments requested to maintain the organization’s key business processes running, the procedures and policies to operate the organization at least on short-term, IT&C needed equipment, etc.
  4. Contingency Plan or Service Area Contingency Plan (CP/SACP) – specifies the ways and means of dealing with all possible threats and events which might seriously impact the organization business.

There are many methods for assembling BCP’s subplans, each of them with many phases and milestones. I use one with 9 phases.

Sincerely,

Mihail