Disaster Recovery (DR) Versus Business Continuity Plan (BCP)
This week in my Certified Receivables Compliance Professional (CRCP) training through Receivables Management Association International (RMAI), I’m focusing on your business’s IT systems in light of any type of disaster. Whether it’s a pandemic, a natural disaster, or a cyber threat, effective thinking and planning your business’s IT Business Continuity Plan will help you navigate complications more effectively and efficiently.
No one likes thinking about disasters, but the only thing worse than being faced with a disaster is not having the plans and resources in place to adequately recover from one. COVID-19 placed disaster planning and recovery at the forefront of our realities and many of us are working diligently to maintain a sense of normalcy for our businesses and lives in the face of this international pandemic. While each disaster may be different, a solid computing plan will help your business recover from all types of disasters, whether it’s a contagion, a fire, a natural disaster, or a cyber-security breach such as ransomware or another hacking event. No one wants their business to lose valuable time and money and the important concept to consider is not IF a disaster will occur but rather WHEN.
Defining and understanding the difference between disaster recovery and a business continuity plan is an important first step in moving forward in developing your plans. A disaster recovery plan focuses on what happens immediately after a disaster to recover while a business continuity plan ensures its key services will continue to be delivered even in the face of a disaster: DR focuses on immediate recovery while BCP focuses on long-term continued operation post-disaster.
Get Back-Up and Running
Business owners must either work with their IT servicer or designated employee team to define how often back-ups are needed to ensure no data is lost in the event of a disaster and where these back-ups are stored to guarantee that if the main system is accessed, data back-ups are unaffected. IT industry veteran and guru, and co-presenter of this webinar, Andrew Lencioni, cited one of our nation’s greatest disasters: businesses affected by the 9/11 terror attacks with a disaster plan including data back-ups continued post 9/11 while all businesses in the World Trade Center that did not have these fail-safes failed after one year.
It’s crucial to also consider what kind of contact is required if there is a breach; for instance, if you have 20,000 clients or consumers and your business plan doesn’t include a contract provision to allow contact via email to let them know about the loss of data or a breach, this cost burden results in yet another significant impact on business operations post-disaster.
In our industry, ensuring our systems follow the ever-increasing levels of regulatory compliance is also crucial to maintaining business operations, and high levels of computing security is part of this. It is also very important to have redundant systems. If one server or router fails, do you have additional computing power to keep your operations going? Developing redundant systems is a way to ensure that business operations can continue in these situations.
While it sounds simple, communication plans are crucial to define and maintain in light of a disaster. If your business typically uses email to communicate, consider what could happen if your entire server is compromised and email doesn’t work. If your business’s phones (even cell phones) are tied to this same server, will phone calls even work to reach key players in the face of a disaster? Communication chains and channels for key personnel provide a simple step to mitigate lasting problems in the event of a disaster. Where this contact and procedure list is stored is also crucial to the success of its implementation. If it’s stored locally only, both in a physical and computing sense, it may be inaccessible during a disaster.
COVID-19 is yet another reason to implement cloud-based computing and storage, businesses that had even small capabilities to work and store data in the cloud were able to much more easily scale up their operations to work remotely and be effective than those that had no provisions for remote or cloud-based computing. Depending on the type of data stored, encryption and/or security are also crucial components to consider for any data storage and maintenance, including cloud-based storage.
Simple Steps to Secure Success
Since each business is different, rather than focusing on individual horror stories or examples of poor BCP and DR planning, defining your business’s plan using this handy 10 step Business Continuity Management Cycle will provide an excellent template for developing your BCP.
Thinking of DR and BCP can seem complicated, and perhaps even cost-prohibitive if we as business owners think we have to hire an outside company to manage this for us. Outside management of your IT systems may be the most efficient or effective for you; however, with cloud computing (Google Drive, OneDrive, various SaaS solutions, for instance), it’s more accessible for businesses to store their data remotely without undue burden or complication. If outside IT systems management seems out of reach, businesses can designate one of their own employees to schedule and ensure data back-ups on the timeframe of their choosing.
Another simple action to help ensure data safety is to keep administrative passwords and encryption keys off-site, both physically and theoretically. Keeping passwords in multiple (secure) locations will assist if, for instance, the building burns down or your data servers are hacked. Having back-up power generation capabilities, while not applicable to a pandemic or data breach, will help with many types of disasters one could face and provides a simple way to maintain operational continuity.
Additional important steps to consider are prioritizing what systems will need to be able to operate first. Have all stakeholders devise a decision matrix for what actions will be taken and by whom in the instance of a disaster is also a simple way to ensure success and reduce confusion and stress in the event of a disaster. I hope we helped provide a clearer picture of not only how important a DR and BCP are to your business but also shed light on the concrete steps you can take to ensure your success moving forward in potential uncertainty!
This information is not legal advice and may not be used as legal advice. Information discussed or contained is not an explanation of the law and is presented for educational purposes only.