What is a Business Continuity Plan (BCP)?
The primary aim of a Business Continuity Plan is to identify business-critical processes and form a plan around how they can be executed in the event of a disaster – which could range from an office location being unavailable to IT systems offline.
The plan should also take into account how the plan is invoked and communicated internally within the business and to external stakeholders. A fundamental part of a Business Continuity Plan is to establish a BCP team, responsible for managing the process.
What is a Disaster Recovery Plan (DR Plan)?
The reason for a Disaster Recovery Plan is to provide a detailed plan for getting your IT systems back online after a disaster has occurred. This needs to be implemented quickly to limit the disruption to the business
How do the two plans work together?
Typically, the Disaster Recovery plan is more of a technical document detailing the response required by the technology teams in the event of a disaster. Whereas the Business Continuity Plan deals with business processes. Each department within the business will need to provide input into the latter, detailing which processes they would normally complete on a daily basis are the most important and what deadlines they have for completing those processes.
If either plan is missing or fails to work in the manner expected – it can cause a massive disruption to the business.
Why is BCDR important?
Investing the time to design a suitable BCP or having a professional consultant come in and build a BCP gives the business time to research and test solutions before any such BC events occur giving you security in knowing that your business can function even in events where there is a total loss of service to your offices.
With fluctuations in regulations during the recent pandemic, businesses have had to adapt the way they operate and have had to do so quickly. Those companies who have had a BCP were already prepared for such a scenario. This meant that they were able to initiate the plan, knowing every step of it beforehand. It will have been tested and practised ensuring there were no issues that unfolded in a time of uncertainty. Everything will have fallen into place and staff would have been able to continue working almost seamlessly.
Not having a BCP can ultimately lead to important businesses processes being missed and communication being poor. One key part of designing a successful BCP is identifying those key business processes and the IT systems that support them – if you don’t have those processes documented, its impossible to ensure redundancy in the underlying IT systems.
The Importance of a Plan of Action
Being ready for a disaster and having a plan of action in place means that in the event of a disaster or outage, you are not creating and implementing processes on the fly. This could leave room for bad processes or detrimental processes to be created due to having to put something in place in an emergency.
Your business is prepared and there is less stress in the event of a BC/DR scenario as you know what to do and can streamline processes to reduce any downtime to a minimum and loss of earnings too.
In the financial markets, being down for a couple of minutes can cost millions. If for example, the company website is down for an e-commerce platform, you will be losing sales that happen potentially every minute. In the recent outage that Amazon experienced (June 2021), they determined that their outage cost them $34 million for their 59-minute outage, that’s approximately $577,000 per minute.
How To Build a Plan of Action
Let’s use an example where one of your servers is infected with a ransomware virus. Your business has regular incremental backups during the day that are stored off-site or within a cloud platform. you do not have a fallback server and the server has now stopped your business functioning. you now need to recover from this “Disaster”.
Since there are regular backups throughout the day, you’re able to roll the server back to before the crypto lock virus hit from a backup taken before the incident. There are two factors to consider with disaster recovery.
Recovery Time Object (RTO) – How long you deem it acceptable to have downtime before service is restored. In the ransomware example, you may deem it acceptable to be down for a number of hours if the server is a virtual server as you will need to build a new instance of the server from the backups. In the case of a physical server, you would need to factor in the time to swap out hard drives and then the time it takes to restore the server from a backup and how long your business can be down without the ability to function and make money.
If however, you determine that the downtime needs to be measured in minutes, an alternative solution to incremental backups would need to be implemented.
Recovery Point Objective (RPO) – This essentially determines the maximum amount of acceptable data loss. So, if for instance, you have a business-critical application that holds data within a database. The RPO for that system may be set at 15 minutes. This means that in the event of a disaster – the application needs to be brought back online with the data a maximum of 15 minutes old. Once this value has been determined by the business – it’s down to the IT teams to put in place data protection measures to ensure that 15 minutes is achievable.
The Future of BCDR
Business Continuity Plans & Disaster Recovery Plans are never “finished”. They should always be evolving to keep up with the latest threats. New threats appear daily, and you will need to be sure your current solution can cater for the new threats as well as the existing/old threats. A good example of this is the recent pandemic. Pandemic planning wasn’t at the forefront of everyone’s minds prior to 2020 – however many Business Continuity plans included plans to be invoked in the case of a pandemic. Today – every BCP will contain pandemic planning measures.
Also, the recent shift to working from home is beginning to become the accepted norm. This will begin to present its own unique set of needs within a BC/DR plan. Business-critical users will need backup internet lines or may need a spare computer to work from in case of a hardware issue.
It is a case of finding your businesses weakest links and ensuring that every plausible outcome is accounted for in your plans.
How can Tribeca help?
Ultimately, you’ll hope that you never need to use your Business Continuity or Disaster Recovery Plans but the cost of not having such plans ready to deploy could be much greater than you’d expect. It’s not just the monetary value associated with the downtime, but it could damage your businesses reputation as well.
To ensure that your business’s plans are up to scratch or if you don’t currently have them and would like our professional help building them, then please get in touch. You can find out more about our service by visiting our Business Continuity & Disaster Recovery page.
Tribeca also offers IT support services tailored to businesses in the Alternative Investment sector. From Hedge Fund IT Support to Private Equity IT Support. We operate as your business partner and want to be seen as an extension of your business, providing consistent quality and proactive assistance to help you grow and protect your business.
For more information on our IT support and managed services for the alternative investment sector, get in touch with us today.