Business Continuity and Disaster Recovery Planning

Schneider Downs is committed to helping organizations in various industries understand the importance of planning for Business Continuity (BC) and Disaster Recovery (DR). First, we debunk the common myth that BC and DR planning are one in the same.

We want organizations to understand that BC planning consists more of a holistic view of the organization and focuses on ensuring the business remains operational during any type of disruptive event. Whereas DR focuses more granularly on how fast the business can restore its critical data, operations, systems and infrastructure. It is important for organizations to plan for and understand their ability to react and respond to maximize business resiliency for any type of business disruption and reduce any risks associated with operational downtime. Organizations can think of their BC Plan as the heart of their company that identifies all the business operations and their associated risks in the event of a disruption. Whereas the DR Plan ties the technologies back to each business processes to ensure procedures are in place to remain operational. Without defined BC and DR Plans, an organization could succumb to significant financial loss, legal and regulatory repercussion, operational and reputational risk, and breach of sensitive information. 

We understand that BC and DR planning can be a daunting task for organizations, and sometimes it is unclear where to start. Based on our experiences working with clients, we feel that the most important phase of planning starts with governance structuring. The organization should have clear policies, roles, responsibilities and strategies in place for each business process. Leaders should understand what the business objectives are and how each business process plays a part to achieve those objectives. Management should identify the organization’s most critical processes, technology and vendors. The most critical and effective exercises that can help organizations identify these during planning are Business Impact Analyses (BIAs) and Risk Assessments (RAs).

A BIA is an exercise that allows an organization to gather critical information for each business unit in order to develop recovery strategies. The RA will allow each business unit to risk rank its critical processes, technology and vendors and understand the major impacts to the organization if there were a disruption of service. 

With the help of Schneider Downs, your organization can receive the expertise and knowledge our team members can bring to help map your critical process, technology and vendors. By having one of our highly qualified team members conduct BIAs and RAs, you will understand what each of the following are for every business process throughout your organization:

  • Critical business processes,
  • Critical times of operations,
  • Critical applications, equipment, infrastructure requirements and hardware,
  • Critical third-party vendors,
  • System dependencies and single points of failure,
  • Critical personnel, 
  • Workarounds. 

 

Additionally, we can help identify the impacts on the organization if a disaster was declared and critical communication, facilities, human capital, technology and/or third-party vendors were impacted. Our team can perform an RA to identify the threats and risks that may impact business operations. Assessing the risks based on impact and likelihood of occurrence will allow the business owners to rank and prioritize the recovery of disruptions. Risk assessments allow organizations to understand what risks are present to their business operations and what controls are currently in place to mitigate those risks. After a risk assessment is performed, management will have an idea of the controls that are required to implement and mitigate risks. 

After BIAs and RAs are performed, the BC and DR plan is ready to be developed and/or evaluated. We help organizations either fully develop and implement their plans or review pre-existing plans to ensure all key points are being documented. From the information gathered during the BIA and RAs, the plans can be compiled to ensure that a complete understanding of the organization’s ability to recover, as a whole, as well as recovering all criticalities to each business unit is documented. The BC Plan will focus more on how the organization will function during any type of disruption and the approach to return to normal operations. When developing or evaluating an existing BC Plan, we can help organizations ensure all the following key areas are defined:

  • Purpose and objectives,
  • Roles and responsibilities,
  • Results from BIAs,
  • RA results and mitigation plans,
  • Existing recovery and response strategies and manual or alternate procedures,
  • Key contacts for critical vendors,
  • Call tree for critical personnel,
  • Plan activation and notification procedures,
  • Plan monitoring and updates. 

Alternatively, when developing or evaluating an existing DR Plan, we can help organizations ensure all the following key areas are defined:

  • Purpose, scope and objectives,
  • Assumptions,
  • Roles and responsibilities,
  • Data and infrastructure requirements,
  • Key contacts for critical vendors,
  • Call tree for critical personnel,
  • Critical application, equipment and hardware tiering,
  • Critical system dependencies,
  • Recovery strategy and solutions phases
    • Assessment Phase,
    • Activation Phase,
    • Communication Phase,
    • Alternate Site/Rebuild Phase,
    • Return to Primary Systems Phase.
  • Insurance requirements and expense handling.

Schneider Downs recommends organizations develop a BC Team that compiles the plans and monitors them on an annual basis. Additionally, the organization should test its BC and DR Plans on at least an annual basis. Management should develop exercises and testing scenarios that include many business disruption possibilities. An example exercise scenario includes a failover of a critical application to ensure that it meets its Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). 

  • RTO - The amount of real time a business has to restore its processes at an acceptable service level after a disaster to avoid intolerable consequences associated with the disruption.
  • RPO - The maximum amount of data – as measured by time – that can be lost after a recovery from a disaster, failure or comparable event before data loss will exceed what is acceptable to an organization.

Schneider Downs can help an organization develop its BC and DR exercise scoping and testing requirements, as well as detailed procedures to follow to ensure that there are no gaps in testing. The organization should also consider having its exercises subject to independent audit reviews to ensure the organization is effectively managing its programs. Management should develop training plans to ensure all employees are familiar with the BC and DR strategies and procedures. Monitoring of the plans on an annual basis will ensure that they are current with any changes to the organization's business operations, systems and infrastructure. 

For additional information on how we can help, please see our website at Business Continuity | Disaster Planning | Schneider Downs

 

 

 

 

 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Zero-Based Budgeting: The Continued Pursuit of Savings
Post-Pandemic Fraud Landscape
How To Identify Supply Chain Vulnerabilities
Private Equity Activity Update
Understanding the Value of Value Chains
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×