Business continuity planning (BCP) are the components of a system of internal control that are established to manage the availability of critical processes in the event of disruption in a business. When planning business continuity it is imperative that the optimization of the costs involved in support of the information system is considered. For continued existence of an organization, the enterprise data must be available at all times. While defining the continuity plans, the nature of business the company carries out is considered. BCP is a continuous process and not something done once or twice in a given period (Trim, 2005). One of the key elements of this process is the ability to respond to incidents that may affect individuals and the activities involved in running a company.
Disaster recovery is the process that leads to resumption of normal business operation after a disruption. The September 11 attacks on America have made organizations develop the need to get ready for disaster recovery. Business continuity and disaster recovery are fundamental in making sure that all necessary data is available even when there is a disruption. Organizations must make sure they are always ready in any eventuality, because some of these situations may take them several years before full recovery.
Recovery Strategies and Alternatives
A recovery strategy identifies the best possible solution to recovery in case of interruption. It gives guidelines on the implementation of the recovery procedure. It is important that the management exhaust all possibilities before implementation. Having all options explored, the board can then select the best alternative. In coming up with the strategy, the risks involved in the implementation and the consequences are considered. Decisions on what strategy to adopt depend on the importance of the business process and its applications, the time it will take to complete recovery, security of the whole recovery process and the costs involved (Philips, 2009). After weighing the pros and cons, the organization’s management will then decide on and choose the best recovery strategies.
In general, every IT platform having a critical operation in its functionality needs a recovery strategy. A robust strategy should minimize costs in its implementation. Long and expensive strategies that involve disasters, which have led to the destruction of the physical location of the system, require recovery backup facilities that are offsite. The most popular offsite facilities include hot sites, warm sites and cold sites. A hot site configured beforehand is ready to run at any time.
The hardware and software in the site should be consistent with the backed up installation. The recovery implementation process is complete by only adding the staff, files and documents. On the other hand, warm sites have part configuration and are without the core computer. Most of the time, warm sites are equipped with a computer having a small processor. Cold sites have basic items in their environment. These include air conditioners and electrical cabling.
Elements to consider in disaster recovery planning
The process of disaster recovery involves the definition of rules, procedures and disciplines that will ensure continuity of the business in case of a disaster. One must take account of the regulatory requirements when planning for disaster recovery. In addition to that, there must also be a clear understanding of the directives given by regulatory bodies. Each organization has to come up with its own strategies to help it realize this objective.
Asset management is another key element in disaster recovery planning. It entails having a precise database of assets. If the company knows all its assets, then it certainly knows what it needs to recover. This database must contain significant asset information even if it may not be specific to disaster recovery.
A Business Impact Analysis (BIA) is critical in coming up with an effective Business Continuity Plan. Consequently, a BIA of a data center is included when planning for disaster recovery. This analysis of the impact of data loss will inform decisions on the departments that heavily depend on IT platforms. It also defines the outcome of the system, should a disaster occur and interfere with the business continuity. This eventually aids in the effective implementation of solutions to data recovery (Rittinghouse, 2005).
Identification of risks should be the first step before embarking on measures to mitigate them. Full risk assessment analyses consist of external and internal risks. External risks involve natural calamities and environmental hazards. Internal risks are unnecessary business activities that could cause interruption of business operations.
The dual ISO/IEC standard was improved and the new version published. This forms a platform for Information security management in any organization. It adds the current development in the field of information security hence upholding it as an international standard code. The e-commerce sector is the greatest beneficiary of this standard as there is a massive information exposure there. This standard describes security of information, defines legitimate business practices, and gives principles for development and maintenance of information security. Information in any organization is a vital asset in whichever form it is stored.
As such, the unavailability of information security may become a threat to the continuity of business operations. ISO/IEC 1799:2005 is the most vital standard for dealing with information security. It defines an international understanding of information security in all organizations worldwide, giving them one language that enables them understand each other in doing business.
In the current business setting, organizations should embark on developing and testing disaster recovery programs. In order to reduce the effects of disasters like hurricanes, earthquakes, floods, fires etc, businesses should have advance plans that will see them operate should they be a victim of such. Important business operations rely on information technology. This makes understanding the content of disaster recovery program vital in both small and large organizations. It is imperative that organizations understand that disaster recovery planning is a process, which must always be in place rather than a mere project (Bradbury, 2008).
This process is critical and should not just be to impress the auditors, but also treated with utmost importance. Having a solid disaster recovery plan in place is crucial in ensuring business continuity should there be a disaster. An ill-prepared organization may take several years to recover from interruptions caused by disasters. This makes disaster recovery a key field of study as far as business continuity is concerned.
Bradbury, C. (2008). DISASTER! Creating and testing an effective Recovery Plan. The British Journal of administrative Management, 14.
Philips, B. (2009). Disaster Recovery, New York: CRC Press.
Rittinghouse, J. W., Ransome, J. F. (2005). Business continuity and disaster recovery for infosec managers, Amsterdam: Elsevier Digital Press.
Trim, P. R. J. (2005). Managing Computer Security Issues: preventing and limiting future threats and disasters. Disaster Prevention and Management. West Yorkshire: Emerald Group. Publishing