If you’ve been trying to figure out what basic steps your organization need to take when ensuring a network that hums day in and day out, I’m sure you’ve come across both of these terms: business continuity and disaster recovery.
While a lot of folks will say that both terms are synonymous, the truth is they aren’t quite interchangeable.
Many experts consider Disaster Recovery (DR) and Business Continuity (BC) two entirely different strategies, both playing a significant role in maintaining and safeguarding your operations.
Understanding both of these terms and making some decisions to ensure both of these strategies are accounted for in your IT planning will undoubtedly make your organization more resilient if catastrophe of any sort were to strike.
First, what is business continuity?
You can think of business continuity as being able to plow through disruption or disaster. It consists of an action plan on how your organization will work in the event something disruptive happens on your network. A disruption could be as simple as a short power outage all the way to cyberattacks or a hurricane.
What about disaster recovery?
Disaster recovery is a small piece of business continuity planning. It is involved in restoring critical systems to aid you to continue your organization’s critical functions. Disaster recovery planning—as it pertains to your IT infrastructure—would encompass communications, hardware and other IT assets. It aims to minimize any downtime stemming from any disruption. Disaster Recovery and Response planning focuses on getting technical operations back to normal in the shortest time possible.
In essence, business continuity has a much broader scope than disaster recovery.
Managing business continuity entails having sufficient processes and procedures associated with making sure that your business operations are not disrupted during a disaster.
Continuity is based on on-going analysis of critical business processes. When someone in IT says business continuity planning, they are referring to a plan that evaluates every single critical business function, identifies areas of weaknesses on your network that may result in process disruption and designates solutions or workarounds in the event that an IT outage is impeding critical organizational functions.
How should you approach business continuity?
Experts focused on business continuity recommend that before recreating a disaster recovery plan, to evaluate your key business processes. Make sure your processes are explicitly defined and that IT demands in each process are identified. By overlaying where IT plays roles within your other business functions will help evaluate how to overcome outages in the unfortunate event a disaster strikes.
A few things to note in the process of ensuring continuity will be to:
- identify core processes, (2) define all steps within a process, (3) determine who owns what step or each process, and (4) document what technology is needed in which process steps.
One example of business continuity in the workplace: if one of your critical processes is payroll and you are dependent on using Quickbooks to accomplish bi-weekly payroll, make sure you’ve defined where in the payroll process Quickbooks is used and what a workaround could be in the event of an outage preventing use of Quickbooks.
Once you have a list of your processes, prioritize which are the most important and work to identify workarounds with those processes first.
After you’ve identified your processes, start working on a business continuity plan that goes through all of your business-critical functions.
Note: Federal and state laws may require you to have a disaster recovery plan. For instance, if you are in healthcare, you must have a business continuity plan, as outlined in HIPAA.
Most important to your organization’s continuity will be to make sure you have resources to support your critical functions.
From an IT perspective, this might be having support equipment, software, or secondary power sources required to move forward for a specific period of time (a reasonable amount of time for a complete recovery of a system).
What’s most troubling about business continuity and preparedness?
Nearly 93% of organizations that lacked a working continuity plan failed within a year of a major disaster. Of that 93 percent, nearly 60 percent shut their doors within 6 months!
A complete system crash, resulting in loss of data, could be a result of a burglary, flood, or major power outage. If you do not have reliable backup recovery plan (and the necessary resources for a recovery), you might not know what hit you until it’s too late.
My question to you? Do you have business continuity for your organization under control? Will you be able to recover from a disaster—and continue to run during an unforeseen disaster?