Disaster Recovery and Business Continuity – Planning Phase

Disaster Recovery and Business Continuity plans if well planned and implemented can help mitigate risks and loss to the business. With increasing competition and complexity of systems and reliance on IT technology, Organizations are focusing in this area to ensure they do not lose out on the business operations in the event of any disaster or failure.

DR & BC planning calls for in depth knowledge of the industry, the particular business and the processes. As such this kind of practical knowledge would be available within the Organization with employees at all levels. Therefore companies can very well manage to draw up and maintain DR & BC plans in house with the help of standard templates or certified consultants.

The starting point of DR & BC plans can be said to be the strategic decision that needs to be taken by the management in this direction followed by allocation of financial and human resources necessary. The next important part happens to be to identify the risk and to estimate or determine the tolerance level for disaster recovery and business continuity.

A detailed Business impact analysis would need to be carried out to estimate and analyze the critical business operations and processes that need to be considered as critical for recovery and to prevent the business loss. Such analysis would need to take into account several factors to identify possible threats both internal as well as external, manmade and natural, etc and identify the possible risk to each of the critical system, process or business area. The risks can be broadly categorized into:

General Risks: Include natural calamities like fire, floods or any other location specific hazards threatening the building, security, lives etc. Besides, manmade risks including theft, robbery, vandalism, terrorist attacks etc would also be included in the risk analysis.

Political & Local Risks: Involves consideration and analysis of local political situation, the stability and policies of the Government & the economy and its impact on the local population, the local culture and the threat of disturbances etc.

Financial & Legal Risks: Include risks involved in financial transactions, stock markets, transactions with banks, recovery from markets as well as exposure to litigation through customer or supplier contracts and other business related scenarios etc.

Human Resource related risks: involve risks arising out of occupational hazard, employee safety and health etc. Even factors like employee loyalty, industrial espionage and other such business risks are covered here.

Technical Risks: relate to the technical processes, production systems, infrastructure as well as R&D, proprietary processes etc. The risk of losing, damage or loss need to be examined in detail in each case.

IT Related Risks: Involves complete and detailed study and analysis of each and every system, network, software, data, hardware, application, backup process & communication systems to identify possible risk of breakdowns, failures, data loss, theft of data, hacking and other risks.

Market & Business associated risks: can include risks specific to the Organization with reference to its position in the market, brand image and reputation as well as competition etc. Identifying critical factors that can influence the Organization’s business and reputation would need to be identified and analyzed.

The planning can go into minute detailing and extensive risk analysis. However it helps to identify certain critical areas, processes and functions that are vulnerable and affect the business and focus completely on them first. It helps to capture even minute and perceived threats in the identified areas for it helps build a stronger implementation plan. If the risk analysis and identification is done well, the risk mitigation will automatically follow and thus it is the risk analysis that helps fortify the business against threats.