Plan?…What Plan?

27. 04. 20 Stuart Morris

“What are you talking about? Disaster what? Continuity what? Why will we need one of them? We don’t need them, nothing is going to happen”.

These are questions or statements that have been heard many times over the years. Within the world we live today, it has never been so apparent that we need to have Disaster Recovery and Business Continuity plans in place.

Unfortunately, there isn’t a straightforward answer or a one-size-fits-all template for what your plans should look like. In reality, the easy answer is that you need both.

In this blog, I will try and demystify some aspects of disaster recovery and business continuity, as well as describe some scenarios which would warrant such plans to be in place. I will walk you through what needs to be in place in order to create and implement an effective plan, and furthermore, take a look at what we at Touchstone can do to help minimise the pain of creating and implementing these plans.

“By failing to prepare, you are preparing to fail”

-Benjamin Franklin

‘Failure to prepare is preparing to fail’ – a well-used phrase across all aspects of life and yet continually fails to be addressed by many SMB’s (small and medium businesses) and start-ups within a business continuity / disaster recovery context.

Research has shown that a high percentage of companies without an adequate Disaster recovery plan do not recover well from a disaster and are likely to go out of business within 1 month. 51% of companies close within 2 years and 75% of business without a business continuity plan fail within 3 years of disaster.

“Small business owners invest a tremendous amount of time, money and resources to make their ventures successful and yet, while the importance of emergency planning may seem self-evident, it may get put on the back burner in the face of more immediate concerns.For small business owners, being prepared can mean staying in business following a disaster”

-Small Business Administration

What defines the need for a business continuity or disaster plan? There are many different reasons, and all can carry varying degrees of importance depending on the size of, or impact to the business:

  • Loss of key resource/staff/skills
  • Denial of access
  • A form of attack
  • Power outage
  • Hardware failure

I wonder what the percentage will be after the COVID-19 pandemic has passed? What will the view of disaster recovery and business continuity planning for those businesses that had none once this current crisis has passed? Will this be a wake-up call for those businesses? I suspect that priorities will be realigned for many.

Firstly, it is important to outline what business continuity and disaster recovery means and to understand the differences.Secondly, is how they work together and the importance of having these plans in place.

Business Continuity

Provides an outline of how the business will operate during unplanned or potential disruption to services delivered.A business continuity plan contains comprehensive information on how to address such events.These events are focused more on business processes, assets, human resources and business partners.Essentially, taking a holistic viewpoint for the entire business and preparing the organisation in the event of any invocation.

Roles and responsibilities are defined, emergency contacts and key personnel detailed and any third-party suppliers are defined within a business continuity plan.

Disaster Recovery

This is a business plan which details how a business can resume efficiently and effectively after a disaster.A disaster recovery plan can either be separate from, or form part of the business continuity plan.

A key objective within disaster recovery is to provide a:

  • Recovery time objective - how quickly will it take to recovery from disaster, and
  • Recovery point objective - at what point in time can data be restored prior to the disaster

These points vary greatly from business to business, and between industries. Some businesses can tolerate longer objectives than others and this is often dependent on the nature of the business.For example, a business in the retail sector would likely have a longer time and point objectives than say, a company in the financial sector.Although both under monetary constraints, the latter may well be a market trader, therefore ANY downtime would be incurring significant impact to the trading ability.

Spot the difference

It is paramount the differences are understood in order to effectively create and implement the appropriate plans.

BCP is the process for making plans to ensure essential business functions can continue through any major incidents, emergencies and/or crises.

A DRP prepares for a disaster whilst addressing procedures that would be followed during and after the disaster.

The concept of both plans is illustrated below:

A business continuity plan is about keeping the business running (such as the ongoing COVID-19 Pandemic) while disaster recovery plans focus on about recovering the business in the aftermath of a disaster (such as a flooding caused by Storm Ciara and Dennis).

For example, a high street shop’s business continuity plan could be to adopt an e-commerce solution, whereas a software support company’s business continuity plan could be to enforce home working. The disaster recovery plan could see the high street shop operating from a temporary location, with available stock due to the shop being flooded, while a hosting company would fail over to a secondary data centre in the event of a fire.

Together as one

Historically, business continuity planning was part of disaster recovery planning.It wasn’t until the 90s that businesses started to think holistically, and essentially, beyond what disaster recovery planning did. Business continuity planning began to take shape as a concept in its own right and the co-existence of both plans began.

Business continuity plans’ complexity grew as businesses looked at various paths of risk mitigation, and what could impact the business. They looked at how the business could still retain its customer base and remain competitive.Since then, such a plan has been a key component for business success and growth.

As we saw in the illustration earlier on in this blog, both types of plan have similar starting points with regards to an event, and at a high level, identical desired outcomes; the long term survival of the business. Crucially though, they follow different paths to achieve that outcome, managing separate areas of the lifecycle of the business.

Focus

It is important that your business continuity plan and disaster recovery plan has focus; to meet the demands of the business and deliver efficiently and effectively.

Performing a Business Impact Assessment can help develop the focus needed in order to form a solid business continuity or disaster recovery plan alongside asking comparatively simple questions to get you on the right path

What do I need to keep the business functioning? – Business continuity plan

What do I need to do in the event of ‘a disaster’? – Disaster recovery plan

Once the focus is correct then an accurate and effective purpose for business continuity can be defined.A lack of attention at this early stage could lead to unexpected failures during invocation when business critical.

Test

Creating business continuity and disaster recovery plans should not be the only priority for all businesses, irrelevant of complexity.Ensuring these are frequently tested is also of paramount importance. We frequently encounter situations where the disaster recovery plan has to be invoked but this has never been tested. Examples: Are you confident you can recover from a server failure? When did you last try to restore from a backup? Are your backups recoverable?

As part of testing for either type of plan, a content review should also be completed and most importantly audited.Staff come and go, businesses move premises, suppliers change and for some, the client base can evolve. Quarterly, 6-monthly or annual are all viable review and test points.

Performing tests of business continuity and disaster recovery plans will improve confidence of those with responsibility and also provide the business or clients with confidence that the business is prepared.

What more..?

Although this blog touches on business continuity and disaster recovery by discussing the differences, what is important in these plans and what should be considered when creating such plans? This really only scratches the surface of which are fundamental to business function, survival and eventually growth.

Some key components included in a business continuity plan:

  • Business Impact Assessment (BIA)
  • Crisis Communication Protocols
  • Recovery Strategies
  • Role Assignments

Some key components included in a disaster recovery plan:

  • Notification Network
  • Recovery Teams and Responsibilities
  • Testing & Maintenance

Here to Help….

At Touchstone we are fully equipped (and often asked) to help clients deliver their disaster recovery plan in the event of a loss of server due to corruption / ransomware / data loss. If you have any doubt or questions around your own business continuity or disaster recovery plans in relation to the solutions provided by Touchstone, reach out to us and we can help you ensure your plans are robust and reliable. Call your account manager or our Customer Success Team (cst@touchstone.co.uk) Not a Touchstone customer? We are always happy to advise, get in touch and our experienced team will see what we can do to help.

TouchstoneCloud

Here at Touchstone, we have a dedicated private cloud solution – TouchstoneCloud. Our business continuity and disaster recovery team can discuss how TouchstoneCloud can play a pivotal role within either plan.

TouchstoneCloud is accessible from anywhere as long as there is an internet connection, built on fully resilient core infrastructure.Our recovery point/time objectives are also fully adaptable to meet the business needs.These are only just some features that are available from TouchstoneCloud.

We use state of the art technology from leading industry providers, to provide a purely bespoke solution to meet your business requirements. TouchstoneCloud really is the worry-free solution.

For more on TouchstoneCloud – call 020 7121 4702 or email info@touchstonefms.co.uk

* Source: Institute for Business & Home Safety

  • Share on:
Stuart Morris

Written by:

Stuart Morris

More

You may also like...

Event

Support: Securing & recovering finance system data - is this better in the Cloud?

Support: Securing & recovering finance system data - is this better in the Cloud?

Following an increase in Cyber and Ransomware attacks and the impact on business continuity , we invite you to this webinar where we…

Register now