In business as in life it’s important to prepare for the worst. For the same reason smart home owners put together a plan for what to do in the event of a natural disaster, smart businesses put together a plan for what to do in the event of a major loss of data, security breach or other major debilitating occurrence.
According to a 2011 study by IBM, among companies that suffer a major loss of business data, 43 percent never reopen, 51 percent close within two years and only 6 percent will survive long-term.
When your business starts delving into the world of contingency plans for potential disasters (if you haven’t already), you will quickly come across two terms that are often confused with one another: Business Continuity Planning and Disaster Recovery Planning. Despite being similar in concept, these two plans are in fact quite different, and it is important for you to understand the difference between the two in order to properly plan for all scenarios.
Business Continuity Planning (BCP)
Business Continuity Planning can be described as putting procedures in place to ensure that essential business functions are able to be carried out in the event of a disaster. Essentially, this means making sure that you are able to continue to provide your key products and services and maintain your revenue stream no matter what happens. This type of planning is bigger picture and is focused on core business operations such as maintaining contact with key vendors and suppliers.
A Business Continuity Plan should answer the question, “How would my business continue to operate if we lost our building and all of our equipment?”
Related questions might include:
- What do we need recovered first in order to stay in business?
- What do we need to do to ensure our customers that we are still operational?
- What do our business partners, suppliers and vendors need in order to continue order fulfilment and delivery?
Disaster Recovery Planning
Disaster Recovery Planning in narrower in focus and relates to highly specific plans to recover particular business applications or aspects in case of a disaster. Your BCP should encompass a series of DRP’s. The most common DRP is the Information Technology (or IT) DRP, which seeks to answer the question, “How would my business recover our essential IT services if we lost them?”
Related questions might include:
- What is our process for backing up data?
- What is our process for damage assessment?
- What is our incident response time and can it be improved?
How to put together a BCP or DRP
Remember that the two terms encompass two different types of planning:
- Steps than need to be taken to continue your core business operations after a disaster, and
- Steps that need to be taken to recover particular aspects of your business (such as IT services) after a disaster.
If your business has a Chief Information Officer (CIO) in-house, he or she should be the first person to turn to ask the basic questions such as: “What data is most imperative to our business continuity?” “What happens if [application X] crashes and is not recoverable?” “What will happen if we lose data for 1 minute, 1 hour, 1 day, 1 week, 1 month or 1 year?” Then you (or your CIO) will need to come up with specific solutions and steps that need to be taken in the event of a disaster, relevant to both your broader business operations and specific aspects like IT.
If you don’t have a CIO in-house, consider hiring a Virtual CIO (vCIO), or contractor, to oversee the development and implementation of these critical contingency plans. The first step for a vCIO is to understand your business’s existing landscape, both in operational and technological terms. Following this, the vCIO will work with you to develop the best technical strategies and solutions that will meet your business goals, including but not limited to BCP and DRP development.
Interested in learning more? Read about our CIO services.