The importance of ICT Disaster Recovery Planning

For many organisations, Business Continuity Management (BCM) is now regarded as an integral part of their management systems for dealing with disruptive events. BCM plans need to include preparedness for emergency response, incident management, Information and Communication Technology (ICT) disaster recovery (DR) planning, information security management, business recovery processes and procedures, business activity recovery time and data recovery point objectives and the arrangements for getting back to ‘business as usual’.

For most organisations throughout every business sector, ICT is now regarded as being a critical component and a vital part of its business activities.  The increasing use of the internet and social media when taken together with business systems and applications means that most businesses are now extremely reliant on their ICT infrastructure. All organisational technical systems must therefore have high availability and be physically robust and reliable. They must also be able to protect and ensure the reliability of the organisation’s knowledge base and intellectual property so as to safeguard data confidentiality, its integrity and availability to those within the business who need to have access to be able to do their jobs.

As this is the case, the organisation’s critical business activities must be protected as part of its BCM arrangements and include any disruptions to ICT networks that can create risks to the company’s reputation and its ability to operate. The failure of ICT including security breaches, such as through cyber attacks and virus infections, can have a serious impact on the continuity of an organisation’s business operations. The management and security of ICT are therefore seen as a key part of BCM requirements.

Data handling

As the organisations business activities will usually be dependent on its having access to reliable up-to-date company information, part of the BCM plan will therefore need to specify how much data the company can afford to lose and how current that information needs to be. This is known as the Recovery Point Objectives (RPO). Therefore any ICT DR plan that is put in place must take into account the organisation’s business requirements and priorities and include information continuity solutions to meet those BCM business needs as specified within its RPO. The RPO will include the data restoration of current information for each business activity, when it should be recovered and the requirements to ensure the continuing confidentiality, integrity and availability in order to provide a robust and reliable data backup of vital company information.

The ICT DR plan must also include information for backup that will include how the data is to be securely stored, such as through physical backup media such as tape, optical devices or transmission to the ‘cloud’; how often it is backed up; and the safe environment in which the data is to be held either on site or off site. The plan should also include the arrangements and expected timescales for data retrieval and its restoration.

Other ICT DR Plan components

In addition to data storage and access, the DR Plan should also include other components such as alternate site requirements, the arrangements for the ‘failing over’ and ‘failing back’ of data to an alternative data centre site, power and cooling requirements for equipment as well as a maintenance, testing and exercise programme.

How can Biscon help?

Biscon Planning Limited is a leading and well respected independent supplier of Risk and Business Continuity Management requirements, who have expertise experience, and access to specialist knowledge. Biscon have successfully introduced and implemented business continuity strategies, policies and plans into many organisations through recognising both commonalities and differences in their approach and using their knowledge, personal experience and industry best practices to facilitate the successful implementation of your BCM system.

At Biscon, we do not believe in a one-size-fits-all approach and so create bespoke plans that are tailored to suit the individual needs of our clients. A BCP delivered by Biscon would help your organisation meet its core objectives of maintaining its operations following any acute disruption to your normal activities. Our programmes of work can deliver such requirements as an operational Risk Register, a Business Impact Analysis that highlights the impact on functions and activities and a comprehensive Business Continuity Management Plan.

Biscon can provide you with a FREE ‘Health Check’ of your current levels of resilience; just give us a call to arrange yours.

If you need assistance with any aspect of your Business Continuity programme, then call Biscon on 01453 889250 or email Jim Nield at jimnield@biscon.co.uk. Also please see our website; www.biscon.co.uk for further information.