Global Management Services
Quality, Excellence and Service, where you want, at an affordable price
Editorial - Business
Contingency Planning and Disaster Recovery
Disasters can come in many different guises. It does not have to be due to Political upheaval, Service Denial (Data threat), Terrorism, War, Famine, Plague, Fire, Flood, Tsunami or even Earthquake. Although we have seen enough Terrorism, War, Flood, Fires, Tsunami and Earthquakes, in recent years. It could be due to something as small as a power outage, a burst water pipe or leaking sewage. All of these can render a business incapable of operating efficiently or effectively.
So, what are BCP and DR?
Those professionals who specialise in BCP and DR, both have different stock answers, but in reality, they are just different facets of the same thing. Your organisations can not survive without either BCP or DR, because they are mutually inclusive.
BCP is how an organisation prepares for future potential incidents that could jeopardise the organization's core mission and its long-term business health. These include local incidents, regional incidents, or international incidents like pandemic illnesses (Bird Flu being a potential threat).
DR is the physical process of regaining access to the data, hardware and software necessary to resume critical business operations after a disaster and should also include plans for coping with the unexpected or sudden loss of key personnel. It should also cater for the event that the organisation may need temporary accommodation.
The United Kingdom enacted the Civil Contingencies Act (2004), a statute that instructs all emergency services and local authorities to actively prepare and plan for emergencies. Local authorities also have the legal obligation under this act, to actively lead promotion of business continuity practices, within its geographical area. Although businesses do not have to provide BCP or DR, it is in the interests of the organisation, the stakeholders and investors that they do so.
BCP comprises two main phases Analysis and Solution Design.
Analysis is further sub-divided into Impact Analysis, Threat Analysis, Definition of Impact Scenarios and Recovery Requirement Documentation.
Solution Design identifies the most cost effective disaster recovery solution that meets the main requirements from the impact analysis stage. For example, this is commonly expressed as:
1. The minimum application and application data requirements
2. The time frame in which the minimum application and application data must be available
3. The elapse time before the business should be operational
DR incorporates Implementation, User Acceptance Testing (UAT), Routine Functional Tests and Maintenance
Implementation is the execution of the design elements that were identified during the solution design phase.
UAT takes place during the implementation of the solution to ensure functionality of systems and processes.
Routine Functional Testing is used to test that the business continuity solution satisfies the organization's recovery requirements. Testing should include:
• Crisis command team call-out testing
• Technical swing test from primary to secondary work locations
• Technical swing test from secondary to primary work locations
• Application test
• Business process test
At minimum, these tests are generally conducted on a biannual or annual schedule. Problems identified in the initial testing phase may be rolled up into the maintenance phase and retested during the next test cycle.
Maintenance covers preventative maintenance of systems, rectification of errors discovered during testing and the evaluation of changing business needs.
Author: David Snell
If you need further information please contact me.
Telephone: +44 (0)844 330 3691
Mobile: +44 (0)78100 63693