What is Business Continuity Planning?

Business continuity planning (BCP) for IT is the creation of a strategy through the recognition of threats and risks facing a company, with a goal to ensure that personnel and assets are protected and able to function in the event of a disaster. BCP covers the plans and procedures for maintaining business functions or quickly resuming them in the event of a major disruption, whether caused by a fire, flood, epidemic illness, or a malicious attack across the Internet. An IT BCP formalizes your company’s IT policies, procedures, and precautions in order to minimize downtime, should the worst happen. BCP is proactive risk management in action.

IT ALL STARTS WITH A PLAN

Business Continuity Planning

Disaster Recovery (DR) and Business Continuity Planning are dynamic processes that help companies prepare for disruptive events. Many people think a Disaster Recovery Plan is the same as a Business Continuity Plan (BCP), but a DR plan focuses mainly on the exact steps to restore IT infrastructure and operations after a crisis. DR is actually just one part of the overall BCP. Every business continuity plan must be supported from the top down. This means senior management must be represented when creating and updating the plan; no one can delegate that responsibility to subordinates. In addition, the plan is likely to remain fresh and viable if senior management makes it a priority by dedicating some of their time for adequate review and testing.

There are 5 key steps to a complete IT Business Continuity Plan:
Business Continuity Planning

  1. Analysis
  2. Plan Creation
  3. Deployment \ Implementation
  4. Plan Maintenance \ Testing
  5. Incident Response \ Management \ Notifications

1. Analysis
The first step to developing a successful Business Continuity Plan is to conduct a Business Impact Analysis. A BIA identifies the impact of a sudden loss of business functions, usually quantified in a cost. The BIA helps you look at your entire organization’s processes, and determine which are most critical. The results of the Business Impact Analysis (BIA), in its entirety, provide the basis for identifying and analyzing viable strategies for inclusion in the business continuity plan.

2. Plan Creation
To create an effective plan, we have to identify what level of functionality is required following a disruptive event, and the timeline needed to reach this level. During the plan creation phase, we identify the scope of the plan, key business areas, and critical application functions. We then determine acceptable downtime and recovery times for each critical application or function. These are quantified in the form of recovery point objectives (RPO) and recovery time objectives (RTO), which define what needs to be recovered, by when, and in what order. The exact processes and steps for the recovery is what comprises a Disaster Recovery Plan.

3. Deployment
Once you have a comprehensive plan in place, the next step is to deploy it. We take the guesswork out by identifying specific tasks, and then look at key areas, such as capacity, security, network infrastructure, bandwidth needs, facilities and personnel, documented licenses, etc. Everything you need to implement your plan gets evaluated, then executed.

4. Plan Maintenance & Testing
You have to rigorously test a plan to know if it’s complete and will fulfill its intended purpose. How often you test depends on your type of organization, the turnover rate of key personnel, and the number of business processes and IT changes that have occurred since the last round of testing. We recommend a minimum of two times each year. Test teams are usually composed of the recovery coordinator and members from each department. This ensures RTO\RPO objectives were met, and that any issues get dealt with. We also recommend a complete offsite DR test annually to emulate a complete site loss.

5. Incident response
No one likes to think about an actual disaster, but consider this: if an event does happen, and you need help fast, who are you going to call? StepUP IT is always ready to assist our clients, and we will ensure your plan is executed and communicated to your entire team. Our emergency response team will work side by side with your team, to properly execute your plan until all recovery objectives are met.

Summary:
With a well-designed, well-tested disaster recovery plan in place, you can rest assured that the impact on your company’s bottom line will be minimal if catastrophe hits. No matter what your disaster recovery needs look like, StepUP IT has a robust and cost-efficient solution, which you can use to build or augment the Business Continuity Plan that is right for you.