Business Continuity and Disaster Recovery (BCDR), sometimes stylized as BC/DR, is a critical aspect of any organization's risk management plan. It ensures that essential business functions can be restored in the event of a disaster or other disruptive event, minimizing the impact on operations and customers.
Why BCDR is important
BCDR programs rose to prominence initially at organizations that were regulated or heavily IT-dependent. But today’s complex supply chains are creating real, near-term risk for any business that doesn't have a working, tested BCDR program.
If you need a working, testable BCDR program, here are some of the steps you’ll need to go through:
- Determining the business value of your IT services/applications
- Defining the recovery objectives for your suite of applications and supporting data
- Mapping application dependencies to hardware and across other applications
- Understanding the current state of IT resiliency — What could go wrong, what controls do we have in place, and how effective are they?
- Working with the business to set realistic continuity goals and necessary investment levels
Because of its complex nature and critical importance, many organizations partner with a business that has experience building a sophisticated BCDR program.
An experienced IT consulting team can help with:
- Working with business executives to determine the business relevance of IT services
- Proven, agile techniques for capturing accurate business requirements
- Skill in the use of automated tools for application dependency mapping
- Practical experience in how the various recovery options work
- Ability to support solution implementation
- Assistance with testing and continuous improvement
- Proven ability to help develop practical plans and supporting documentation
BCDR testing
As part of a comprehensive BCDR strategy, it is critical to test your plan to ensure that it will perform in the event of a disaster.
Most BCDR exercises are designed to succeed and meet specific objectives — like passing an audit. Unfortunately, using this model results in missed opportunities to truly try out your capabilities, and identify gaps and opportunities for improvement.
A different approach, and a good way to improve the value of your testing investment, is to follow a more disciplined, coordinated approach in all phases of the testing process. Including:
- Initiation: Identify the business objectives for the test “Why are we testing?” Check with senior management to confirm the objectives are meaningful to them.
- Plan: Determine the right scope and required resources to meet the business objectives. Incorporate a structured walk through early in the planning process to identify weaknesses and deficiencies and improve recovery capabilities before the actual test.
- Prepare: Arrange the people, process and technologies necessary to effectively support the test. Use role-playing scenarios to ensure your plans are actionable and effective and to validate your organization’s readiness for an actual test (go-no-go decision).
- Execute: orchestrate and document/keep a detailed log of test activates. Create supporting schedules, logs and communication plans to facilitate orchestration. Consider including a third party monitor to ensure an unbiased view of issues.
- Close: Conduct debriefing sessions to identify what worked, what didn’t and develop an action plan. Produce a formal post-test report to celebrate the wins and get organizational commitment to close gaps.
When done correctly, BCDR testing will not only reduce time, money and stress, but it will also:
- Help align business priorities with BCDR capabilities
- Rise executive awareness of the true state of BCDR
- Provide a true validation of BCDR capabilities – help us know what we don’t know.
- Promote a BCDR culture
- Serve as a primer to promote higher BCDR maturity
Learn more about cloud transformation