No! no! no! They are not the same thing! Business continuity and Disaster recovery should be maintained by different teams, perform different functions and they can sometimes even be called upon at different times.
Purpose: A document that contains processes, essential records, key suppliers, contacts, lists and any other information that will help the essential functions of your business continue to operate in the face of major disruption.
Example: During the 2011 Brisbane floods many employees were not able to safely attend work for extended periods of time. This is the case in many disasters, only a skeleton staff is available to keep the lights on. For this reason, BC plans should not assume that the operator has any knowledge of day-day operational tasks or the physical environment around them. E.g. location of keys.
A major event that breaks many systems simultaneously, overwhelming any redundancy built into the architecture and incapacitating business services. Disaster recovery involves the restoration of the service(s), not necessarily restoration of the system itself.
DR causes can include health related outbreaks, loss of essential services, environmental disasters, security breaches, physical damage.
Example: During a mains power outage the data centre power generators fail to kick in. Many systems drop simultaneously as a result. The ETA for mains power restoration is in days and the blown generator requires replacement parts. A decision is made to activate the DR site and processes are invoked to activate systems in another location.
Because business continuity plans often involve the restoration of services, the two plans are often merged into what has become known as the BCDR plan.
One key consideration when creating the plan is the availability of key staff. The planners should consider that the event that caused the service disruption may have also affected staff on a personal level. Fires, floods, health related outbreaks or security incidents are just some events that may prevent key staff from affecting their responsibilities detailed in the BCDR plan.
In the event of an emergency communication is often patchy, information is not trustworthy and key decision makers may not be reachable or available. For this reason, conditions that trigger a BC or DR scenario should be clearly articulated. The hierarchy of decision makers should also be documented in the plan.
Structure of a BCDR plan
A good BCDR plan should address or include the following items:
1. The definition of an emergency incident - what events will trigger the application of the business continuity and disaster recovery plan? These events may include;- Environmental disasters
- Serious health related outbreaks
- Hardware failure
- Deliberate physical or electronic attacks
- Loss of core services such as electricity
2. Emergency procedures - many emergency incidents occur suddenly and unexpectedly. Emergency procedures will help to bring some order at the height of the incident and will ensure that key tasks are carried out. This includes any existing procedures where the workflow may change. Change management is a prime example where processes and procedures may need to change in order to cater for reduced communication capacity between staff.
3. A communication plan - clear communications can help to reduce damage and speed up the restoration of services. Key contacts, communications devices and mediums as well as the format of the communication should be identified in the communication plan.
It is also important that management and leaders have a medium by which to receive and disseminate information quickly and efficiently. In a disaster event, decisions are made using the most current assessments but they may also change just as quickly as newer information comes to hand.
4. A business risk assessment - Core business services should be well documented and the impact of the loss of those services should be clearly defined to assist in decision making and prioritizing during the incident and services restoration.
5. A clear hierarchy - roles and responsibilities can become blurred during an incident, especially if key staff members are not available or infrastructure or services that are serviced by a number of departments are hindered. Clear roles will facilitate the decision making process.
The recovery effort will also require a clear hierarchy if the workforce returns in a diminished capacity, without the regular resources or if there is confusion about revised priorities in terms of selecting the order in which key services are restored.
6. Technical service restoration tools and documentation - all information necessary to restore, re-build or migrate services should be available. This information may include;
Key technical contacts names and numbers- Technical documentation including hardware and software necessary to view the documentation.
- Passwords and pin numbers
- Access (or instructions for access) to premises such as data centres and communications rooms
- The process required to restore backups
- Telecommunications capability if remote connections or wide area connections are required as part of the service restoration.
- Infrastructure availability such as laptops, computers, servers, monitoring stations and any other tools
- Procurement process for the purchase of emergency gear such as computers and cables if a makeshift computer room is required.
7. Ongoing and regular testing of the entire plan. Organizational structure, technology, key staff, contact numbers and core services change over time. The business continuity and disaster recovery plan should always reflect the current business. A serious incident should not be the first time that the plan is implemented.
8. Consider the details. The most pressing problems in a disaster scenario will be what was not considered. As an example, consider the position of your elevators in a flood scenario. If they are parked in the basement then they will get flooded, if they are parked in the top floor then it is likely that they will remain dry. These small oversights can delay the re-establishment of normal operations into a building.
You may also be interested inThe role of Information Technology in Business
How Will Netflix Change the Way DTH Business Works?