Imagine a disaster strikes and your company is not able to perform its regular business functions. What happens next? Where do you go to get your business up and running again? Studies show that 93% of companies that experience a disaster, without a disaster recovery plan in place, go out of business within a year. And for those that did have a plan, 96% of companies that experienced something as fatal as a ransomware attack, survived!
Every company needs to make sure and create a solid and effective Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP). But why both? Why can’t we just have a beefed-up BCP or DRP? Before we get into that, we need to understand what each one is.
6 Features of a Business Continuity Plan
A Business Continuity Plan, or BCP, is a plan that outlines the processes and procedures necessary to move an organization forward during a disaster. A review of all essential tasks and key personnel is needed to keep those tasks going. Here are 6 things that should be outlined in a BCP:
Strategies used by the business to complete day-to-day activities while ensuring continuous operations.
Objects that are related to the structure, skills, communications, and responsibilities of its employees.
- Applications and Data
The necessary software to enable business operations, as well as the method to provide high availability to implement the software.
The critical business process necessary to run the business, as well as the IT processes used to ensure smooth operations.
The systems, network and industry-specific technology necessary to enable continuous operations and backups for applications and data.
Objects that are related to providing a disaster recovery site if the primary site destroys.
8 Steps to the perfect DRP (Disaster Recovery Plan)
Now you’re probably thinking that a BCP is thorough enough for a business to survive a disaster. But let’s look at what goes into a Disaster Recovery Plan, or DRP:
1. Inventory hardware and software
A complete inventory of all hardware and software, in order of prioritization, should be created to streamline which services must be up and running to continue core operations.
2. Define your tolerance for downtime and data loss
By properly identifying an acceptable recovery point objective (RPO) and recovery time objective (RTO), businesses can prioritize what is needed to successfully survive a disaster, ensure a cost-effective level of disaster recovery and lower the potential risk of miscalculating what they’re able to recover during a disaster.
3. Layout who is responsible for what
Every DRP must have a clearly defined RACI Chart with current contact information to properly execute the plan. This would mainly consist of key personnel.
4. Create a communication plan
The communications plan puts the RACI Chart into play. How are you going to communicate with each person? What’s the secondary/tertiary method of communication?
5. Let employees know where to go in case of an emergency
During a disaster, employees are going to need a way to access the network, either at a different geographical location or remotely from their home.
6. Make sure your service-level agreements (SLAs) include disasters/emergencies
If you’ve outsourced your technology, make sure you have a binding agreement with them that defines their level of service in the event of a disaster.
7. Include how to handle sensitive information
This should address how sensitive information will be maintained and accessed when a DRP has been activated.
8. Test your plan regularly
Testing your plan regularly ensures all working parts of the plan are still working, like back-ups, contact information, and RTO/RPO goals.
What’s the Difference?
As you can see, a DRP is more of a subset for a BCP. It goes into more detail about the organization and what makes up the specific business functions needed to keep the business running. A BCP is broader than a DRP.
|“For example, you should have several DRPs under one BCP that outline various scenarios like a cyberattack, power outage, or hurricane. Since each disaster can create a different “obstacle”, you would want to have the best plan of attack for whatever obstacle arises.”|
Do you know the key difference between DRP and BCP?
How Do I Create a BCP and a DRP?
Employing a certified EC-Council Disaster Recovery Professional (EDRP), whether contractually or full-time, is the straightforward answer. A certified EDRP has the skills and knowledge to effectively plan, strategize, implement, and maintain business continuity and create appropriate disaster recovery plans.