IT Focus Area: infrastructure operations
September 6, 2013
The A to Z Guide to Business Continuity and Disaster Recovery
Companies often face challenges during business continuity and disaster recovery (BC/DR) planning. One of the key challenges is to reach consensus to ensure everyone at the company is on the same page. Therefore, it is important for the business and IT to have a comprehensive discussion about its current capabilities, needs, procedures and expectations for BC/DR.
To help with these conversations, we have developed an alphabetical guide and identified 26 important terms. This list is not meant to be exhaustive, but rather a good starting point for this discussion.
Here is your A to Z guide to business continuity and disaster recovery:
Analysis. Analyzing the impact of any disaster or disruption and its potential effect on the organization. The analysis should quantify the expected financial losses and other business impacts that could occur. This analysis is used to help determine your company’s recovery point objective and recovery time objective.
Business continuity. Business continuity is the process and procedures a company should put in place to ensure mission-critical systems continue during and after a disaster or disruption. Business continuity safeguards the entire enterprise from the effects of a disaster or disruption to ensure business operations continue seamlessly.
Contact list. A list of team members and/or key players that should be contacted during a disaster or crisis. This list should include alternates or backups for each primary team member.
Disaster recovery. A subset of business continuity that concentrates on the restoration of the IT infrastructure and supporting applications.
Emergency operations center. A facility separate from the main facility, equipped with adequate communications equipment from which initial recovery efforts are coordinated. The management team uses this facility to coordinate the recovery process and this facility is used until the disaster or crisis is resolved. Find out how to create a cost-effective emergency operations center.
Financial impact. Revenue loss or operating expense that occurs following an interruption or disaster (as a result of the event). This financial impact can’t be offset by insurance and it directly affects the financial position of the organization.
Gap. It is the difference between the actual availability of an organization's information systems and the level of availability expected by its business units.
High availability. Systems with high availability, typically with 99.999% uptime. They operate 24 hours a day, seven days a week. These systems provide an exceptional uptime by utilizing numerous options to minimize or eliminate single points of failure.
Information lifecycle management. The practice for assigning appropriate degrees of importance to information, as it progresses from creation to eventual deletion. This methodology has the promise to provide the appropriate level of cost for storage and disaster recovery at every step in the lifecycle of data, thereby minimizing data storage and disaster recovery costs.
Joint operational exercise. A complete test of all or significant parts of a BC/DR plan. Operational exercises are conducted in the actual recovery centers and involve a complete restoration of service, up to and including, the verification of the applications and users' ability to interface with those applications.
Key performance indicators. Measurements benchmarked from objectives, targets and defined industry standards.
Live. Business continuity and disaster recovery plans should be tested live so that employees can understand how plans work in real life and in real time.
Mitigation strategy. The processes and plans followed to lessen the impact of threat or vulnerability on an organization.
Notification. Communication methods, processes and timeframes used to notify stakeholders of a disaster, crisis or interruption.
Operational resiliency. A concept that is bigger in scope than traditional BC/DR. More people are involved and they are not just from IT. Operational resiliency is impossible to obtain without incorporating technology and business processes. This concept requires an overall company-wide strategy to ensure the company becomes more resilient, whether an organization encounters a small or large disruption. Learn why companies should embrace this new concept.
Policy. Auditable, clear, documented and decisive guidelines about procedures for issues or circumstances that sometimes have vague variables or directives. Policies contain information that describes in detail their purpose, persons affected, responsibilities, procedures, and any revisions.
Quality assurance. A process or program responsible for the systematic monitoring and evaluation of a project, service or facility to ensure quality and value.
Recovery point objective and recovery time objective. Recovery point objective is the point in the data flow where an organization must recover via backups or other recovery methodologies. Recovery time objective is the amount of time an organization can afford to be without specific processes and information sources. Recovery point objective and recovery time objective are two prime criteria for the development of a recovery strategy.
Single point of failure. The only source for a specific service in an entity (e.g. a power supply in a router or a computing system for an application).
Tolerance. The measure of the ability to withstand threats and overcome disruptions.
Urgent activity. A term used to cover the activities that need to be done within a short timeframe.
Vulnerability. A weakness that could be exploited by a threat. Learn why a company’s vulnerability assessments should be weighted in the context of the business.
What if scenarios. Mock disasters that test a disaster plan. It involves the simulation of a disaster under the control of independent observers or coordinators. A mock disaster is a simulation with no invocation of recovery sites or facilities. This type of test is primarily intended to subject participants to "real" conditions and expose any communications or plan deficiencies. A mock disaster typically operates on a compressed timeframe.
X-ray. Examine the details of the BC/DR plans thoroughly so any critical component that could be beneficial during a real event.
Yearly review. BC/DR plans should be tested at least once a year, if not more frequently.
Zero day attack. A security vulnerability that is exploited on the same day the vulnerability becomes known. There are “zero days” between when the vulnerability is discovered and the first attack occurs.
To view the presentation version of this article, click on the presentation below.
View more presentations from Forsythe Technology