Schneider Downs is committed to helping organizations in various industries understand the importance of planning for Business Continuity (BC) and Disaster Recovery (DR). First, we debunk the common myth that BC and DR planning are one in the same.
We want organizations to understand that BC planning consists more of a holistic view of the organization and focuses on ensuring the business remains operational during any type of disruptive event. Whereas DR focuses more granularly on how fast the business can restore its critical data, operations, systems and infrastructure. It is important for organizations to plan for and understand their ability to react and respond to maximize business resiliency for any type of business disruption and reduce any risks associated with operational downtime. Organizations can think of their BC Plan as the heart of their company that identifies all the business operations and their associated risks in the event of a disruption. Whereas the DR Plan ties the technologies back to each business processes to ensure procedures are in place to remain operational. Without defined BC and DR Plans, an organization could succumb to significant financial loss, legal and regulatory repercussion, operational and reputational risk, and breach of sensitive information.
We understand that BC and DR planning can be a daunting task for organizations, and sometimes it is unclear where to start. Based on our experiences working with clients, we feel that the most important phase of planning starts with governance structuring. The organization should have clear policies, roles, responsibilities and strategies in place for each business process. Leaders should understand what the business objectives are and how each business process plays a part to achieve those objectives. Management should identify the organization’s most critical processes, technology and vendors. The most critical and effective exercises that can help organizations identify these during planning are Business Impact Analyses (BIAs) and Risk Assessments (RAs).
A BIA is an exercise that allows an organization to gather critical information for each business unit in order to develop recovery strategies. The RA will allow each business unit to risk rank its critical processes, technology and vendors and understand the major impacts to the organization if there were a disruption of service.
With the help of Schneider Downs, your organization can receive the expertise and knowledge our team members can bring to help map your critical process, technology and vendors. By having one of our highly qualified team members conduct BIAs and RAs, you will understand what each of the following are for every business process throughout your organization:
Additionally, we can help identify the impacts on the organization if a disaster was declared and critical communication, facilities, human capital, technology and/or third-party vendors were impacted. Our team can perform an RA to identify the threats and risks that may impact business operations. Assessing the risks based on impact and likelihood of occurrence will allow the business owners to rank and prioritize the recovery of disruptions. Risk assessments allow organizations to understand what risks are present to their business operations and what controls are currently in place to mitigate those risks. After a risk assessment is performed, management will have an idea of the controls that are required to implement and mitigate risks.
After BIAs and RAs are performed, the BC and DR plan is ready to be developed and/or evaluated. We help organizations either fully develop and implement their plans or review pre-existing plans to ensure all key points are being documented. From the information gathered during the BIA and RAs, the plans can be compiled to ensure that a complete understanding of the organization’s ability to recover, as a whole, as well as recovering all criticalities to each business unit is documented. The BC Plan will focus more on how the organization will function during any type of disruption and the approach to return to normal operations. When developing or evaluating an existing BC Plan, we can help organizations ensure all the following key areas are defined:
Alternatively, when developing or evaluating an existing DR Plan, we can help organizations ensure all the following key areas are defined:
Schneider Downs recommends organizations develop a BC Team that compiles the plans and monitors them on an annual basis. Additionally, the organization should test its BC and DR Plans on at least an annual basis. Management should develop exercises and testing scenarios that include many business disruption possibilities. An example exercise scenario includes a failover of a critical application to ensure that it meets its Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).
Schneider Downs can help an organization develop its BC and DR exercise scoping and testing requirements, as well as detailed procedures to follow to ensure that there are no gaps in testing. The organization should also consider having its exercises subject to independent audit reviews to ensure the organization is effectively managing its programs. Management should develop training plans to ensure all employees are familiar with the BC and DR strategies and procedures. Monitoring of the plans on an annual basis will ensure that they are current with any changes to the organization's business operations, systems and infrastructure.
For additional information on how we can help, please see our website at Business Continuity | Disaster Planning | Schneider Downs
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
[email protected]
p:412.261.3644
f:412.261.4876
[email protected]
p:614.621.4060
f:614.621.4062
[email protected]
p:571.380.9003
