What kind of business protection do you have in place? Public liability insurance, business premises and assets insurance, professional indemnity insurance? No doubt your business has a host of insurance policies, but what about your information technology – what’s protecting that?
When something goes wrong - whether it’s a natural disaster such as flood or fire, a criminal attack like a burglary or cybercrime, or human error causing a system failure or other incident - you need more than insurance policies to protect your business.
Disaster Recovery and Business Continuity Planning is your first line of defence when an incident occurs. While insurance companies sort out claims, it needs to be ‘business as usual’ for most companies, there’s no time to wait for paperwork to be completed and this is where your disaster recovery and business continuity planning are vital.
What Is Disaster Recovery and BCP?
Disaster Recovery (DR) and Business Continuity Planning (BCP) are often used interchangeably, but they are distinctly different. However, they have a close relationship with disaster recovery being an important aspect of any business continuity plan.
Disaster recovery refers to your ability to restore the data, IT systems, and applications that run your business if data centres, servers, or your IT infrastructure suffers damage or attack.
Business Continuity Planning on the other hand is the strategy a company uses to reduce downtime or services outage, and ensure that incidents do not adversely impact on the business. Whereas DR is naturally reactive when disaster strikes, BCP is proactive minimising the risk to the business using a combination of prevention and failover plans should an incident occur.
While BCP and disaster recovery affects all departments within a company, the IT department is usually most prepared. However, often this is limited to planning for events that only impact on systems and the IT infrastructure – for example cyber-threats and IT incidences. They may be less prepared for more far reaching disasters such as fire, terrorist attack etc. Below are some common business continuity mistakes that people make.
5 Common IT business continuity mistakes
- Underestimating the scale of disaster
Cloud continuity does offer additional protection from geographic threats, however data is still located in a physical place so we would recommend that data centres should not be in close proximity to the business.
- Not testing the plan
- Not factoring in supply chain
Therefore your business continuity plan must address where assets will be bought from, prioritise key employees who need new hardware first, and ensure your IT team have enough resource to get employees back up and running in a specific period of time.
- Not reviewing the plan regularly
While setting a regular review period is a good idea, changes to the business should instantly flag up a need to review the plan. Those charged with business continuity planning must identify the type of changes to strategies, processes or other changes that would make your plan redundant.
- Assuming that key people will be present in a disaster
An external provider can be an invaluable asset when disaster strikes, ensuring that sufficient resource is available to implement plans, as well as managing recovery from their site if yours is affected.
By Bruce Penson, managing director, Pro Drive IT