• Generative AI
  • Business Operations
  • IT Leadership
  • Application Security
  • Business Continuity
  • Cloud Security
  • Critical Infrastructure
  • Identity and Access Management
  • Network Security
  • Physical Security
  • Risk Management
  • Security Infrastructure
  • Vulnerabilities
  • Software Development
  • United States
  • United Kingdom
  • Newsletters
  • Foundry Careers
  • Privacy Policy
  • Cookie Policy
  • Member Preferences
  • About AdChoices
  • E-commerce Links
  • Your California Privacy Rights

Our Network

  • Computerworld
  • Network World

Neal Weinberg

Business continuity and disaster recovery planning: The basics

Good business continuity plans will keep your company up and running through interruptions of any kind: power failures, IT system crashes, natural disasters, pandemics and more.

storm disaster recovery disruption rain umbrella tornado challenge weather

Editor’s note: This article, originally published on March 27, 2014, has been updated to more accurately reflect recent trends.

Wildfires in California. A snowstorm in Texas.  Windstorms across the Midwest. Floods in Hawaii. Hurricanes in Florida and Louisiana. Russian hackers and ransomware attacks. And let’s not forget the global pandemic.

If anyone still thinks that having a disaster recovery and business continuity plan isn’t a high priority, you haven’t been paying attention to recent events. As we begin to emerge from the COVID-19 pandemic, organizations are shifting to a new normal that will certainly be more remote, more digital and more cloud-based. Disaster recovery plans will have to evolve to keep up with these changing business conditions.

On top of that, business requirements for disaster recovery have changed dramatically. There was a time when it was acceptable for recovery time to be measured in days or hours. Now it’s minutes. In some cases, business units are demanding zero down time in the event of an unplanned outage.

Here are the basics of a state-of-the-art disaster recovery/business continuity (DR/BC) plan for 2021 and beyond. (Without getting too hung up on definitions, let’s say that disaster recovery is getting the IT infrastructure back up and running, while business continuity is a broader discipline that gets the business back up and functioning once the lights are back on.) 

Integrate cybersecurity, intrusion detection/response, disaster recovery into a comprehensive data protection plan

For CISOs, the first goal of a disaster recovery plan is to avoid the disaster in the first place, which is becoming increasingly challenging. First, data is no longer safely tucked away in an on-premises data center. It’s distributed across on-premises environments, hyperscale clouds, the edge and SaaS applications. ESG Research Senior Analyst Christophe Bertrand points out that SaaS presents a serious data protection and recovery challenge because “now you have mission critical applications running as a service that you have no control over.”

Second, the pandemic drove millions of employees out of the secure confines of the corporate office to their home offices, where the Wi-Fi is less secure and where employees might be sharing sensitive data on collaboration applications.

Third, hackers took notice of these expanding attack vectors and launched a barrage of new and more targeted ransomware attacks. According to the Sophos State of Ransomware 2020 Report, hackers have moved from spray-and-pray desktop attacks to server-based attacks. “These are highly targeted, sophisticated attacks that take more effort to deploy. However, they are typically far more deadly due to the higher value of assets encrypted and can cripple organizations with multi-million dollar ransom requests,” according to the report .

In response to these changing conditions, CISOs should focus on beefing up endpoint security for remote workers, deploying VPNs and encryption, protecting data at rest no matter where it lives, and also making sure that collaboration tools don’t become a source of security vulnerabilities.

Conduct a business impact analysis (BIA)

Organizations need to conduct a thorough business impact analysis to identify and evaluate potential effects of disasters through the lenses of financial fallout, regulatory compliance, legal liability, and employee safety. Gartner estimates that 70% of organizations are making disaster recovery decisions without any business-aligned data points or based on an outdated BIA. “Without the fact base the BIA provides, teams can only guess at the appropriate level of DR and what risks are tolerable. This results in overspend or unmet expectations,” according to Gartner.

Remember, you don’t need to protect everything. Organizations that conduct these exercises are often surprised to discover servers that do nothing but run a routine back-end business process once a month, or even once a year.

Organizations need to prioritize applications by their criticality to the business, and to identify all the dependencies associated with a business process, particularly applications that may have been virtualized across multiple physical servers, might be running in containers in the cloud, or in serverless cloud environments.

Classify data

Along the same lines, you don’t need to protect all data, just the data that you need to keep the business running. You do need to go through the process of locating, identifying, and classifying data. Be sure to protect data that falls under regulatory requirements, customer data, patient data, credit card data, intellectual property, private communications, etc. The good news is that tools can automate data identification and classification.

Consider disaster recovery as a service (DRaaS)

DRaaS is an increasingly popular option for CISOs at small- to mid-sized organizations who want to cost-effectively improve IT resilience, meet compliance or regulatory requirements, and address resource deficiencies. The DRaaS market is expected to grow at a rate of 12% a year over the next five years, according to Mordor Intelligence . DRaaS services cover the full gamut of disaster recovery and business continuity, providing flexibility and agility to enterprises, according to the Mordor report.

Gartner adds that as the DRaaS market has matured and vendor offerings have become more industrialized, the size and scope of DRaaS implementations have increased significantly, compared with a few years ago.

Develop a solid communication plan

Simply getting servers back up and running is essentially meaningless unless everyone knows their roles and responsibilities. Do people have the appropriate cell phone numbers and email addresses to share information? Do the relevant stakeholders have a playbook that spells out how to respond to a crisis in terms of contacting law enforcement, outside legal teams, utility companies, key technology and supply chain partners, senior leadership, the broader employee base, external PR teams, etc.?

Depending on the nature of the disaster, networking groups might need to establish new lines of connectivity for remote workers and reconfigure traffic flows; maintenance teams might need to perform remote troubleshooting, security teams might need to re-set firewalls, change access policies, extend security protection to new devices or to cloud-based resources. The biggest problem in a disaster isn’t related to data backups, it’s not having the right people in place and understanding all the steps required for the business to recover, says Bertrand.

Automate testing

To test disaster preparedness, companies traditionally conduct tabletop exercises in which key players physically come together to play out DR scenarios. However, only one-third of organizations perceive the exercises as “highly effective,”  according to a July study  by Osterman Research in association with Immersive Labs, a company that develops human-readiness skills in cybersecurity. The research also found that organizations don’t perform tabletop exercises often enough to keep up with evolving threats and that these exercises cost an average of $30,000. During the pandemic, it’s fair to assume that tabletop exercises fell by the wayside.

Doug Matthews, vice-president of enterprise data protection at Veritas, says there’s a better way. New tools can automatically test backup and recovery procedures on an ongoing basis and identify potential issues that need to be addressed. Modern testing solutions are also able to use sandboxing technology to create safe environments in which companies can test the recoverability of applications without impacting production networks.

Create immutable data backups

Ransomware attackers are targeting backup repositories, particularly in the cloud. They are also targeting SaaS applications. In response, organizations should keep one copy of data that can’t be altered. “Be sure that you have an immutable copy of backup data that nobody can touch,” advises Matthews, who says companies should have three copies of data at all times, not just two.

Companies should also investigate isolated recovery environments, such as air gapping, in which one copy of the data lives in an environment not connected to the production environment.

Consider data re-use

“Business is the data and data is the business,” says Bertrand. Once organizations have a copy of their important data sitting in a safe backup environment, why not think about ways to reuse it to advance the company’s digital transformation efforts.

The idea is for organizations to “understand what you have, where it is, how to protect it, store it and optimize it.”  Ultimately, Bertrand predicts that organizations will evolve an intelligent data strategy that encompasses regulatory compliance, disaster recovery/business continuity and data analytics.

Perform continuous updates

CISOs updating their DR/BC plans should take their cue from DevOps. It’s not about one-and-done, it’s about continuous improvement. DR planners need to be plugged into any changes at the company that might affect recoverability, including employees working from home permanently, stores or remote offices opening or closing, applications being replaced by SaaS, data moving to the edge, or DevOps moving to the cloud. Also, the technology is constantly improving, so be on the lookout for new tools that can help automate DR/BC processes. The plan should not be sitting on the shelf collecting dust. It should be updated on a regular basis.

Do long-term planning

In light of everything that has happened over the past 12 months, it’s a good time to shift thinking about DR/BC from reactive to proactive. Unfortunately, between public health emergencies, climate change and the increase in cyberattacks, disasters seem to be occurring more often and are certainly more devastating. DR/BC plans need to get ahead of the threats, not simply respond to them.

For example, if your company is in California, your DR/BC plan has to assume that there will be power outages from next season’s wildfires. Companies concerned about losing power when the next natural disaster hits might want to think about generating their own power from alternative sources.

A successful DR/BC plan requires that companies perform the basics, but it is also an opportunity for companies to find creative and innovative ways to keep the business running when disaster hits.

Related content

The key to securing your cloud perimeter, qakbot infrastructure dismantled in multinational cybercrime takedown, how cisos can shift from application security to product security, recently patched juniper firewall flaws allow remote code execution, from our editors straight to your inbox.

Neal Weinberg

Neal Weinberg is a freelance technology writer and editor. He can be reached at [email protected] .

More from this author

Best and worst data breach responses highlight the do’s and don’ts of ir, pci dss 4.0 is coming: how to prepare for the looming changes to credit card payment rules, 13 traits of a security-conscious board of directors, consumers are done with passwords, ready for more innovative authentication, most popular authors.

disaster recovery planning and business continuity management are preventive controls

  • Cynthia Brumfield Contributing Writer

Show me more

Google cloud announces duet ai enhancements for mandiant, chronicle.


Time and effort to obtain cyber insurance increasing for US businesses


Suspected Met Police data breach potentially exposes sensitive officer, staff information


CSO Executive Sessions Australia with Eugene Ostapenko, Head of Information Security, Risk and Compliance at illion Australia and New Zealand


CSO Executive Sessions / ASEAN: IDC's Christian Fam on the state of digital trust in APAC


CSO Executive Sessions / ASEAN: Eddie Hau on Sunway Group’s cybersecurity strategy


Sponsored Links

  • Tomorrow’s cybersecurity success starts with next-level innovation today. Join the discussion now to sharpen your focus on risk and resilience.
  • dtSearch® - INSTANTLY SEARCH TERABYTES of files, emails, databases, web data. 25+ search types; Win/Lin/Mac SDK; hundreds of reviews; full evaluations

Home  >  Learning Center  >  Network Security  >  Business continuity planning (BCP)  

Article's content

Business continuity planning (bcp), what is business continuity.

In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures.

The core of this concept is the business continuity plan — a defined strategy that includes every facet of your organization and details procedures for maintaining business availability.

Start with a business continuity plan

Business continuity management starts with planning how to maintain your critical functions (e.g., IT, sales and support) during and after a disruption.

A business continuity plan (BCP) should comprise the following element

1. Threat Analysis

The identification of potential disruptions, along with potential damage they can cause to affected resources. Examples include:

2. Role assignment

Every organization needs a well-defined chain of command and substitute plan to deal with absence of staff in a crisis scenario. Employees must be cross-trained on their responsibilities so as to be able to fill in for one another.

Internal departments (e.g., marketing, IT, human resources) should be broken down into teams based on their skills and responsibilities. Team leaders can then assign roles and duties to individuals according to your organization’s threat analysis.

3. Communications

A communications strategy details how information is disseminated immediately following and during a disruptive event, as well as after it has been resolved.

Your strategy should include:

  • Methods of communication (e.g., phone, email, text messages)
  • Established points of contact (e.g., managers, team leaders, human resources) responsible for communicating with employees
  • Means of contacting employee family members, media, government regulators, etc.

From electrical power to communications and data, every critical business component must have an adequate backup plan that includes:

  • Data backups to be stored in different locations. This prevents the destruction of both the original and backup copies at the same time. If necessary, offline copies should be kept as well.
  • Backup power sources, such as generators and inverters that are provisioned to deal with power outages.
  • Backup communications (e.g., mobile phones and text messaging to replace land lines) and backup services (e.g., cloud email services to replace on-premise servers).

Load balancing business continuity

Load balancing  maintains business continuity by distributing incoming requests across multiple backend servers in your data center. This provides redundancy in the event of a server failure, ensuring continuous application uptime.

In contrast to the reactive measures used in failover and  disaster recovery  (described below) load balancing is a preventative measure.  Health monitoring  tracks server availability, ensuring accurate load distribution at all times—including during disruptive events.

Disaster recovery plan (DCP) – Your second line of defense

Even the most carefully thought out business continuity plan is never completely foolproof. Despite your best efforts, some disasters simply cannot be mitigated. A disaster recovery plan (DCP) is a second line of defense that enables you to bounce back from the worst disruptions with minimal damage.

As the name implies, a disaster recovery plan deals with the restoration of operations after a major disruption. It’s defined by two factors: RTO and  RPO .

disaster recovery plan

  • Recovery time objective (RTO)  – The acceptable downtime for critical functions and components, i.e., the maximum time it should take to restore services. A different RTO should be assigned to each of your business components according to their importance (e.g., ten minutes for network servers, an hour for phone systems).
  • Recovery point objective (RPO)  – The point to which your state of operations must be restored following a disruption. In relation to backup data, this is the oldest age and level of staleness it can have. For example, network servers updated hourly should have a maximum RPO of 59 minutes to avoid data loss.

Deciding on specific RTOs and RPOs helps clearly show the technical solutions needed to achieve your recovery goals. In most cases the decision is going to boil down to choosing the right failover solution.

See how Imperva Load Balancer can help you with business continuity planning.

Choosing the right failover solutions

Failover  is the switching between primary and backup systems in the event of failure, outage or downtime. It’s the key component of your disaster recovery and business continuity plans.

A failover system should address both RTO and RPO goals by keeping backup infrastructure and data at the ready. Ideally, your failover solution should seamlessly kick in to insulate end users from any service degradation.

When choosing a solution, the two most important aspects to consider are its technological prowess and its service level agreement (SLA). The latter is often a reflection of the former.

For an IT organization charged with the business continuity of a website or web application, there are three failover options:

  • Hardware solutions  – A separate set of servers, set up and maintained internally, are kept on-premise to come online in the event of failure. However, note that keeping such servers at the same location makes them potentially susceptible to being taken down by the same disaster/disturbance.
  • DNS services  – DNS services are often used in conjunction with hardware solutions to redirect traffic to a backup server(s) at an external data center. A downside of this setup includes  TTL-related delays  that can prevent seamless disaster recovery. Additionally, managing both DNS and internal data center hardware failover solutions is time consuming and complicated.
  • On-edge services  – On-edge failover is a managed solution operating from off-prem (e.g., from the  CDN  layer). Such solutions are more affordable and, most importantly, have no TTL reliance, resulting in near-instant failover that allows you to meet the most aggressive RTO goals.

Latest Articles

  • Regulation & Compliance







The 10th Annual Bad Bot Report

The evolution of malicious automation over the last decade

The State of Security Within eCommerce in 2022

Learn how automated threats and API attacks on retailers are increasing

Prevoty is now part of the Imperva Runtime Protection

Protection against zero-day attacks

No tuning, highly-accurate out-of-the-box

Effective against OWASP top 10 vulnerabilities

An Imperva security specialist will contact you shortly.

Top 3 US Retailer

Business Continuity vs. Disaster Recovery: 5 Key Differences

People discussing disaster recovery

Fill out the form below and we’ll email you more information about UCF’s online Leadership and Management programs.

  • Name * First Last
  • Degree * Career and Technical Education, BS Career and Workforce Education, MA College Teaching and Leadership Corrections Leadership Destination Marketing and Management Educational Leadership, MA Emergency and Crisis Management, MECM Engineering Management, MS Event Management Health Informatics and Information Management, BS Health Services Administration, BS Hospitality Management, BS Industrial Engineering, MSIE Lifestyle Community Management, BS Local Director of Career & Technical Education Lodging and Restaurant Management, BS Master of Public Administration, MPA Nonprofit Management Nonprofit Management, MNM Police Leadership Project Engineering Public Administration
  • Comments This field is for validation purposes and should be left unchanged.

Privacy Notice

Many professionals operate under the assumption that their workplace will remain largely unchanged from one day to the next, finding comfort in rhythms and routines. Sometimes, however, events disrupt business as usual. A critical aspect of leadership is preparing for those interruptions, creating strategies and plans that can keep core business functions intact even under duress.

Two specific fields address potential business interruptions: business continuity and disaster recovery. These disciplines minimize the impact that a catastrophic event might have on a business’s ability to reliably deliver its products and services.

While both fields are important, and even similar in some aspects, they are not synonymous. There are important differences in business continuity vs. disaster recovery, and those in leadership or emergency preparedness roles can benefit from understanding the core distinctions.

One way to develop a clear understanding of business continuity vs. disaster recovery is through studying emergency management. An online program in this field can offer professionals the skills needed to successfully lead companies through different kinds of crises.

Why Business Continuity and Disaster Recovery Matter

Business continuity outlines exactly how a business will proceed during and following a disaster. It may provide contingency plans, outlining how the business will continue to operate even if it has to move to an alternate location. Business continuity planning may also take into account smaller interruptions or minor disasters, such as extended power outages.

Disaster recovery refers to the plans a business puts into place for responding to a catastrophic event, such as a natural disaster, fire, act of terror, active shooter or cybercrime. Disaster recovery involves the measures a business takes to respond to an event and return to safe, normal operation as quickly as possible.

The Importance of Advanced Planning

When businesses face disasters and don’t have the proper plans in place, the effects can be catastrophic. The most obvious effect is financial loss; the longer a business goes without delivering its products and services, the greater its financial losses. Eventually, these losses may force a business to make tough decisions, such as cutting employees. But there can also be technological consequences, including the loss of important or sensitive data.

Having business continuity and disaster recovery plans in place can help companies minimize the consequences of a catastrophic event. They can also provide peace of mind; employees and business owners alike may feel more comfortable in a work setting where there are clear policies for how to respond to disasters.

In many companies, crisis management professionals are responsible for developing and implementing these plans, evaluating and revising them as needed, and training employees to ensure they know how to follow the specified strategies.

Similarities Between Business Continuity and Disaster Recovery

Business continuity planning and disaster recovery planning often seem interdependent. While the two concepts are not the same, they overlap in some areas and work best when developed in tandem.

  • Both are proactive strategies that help a business prepare for sudden, cataclysmic events. Instead of reacting to a disaster, both disciplines take a preemptive approach, seeking to minimize the effects of a catastrophe before it occurs.
  • Businesses can use both to prepare for a range of ecological and human-made disasters. Business continuity and disaster recovery are instrumental to preparing for pandemics, natural disasters, wildfires and even cyberattacks.
  • Both require regular review, and they may sometimes require revision to ensure they match the company’s evolving goals. An emergency management leader will continually test and modify these plans as needed.

Differences Between Business Continuity and Disaster Recovery

A closer look at business continuity vs. disaster recovery reveals some key distinctions. Ultimately, these differences highlight the fact that businesses need to have plans of both kinds in place to be sufficiently prepared for disaster.

  • Business continuity focuses on keeping business operational during a disaster, while disaster recovery focuses on restoring data access and IT infrastructure after a disaster. In other words, the former is concerned with keeping the shop open even in unusual or unfavorable circumstances, while the latter focuses on returning it to normal as expediently as possible.
  • Unlike business continuity plans, disaster recovery strategies may involve creating additional employee safety measures, such as conducting fire drills or purchasing emergency supplies. Combining the two allows a business to place equal focus on maintaining operations and ensuring that employees are safe.
  • Business continuity and disaster recovery have different goals. Effective business continuity plans limit operational downtime, whereas effective disaster recovery plans limit abnormal or inefficient system function. Only by combining the two plans can businesses comprehensively prepare for disastrous events.
  • A business continuity strategy can ensure communication methods such as phones and network servers continue operating in the midst of a crisis. Meanwhile, a disaster recovery strategy helps to ensure an organization’s ability to return to full functionality after a disaster occurs. To put it differently, business continuity focuses on keeping the lights on and the business open in some capacity, while disaster recovery focuses on getting operations back to normal.
  • Some businesses may incorporate disaster recovery strategies as part of their overall business continuity plans. Disaster recovery is one step in the broader process of safeguarding a company against all contingencies.

Leadership in Times of Crisis

Crisis management is an important skill for all business leaders. In fact, crisis management draws upon many of the other skills necessary for business success. Analytical and problem-solving skills as well as flexibility in decision making are essential for assessing potential threats and determining how to proactively address them. Communication skills, both verbal and written, are necessary for articulating a plan and training employees on how they should act in response to a crisis.

“Leadership in managing crises can minimize the damage imposed by an incident while lack of effective leadership worsens the impact,” says Naim Kapucu, Pegasus Professor and director of the School of Public Administration at the University of Central Florida (UCF) . “Organizations should have leaders with crisis management competencies to effectively manage disasters and crises based on the contingencies and environmental and organizational factors.”

Crisis management skills matter because any company can experience a catastrophe that limits its ability to function as normal, and often it will have little time to pivot and adapt. “Crises are not a good time to reorganize adequately operating organizational systems, much less try to implement wholesale organizational changes or reforms,” says Kapucu. Having a plan in place, ready to be executed, can make all the difference. The COVID-19 pandemic has brought into stark relief the uncertainty that businesses face and the extreme disruptions that can take place.

Programs such as the University of Central Florida’s online Master of Emergency and Crisis Management can help leaders fortify the knowledge, competencies, and skills they need to help their enterprises weather these times of crisis.

Crisis Management Careers

Crisis management is a key part of several careers. Each of the following positions offers a different level of leadership through tumultuous times.

Emergency Management Director

Emergency management directors develop and execute the plans that businesses follow to respond to natural disasters and other emergencies. Strong analytical, problem-solving, delegation and communication skills are essential. According to the U.S. Bureau of Labor Statistics, the annual median salary for emergency management directors in 2019 was $74,590.

Disaster Program Manager

Disaster program managers may coordinate shelters, manage triage centers or organize other services in the wake of a disaster. These professionals must be skilled in remaining calm under extreme pressure; empathy and understanding are also important. The annual median salary for this role was around $48,000, according to May 2020 PayScale data.

Geographic Systems Information Coordinator

Geographic systems information coordinators use a wide range of data sources, such as land surveys, to help anticipate and prepare for different disasters. Technical skills and data analysis competencies are vital for success in this role. PayScale reports that the annual median salary for these coordinators was around $58,000 as of May 2020.

Emergency Preparedness Manager

Emergency preparedness managers are typically responsible for making sure employees and customers are safe. They may report directly to the emergency preparedness director, whose role is more comprehensive. The annual median salary of emergency preparedness managers was around $69,000 as of May 2020, according to PayScale.

Developing a Career in Emergency Management

Business continuity and disaster recovery plans help businesses prepare for worst-case scenarios; they provide peace of mind, a sense of stability and key safeguards against major loss and disruption. The University of Central Florida’s online Master of Emergency and Crisis Management (MECM) degree program helps professionals prepare for this important work.

The MECM curriculum exposes students to key emergency management skills, including developing, testing and communicating plans. It emphasizes the financial, ethical, political and practical dimensions of disaster response. Find out more about the MECM degree program today and embark on a new career on the front lines of crisis management.

Online Leadership and Management Degrees at UCF

  • Career and Technical Education, BS
  • Career and Workforce Education, MA
  • College Teaching and Leadership
  • Corrections Leadership
  • Destination Marketing and Management
  • Educational Leadership, MA
  • Emergency and Crisis Management, MECM
  • Engineering Management, MS
  • Event Management
  • Health Informatics and Information Management, BS
  • Health Services Administration, BS
  • Hospitality Management, BS
  • Industrial Engineering, MSIE
  • Lifestyle Community Management, BS
  • Local Director of Career & Technical Education
  • Lodging and Restaurant Management, BS
  • Master of Public Administration, MPA
  • Nonprofit Management
  • Nonprofit Management, MNM
  • Police Leadership
  • Project Engineering
  • Public Administration

You May Also Enjoy

disaster recovery planning and business continuity management are preventive controls

Book cover

Always-On Business pp 51–78 Cite as

Business Continuity Management, Disaster Recovery Planning: Compliance in Practice

  • Nijaz Bajgorić 4 ,
  • Lejla Turulja 4 &
  • Amra Alagić 4  
  • First Online: 22 March 2022

363 Accesses

Part of the Progress in IS book series (PROIS)

This chapter provides instructions on how a project management methodology can be applied to create, implement, and maintain Business Continuity Plan (BCP), Disaster Recovery Plan (DRP) with a strong emphasis on building business readiness that allows companies to recover their business processes after unforeseen events. There are three main topics covered in this chapter: Business Continuity Plan (BCP), Disaster Recovery Plan (DRP) and IT Audit of BC/DR. The Chapter explains four key BCM processes that can be divided into the following six phases: Project initiation, Risk Assessment/Business Impact Analysis, Determining the BCM Strategy, Creation of master Contingency Plans, Testing and exercising master Contingency Plans, and Operations Management. Special emphasis was placed on the development of two key documents, Risk Assessment and Business Impact Analysis, through which the BCM team becomes more familiar with business processes and the IT infrastructure that supports these processes, in order to define key parameters such as RTO and RPO to prioritize critical business processes and determine the order of recovery of processes and applications after a disaster. At the end of the Chapter, instructions are provided on how to conduct a systematic audit of BC/DR processes and associated activities.

This is a preview of subscription content, access via your institution .

Buying options

  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
  • Available as EPUB and PDF
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
  • Durable hardcover edition

Tax calculation will be finalised at checkout

Purchases are for personal use only

Al Hour, A. (2012). Business continuity management: Choosing to survive . IT Governance Ltd.

Google Scholar  

Asnar, Y., & Giorgini, P. (2008). Analyzing business continuity through a multi-layers model. In Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), 5240 LNCS (pp. 212–227). https://doi.org/10.1007/978-3-540-85758-7-17

CrossRef   Google Scholar  

British Standards Institution. (2016). ISO 22301 business continuity management your implementation guide . British Standards Institution.

Cha, S. C., Juo, P. W., Liu, L. T., & Chen, W. N. (2008). RiskPatrol: A risk management system considering the integration risk management with business continuity processes. In IEEE international conference on intelligence and security informatics (pp. 110–115). IEEE ISI. https://doi.org/10.1109/ISI.2008.4565039

Dey, M. (2011). Business continuity planning (BCP) methodology—Essential for every business. In 2011 IEEE GCC conference and exhibition (pp. 229–232). GCC. https://doi.org/10.1109/IEEEGCC.2011.5752503

Engemann, K. J., & Henderson, D. M. (2014). Business continuity and risk management: Essentials of organizational resilience . Rothstein Publishing.

Hawkins, S. M., Yen, D. C., & Chou, D. C. (2000). Disaster recovery planning: A strategy for data security. Information Management and Computer Security, 8 (5), 222–229. https://doi.org/10.1108/09685220010353150

Herbane, B. (2010). The evolution of business continuity management: A historical review of practices and drivers. Business History, 52 (6), 978–1002. https://doi.org/10.1080/00076791.2010.511185

Kliem, R. L., & Richie, G. D. (2015). Business continuity planning: A project management approach . CRC Press.

Low, S. P., Liu, J., & Sio, S. (2010). Business continuity management in large construction companies in Singapore. Disaster Prevention and Management: An International Journal, 19 (2), 219–232. https://doi.org/10.1108/09653561011038011

Peterson, D. M., & Perry, R. W. (1999). The impacts of disaster exercises on participants. Disaster Prevention and Management: An International Journal, 8 (4), 241–254. https://doi.org/10.1108/09653569910283879

Rezaei Soufi, H., Torabi, S. A., & Sahebjamnia, N. (2019). Developing a novel quantitative framework for business continuity planning. International Journal of Production Research, 57 (3), 779–800. https://doi.org/10.1080/00207543.2018.1483586

Sikdar, P. (2011). Alternate approaches to business impact analysis. Information Security Journal, 20 (3), 128–134. https://doi.org/10.1080/19393555.2010.551274

Somasekaram, P. (2017). A component-based business continuity and disaster recovery framework . Uppsala Universitet.

Tammineedi, R. L. (2010). Business continuity management: A standards-based approach. Information Security Journal: A Global Perspective, 19 (1), 36–50.

Torabi, S. A., Rezaei Soufi, H., & Sahebjamnia, N. (2014). A new framework for business impact analysis in business continuity management (with a case study). Safety Science, 68 , 309–323. https://doi.org/10.1016/j.ssci.2014.04.017

Young, R., & Jordan, E. (2008). Top management support: Mantra or necessity? International Journal of Project Management, 26 (7), 713–725.

Download references

Author information

Authors and affiliations.

School of Economics and Business, University of Sarajevo, Sarajevo, Bosnia and Herzegovina

Nijaz Bajgorić, Lejla Turulja & Amra Alagić

You can also search for this author in PubMed   Google Scholar

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Cite this chapter.

Bajgorić, N., Turulja, L., Alagić, A. (2022). Business Continuity Management, Disaster Recovery Planning: Compliance in Practice. In: Always-On Business. Progress in IS. Springer, Cham. https://doi.org/10.1007/978-3-030-93959-5_4

Download citation

DOI : https://doi.org/10.1007/978-3-030-93959-5_4

Published : 22 March 2022

Publisher Name : Springer, Cham

Print ISBN : 978-3-030-93958-8

Online ISBN : 978-3-030-93959-5

eBook Packages : Business and Management Business and Management (R0)

Share this chapter

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

  • Find a journal
  • Publish with us

To read this content please select one of the options below:

Please note you do not have access to teaching notes, views on business continuity and disaster recovery.

International Journal of Emergency Services

ISSN : 2047-0894

Article publication date: 25 May 2021

Issue publication date: 5 October 2021

There is a noticeable confusion in the literature between Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP). The two expressions are very often used interchangeably especially when it comes to their application. In this paper, the differences between business continuity and disaster recovery are discussed. The disaster management cycle is also addressed in order to highlight the importance of having plans before, during and after the occurrence of an incident.


A review of the extant literature on business continuity and disaster recovery was made. A number of different views were then presented in order to provide a better understanding of the two concepts and their potential overlap/connection. The literature review was conducted in 2020 using a variety of academic resources ranging from journal articles to text books and credible Internet websites. Relevant journal articles were obtained from two primary databases: Emerald Insight and EBSCOhost. Keywords, such as DRP, continuity, disruption and BCP, were mainly used to facilitate the search for these resources and other related material.

Reviewing the literature revealed that BCP and DRP are not the same. Yet, they are used interchangeably very often in the literature. This indicates a possible relationship/overlap between the two. The relationship between BCP and DRP can be viewed from a variety of perspectives, which altogether provide a better understanding of their purposes and application.

Practical implications

On top of the need to differentiate between business continuity and disaster recovery, the widespread impact of the current COVID-19 crisis, especially on businesses and supply chains, has unfolded the necessity to deal with business disruptions in all their forms and the significance of quick and effective recovery. This research clarifies the purpose of BCP and the purpose of DRP and their role in combating impacts of disruptive incidents on businesses and organizations.


BCP and DRP are discussed extensively in the literature. Yet, few studies attempted to address the precise functions of the two resulting in an obvious confusion between their meaning and purpose which subsequently reduced the uniqueness of their application and the uniqueness of the application of each. Only a small minority of practitioners and academics recognise the precise differences between the two. This study aims at clarifying this misconception to a wider set of readers and interested parties.

Sawalha, I.H. (2021), "Views on business continuity and disaster recovery", International Journal of Emergency Services , Vol. 10 No. 3, pp. 351-365. https://doi.org/10.1108/IJES-12-2020-0074

Emerald Publishing Limited

Copyright © 2021, Emerald Publishing Limited

Related articles

We’re listening — tell us what you think, something didn’t work….

Report bugs here

All feedback is valuable

Please share your general feedback

Join us on our journey

Platform update page.

Visit emeraldpublishing.com/platformupdate to discover the latest news and updates

Questions & More Information

Answers to the most commonly asked questions here

  • About Allianz
  • Alternative Risk Transfer
  • Natural Resources and Construction
  • Entertainment
  • Financial Lines
  • Agriculture, Fine Art, Motor & more
  • Multinational Insurance
  • Captive Insurance
  • Crisis Management
  • Risk Consulting
  • Culture at Allianz
  • Life at Allianz
  • Career development & benefits at Allianz
  • Open jobs at Allianz Commercial

disaster recovery planning and business continuity management are preventive controls

Business continuity: Managing disaster and disruption

The 1 minute dialogue.

  • Risk of business interruption can be physical, virtual, reputational and always financial – and should be well-planned for
  • A sound business continuity plan should be written and tested in a tabletop exercise to be effective
  • An ideal tabletop exercise should be prepared well in advance and designed to test location-specific vulnerabilities
  • The entire business continuity process should be driven by executive leaders fully committed to recovery management

The importance of planning – even if disaster never strikes

Whether due to weather or some other type of disaster, any occurrence that incapacitates a business will interrupt normal operations and impact the bottom line. Risk of business interruption (BI) can be physical, virtual, reputational or financial – and whatever the risk, it can and should be planned for.

A business continuity plan (BCP) isn’t just about writing one and putting it on the shelf; it’s about testing and tweaking it to make it truly effective when disaster strikes. that’s where business continuity management comes into play.

In the event of a disaster such as Hurricane Harvey, which has been called a “once-in-a-thousand-year” event due to unprecedented flooding, interruption of normal business activities would have been significant for any company.

“In the case of Harvey, it could take  six months or more to get back to normal levels for many businesses depending on how bad the flooding was at that location, how long it took to order replacement equipment and how long it took to restore the property itself to operational levels,” says Steven Kennedy, AGCS Regional Head of Property, Engineering and Energy Claims, North America.

disaster recovery planning and business continuity management are preventive controls

“It’s important to remember, in the case of extreme weather, that the premises could be unavailable to operations for a period from a few days to many months,” adds Jean-Philippe Monnez, Property Account Engineer, Allianz Risk Consulting (ARC), AGCS France . “A good BCP will enable the business to quickly implement measures after the disaster to restart production as quickly as possible and to limit BI losses.”

Interruptions due to weather can include structural damage to buildings, machinery and equipment damages, power outages, damage to infrastructure, injury to employees, and excessive wind or water damage.  “In the event of a hurricane or flood, these events are usually forecast in advance and preventive measures can be taken before the storm arrives,” says Lisbeth Ippolito, Senior Account Engineer, ARC, AGCS North America .

“There should be a windstorm/flood emergency plan to mitigate the exposures, in addition to a formal BCP,” she adds. The plan would include assigning roles and responsibilities to the response team, assembling emergency supplies in a safe location, planning for salvage and recovery operations and maintaining a list of key vendors, contractors and suppliers, and relocating equipment, stock, records and other valuable operational pieces to safe locations and sand-bagging doors and vulnerable building openings.

“A BCP focuses on critical and important functions within a predetermined time after a disaster,” says Thomas Varney, Regional Manager Americas, ARC, AGCS . It identifies the business recovery priorities and the acceptable recovery times established by senior management. Based on these priorities, a recovery plan for each functional area is developed, identifying critical operations and vulnerabilities that might impede recovery efforts.

Vulnerabilities could include the facility itself, unique equipment, bottlenecks, logistics, warehousing and inventory needs, manufacturing capabilities and capacities, purchasing restrictions, contractual obligations, supplier shortages, and IT system failure, among many other things, Varney adds. These would be spelled out in the overall BCP, which includes several individual plans governing different sub-areas within the organization.

“The BCP should be issued by a certified contractor with the support of onsite management and the buy-in of the business’ top management if it is to be effective”, says Monnez.

Regardless of the final plan that is drawn-up and agreed-to, a final table-top exercise preferably administered by an outside entity needs to be held to test it.

Whether or not the BCP is viable depends on if its mitigation measures are well thought-out and practiced. In the case of an extreme weather event, there are two scenarios which could be anticipated: on the one hand, the premises could be unavailable for routine operations, therefore interrupting business; or, on the other hand, employees and other human resources could be unavailable. Each scenario should be thoroughly studied in order to create applicable prevention measures should that scenario become real. The key to a good plan is scenario testing – usually best carried out by a robust table-top exercise.

The table-top exercise

An ideal table-top exercise, used to stress-test the BCP, can consist of anything from a roundtable discussion with key stakeholders – e.g. leadership, communications, IT, human resources, etc. – to a recovery planning exercise implementing a bar chart or other graphical illustration that helps plan, coordinate and timeline functional recovery tasks.

The most effective exercises are prepared well in advance and are designed to test location specific vulnerabilities. Assumptions are clearly defined and communicated to all participants before the exercise begins. Rules should be drawn up beforehand and agreed-to by all participants. In short, the test should be presented as a learning exercise that allows for problem-solving and team-building.

The disaster scenario usually is designed to be realistic and may be based on regional NatCat loss data for the area or historic industry losses. Each functional area will have a copy of their recovery tasks to review and update as the exercise proceeds.

“It’s important that the scenario is as believable as possible and is taken seriously,” says Ippolito. “Impactful photographs and detailed descriptions of the disaster are included in the scenario. The most successful exercises create a sense of discovery for the participants as they work through the recovery processes for their team.”

Table-top exercises can include any type of natural catastrophe loss, fire and explosion, a contractor’s negligence, an angry employee, a cyber-attack, injury or death of a key employee, loss of a critical supplier, or something as innocuous as a ruptured water pipe that floods a manufacturing facility.

“The objectives of the exercise are to validate the BCP’s viability by testing the recovery objectives and timelines, train the recovery team members and managers, demonstrate the ability of the site to recover, minimize decision-making during a disaster event, and update and improve the plan,” says Varney.

“A good exercise,” says Maarten van der Zwaag, Global Head of Property Risk Consulting, ARC, AGCS , “is defined by the third-party contractor who will issue the BCP in accordance to the customer’s wishes and is one that tests the highest exposure of the site, be it weather-related or tied to something like IT failure or unprepared suppliers.”

Disaster recovery or business continuity?

Disaster recovery is the process of getting all important IT infrastructure and operations up and running following the disruption 1 . In today’s business environment, nearly every functional area of the business relies at least in part on the IT infrastructure, data storage, analysis, applications and other vital components that fuel the operational processes of the business.

“This can be thought of as the emergency procedures to be implemented in the first 48 hours after the event and before the application of the full-fledged BCP,” says Monnez. “This is the simple answer, although there are lots of steps to an efficient disaster recovery, such as an emergency response plan, a disaster recovery plan, and so on.”

Business continuity, on the other hand, is the process of getting the entire business back to full operation after a crisis and involves retaining critical functionalities such as site management, human resources, engineering, facilities, production, finance, environmental, health and safety, quality assurance, supply chain, sales and marketing and other operational cogs of the business wheel 2 .

Managing from the top

The entire business continuity process should be driven by executive leaders who are committed to the notion of continuity management. In the end, recovery is a management exercise in which functional teams are led to revive the company and sustain the financial and operational bottom-line.

“Management has to recognize the potential financial and operational losses associated with a BI and the importance of having viable emergency response and business continuity strategies in place,” says Varney. “The business will not do it on its own.”

”The goal for the organization is to be able to recover and be resilient in light of increasing natural catastrophe risk, but it all begins and ends with buy-in from the top.”

10 individual team plans required within a good business continuity plan

  • Emergency action
  • Crisis management and communication plan
  • Hazardous materials plan
  • Production make-up and interdependencies analysis
  • Natural catastrophe response plan
  • Supply chain risk management plan
  • IT data recovery plan
  • Qualified vendors/outsourcing plan
  • Compliance and governmental regulations plan
  • Recovery and continuation plan

1. DISYS, The difference between disaster recovery and business continuity - and why IT matters for both, 2017

2. DISYS, The difference between disaster recovery and business continuity - and why IT matters for both, 2017

Download the Global Risk Dialogue

All the latest news, case studies and hot topics.

disaster recovery planning and business continuity management are preventive controls

Expert risk article

2023 Hurricane Season: The mid-year outlook

Halfway through the 2023 hurricane season, Allianz Commercial Catastrophe Risk Research Analyst Mabé Villar Vega assesses this year’s projections.

disaster recovery planning and business continuity management are preventive controls

Global I Press release

Allianz appoints Commercial leader for Asia

Christian Sandric will join Allianz Commercial as Commercial Managing Director for the Asia region with effect from September 1, 2023.

disaster recovery planning and business continuity management are preventive controls

New CFO for AGCS

Claire-Marie Coste-Lepoutre will hand over to Oskar Buchauer, currently Head of Allianz Group Actuarial, Planning and Controlling and Group Chief Actuary.

disaster recovery planning and business continuity management are preventive controls

Atlantic hurricane season outlook 2023

We review the 2022 hurricane season and preview 2023 based on our own forecasts and additional analysis from major international hurricane forecasting institutes.

disaster recovery planning and business continuity management are preventive controls

Decarbonization and sustainability

Decarbonization of shipping is now well underway, but the pace of these efforts is influenced by range of factors, including green tech, regulation and market forces.

disaster recovery planning and business continuity management are preventive controls

Inflation pushes up severity of hull and machinery losses

Supply chain disruption, labor and material costs and delays are driving up the cost of hull and machinery claims.

disaster recovery planning and business continuity management are preventive controls

Economic outlook on shipping industry

The decline in freight rates threatens future investments in safety and decarbonization and could impact maintenance levels and risk management budgets.

disaster recovery planning and business continuity management are preventive controls

Hull and cargo risks continue to rise

Fire safety and the problem of mis-declaration must be fixed if the industry is to benefit from the efficiencies of large container vessels.

disaster recovery planning and business continuity management are preventive controls

The ripple effects of conflict felt by shipping companies and insurers

Black Sea shipping risks remain heightened as the insurance industry faces unprecedented total loss scenarios from trapped vessels and cargo.

disaster recovery planning and business continuity management are preventive controls

Safety and Shipping Review

The annual report identifies loss trends and developments in shipping losses, risk challenges and safety.

disaster recovery planning and business continuity management are preventive controls

Global Risk Dialogue

We’re discussing the burning issues and emerging exposures in global risk management, designed to help you navigate through eventful times.

disaster recovery planning and business continuity management are preventive controls

7 trends in multinational insurance programs

From regulatory challenges, digitalization and ESG to a broadening customer footprint: What are the latest trends in global insurance?

disaster recovery planning and business continuity management are preventive controls

Global | Press release

Allianz Commercial appoints Global Head of Specialty

Allianz Commercial announces that Gordon Browne has been appointed Global Head of Specialty, reporting to Chief Underwriting Officer Shanil Williams.

disaster recovery planning and business continuity management are preventive controls

Strikes, riots and civil commotion outlook 2023

The new report by Allianz Commercial identifies five factors likely to power ongoing incidences of political violence activity around the world.

disaster recovery planning and business continuity management are preventive controls

In an unstable world, how and why are tensions likely to flare up, and what does this mean for business?

Follow Allianz Commercial


Save 20% on books and eBooks. No code required. Shop now.

Home > Articles > Other IT Certifications > CISSP

CISSP Exam Cram: Business Continuity and Disaster Recovery Planning

  • Jun 8, 2009

📄 Contents

  • Introduction
  • Threats to Business Operations

Disaster Recovery and Business Continuity Management

  • Disaster Life Cycle
  • Exam Prep Questions
  • Answers to Exam Prep Questions
  • Need to Know More?
  • ⎙ Print

This chapter is from the book

CISSP Exam Cram, 2nd Edition

This chapter is from the book 

There are many different approaches to BCP and DRP. Some companies address these processes separately, whereas others focus on a continuous process that interweaves the plans. The National Institute of Standards and Technology (NIST) ( http://www.csrc.nist.gov ) offers a good example of the contingency process in Special Publication 800-34: Continuity Planning Guide for Information Technology Systems ( http://tinyurl.com/yb3lcw ). In NIST SP 800-34, the BCP/DRP process is defined as

  • Develop the contingency planning policy statement.
  • Conduct the BIA (business impact analysis).
  • Identify preventive controls.
  • Develop recovery strategies.
  • Develop an IT contingency plan.
  • Test the plan, train employees, and hold exercises.
  • Maintain the plan.

Before we go further, let's define the terms disaster and business continuity. A disaster is any sudden, unplanned calamitous event that brings about great damage or loss. Entire communities have concerns following a disaster; however, businesses face special challenges because they have responsibilities to protect the lives and livelihoods of their employees, and to guard company assets on behalf of shareholders. In the business realm, a disaster can be seen as any event that prevents the continuance of critical business functions for a predetermined period of time. In other words, the estimated outage might force the declaration of a disaster.

Human safety always comes first and has priority over all other concerns.

Business continuity is the process of sustaining operation of critical systems. The goal of business continuity is to reduce or prevent outage time and optimize operations. The Business Continuity Institute ( http://www.thebci.org ), a professional body for business continuity management, defines business continuity management in the following terms:

  • Business Continuity Management is a holistic management process that identifies potential impacts that threaten an organization, provides a framework for building resilience, ensures an effective response, and safeguards the interests of its key stakeholders, reputation, brand, and value.

Although there are competing methodologies that can be used to complete the BCP/DRP process, this chapter will follow steps that most closely align with reference documentation recommended by ISC 2 . Figure 7.1 illustrates an overview of the process, the steps for which are as follows:

Figure 7.1

Figure 7.1 BCP/DRP process.

  • Project initiation
  • Business impact assessment
  • Recovery strategy
  • Plan design and development


  • Monitoring and maintenance

We will discuss each of these steps individually.

Project Management and Initiation

Before the BCP process can begin, it is essential to have the support of management. You might need to educate management about the need for a BCP. One way to accomplish this is to prepare and present a seminar for management that overviews the risk the organization faces, identifies basic threats, and documents the costs of potential outages. This is a good time to remind management that, ultimately, they are legally responsible. Customers, shareholders, stockholders, or anyone else could bring civil suits against senior management if they feel the company has not practiced due care. Without management support, you will not have funds to successfully complete the project, and resulting efforts will be marginally successful, if at all. Management is responsible for

  • Setting the budget
  • Determining the team leader
  • Starting the BCP process

Management must choose a team leader. This individual must have enough creditability with senior management to influence them in regard to BCP results and recommendations. After the team leader is appointed, an action plan can be established and the team can be assembled. Members of the team should include representatives from management, legal staff, recovery team leaders, information security department, various business units, networking, and physical security. It is important to include asset owners and the individuals that would be responsible for executing the plan.

Next, determine the scope. A properly defined scope is of tremendous help in maximizing the effectiveness of the BCP plan. Be sensitive to interoffice politics, which, if out of control, can derail the planning process. Another problem to avoid is project creep , which occurs when more and more items that were not part of original project plan are added to the plan. This can delay completion of the project or cause it to run over budget.

The BCP benefits from adherence to traditional project plan phases. Issues such as resources (personnel, financial), time schedules, budget estimates, and any critical success factors must be managed. Schedule an initial meeting to kick off the process.

Finally, the team is ready to get to work. The team can expect a host of duties and responsibilities:

  • Identifying regulatory and legal requirements that must be complied with
  • Identifying all possible threats and risks
  • Estimating the probability of these threats and correctly identifying their loss potential
  • Performing a BIA
  • Outlining the priority in which departments, systems, and processes must be up and running before any others
  • Developing the procedures and steps to resume business functions following a disaster
  • Assigning tasks to the employee roles, or individuals, that will complete those tasks during a crisis situation
  • Documenting plans, communicating plans to employees, and performing necessary training and drills

It's important for everyone on the team to realize that the BCP is the most important corrective control the organization will have, and to use the planning period as an opportunity to shape it. The BCP is more than just corrective controls; the BCP is also about preventive and detective controls. These three elements are described here:

  • Preventive —Including controls to identify critical assets and prevent outages
  • Detective —Including controls to alert the organization quickly in case of outages or problems
  • Corrective —Including controls to restore normal operations as quickly as possible

Business Impact Analysis

The next task is to create the BIA, the role of which is to measure the impact each type of disaster could have on critical business functions. The BIA is an important step in the process because it considers all threats and the implications of those threats. As an example, the city of Galveston, Texas is an island known to be prone to hurricanes. Although it might be winter in Galveston and the possibility of a hurricane is extremely low, it doesn't mean that planning can't take place to reduce the potential negative impact if and when a hurricane arrives. The steps for accomplishing this require trying to think through all possible disasters, assess the risk of those disasters, quantify the impact, determine the loss, and identify and prioritize operations that would require disaster recovery planning in the event of those disasters. The BIA is tasked with answering three vital questions:

  • What is most critical? —The prioritization must be developed to address what processes are most critical to the organization.
  • How long of an outage can the company endure? —The downtime estimation is performed to determine which processes must resume first, second, third, and so on, and to determine which systems must be kept up and running.
  • What resources are required? —Resource requirements must be identified and require correlation of system assets to business processes. As an example, a generator can provide backup power, but requires fuel to operate.

Criticality prioritization is something that companies do all the time. Consider the last time you phoned your favorite computer vendor to order new equipment. How long were you placed on hold? Most likely, your call was answered within a few minutes. Contrast that event with the last time you phoned the same company to speak to the help desk. How long was the wait? Most likely, the wait was much longer.

The development of multiple scenarios should provide a clear picture of what is needed to continue operations in the event of a disaster. The team creating the BIA will need to look at the organization from many different angles and use information from a variety of sources. Different tools can be used to help gather data. Strohl Systems BIA Professional and SunGard's Paragon software can automate portions of the data input and collection process. Although the CISSP exam will not require that you know the names of various tools, it is important to understand how the BIA process works, and it helps to know tools that are available.

Whether the BIA process is completed manually or with the assistance of tools, its completion will take some time. Anytime individuals are studying processes, techniques, and procedures they are not familiar with, a learning curve will be involved.

As you might be starting to realize, creation of a BIA is no easy task. It requires not only the knowledge of business processes but also a thorough understanding of the organization itself, including IT resources, individual business units, and the interrelationships of each. This task will require the support of senior management and the cooperation of IT personnel, business unit managers, and end users. The general steps within the BIA include

  • Determine data-gathering techniques
  • Gather business impact analysis data
  • Identify critical business functions and resources
  • Verify completeness of data
  • Establish recovery time for operations
  • Define recovery alternatives and costs

A vulnerability assessment is often included in a BIA. Although the assessment is somewhat similar to the risk-assessment process discussed in Chapter 10, "Information Security and Risk Management Practices," this assessment focuses on providing information specifically for the business continuity plan.

Assessing Potential Loss

There are different approaches to assessing potential loss. One of the most popular methods is the use of a questionnaire. This approach requires the development of a questionnaire distributed to senior management and end users. The objective of the questionnaire is to maximize the identification of real loss from the people completing business processes jeopardized by the disaster. This questionnaire might be distributed and independently completed or filled out during an interactive interview process. Figure 7.2 shows a sample questionnaire.

Figure 7.2

Figure 7.2 BIA questionnaire.

The questionnaire can also be completed in a round table setting. In fact, this sort of group completion can add synergy to the process, providing the dynamics of the group allow for open communication and the required key individuals can all schedule and meet to discuss what impact specific types of disruptions would have on the organization. The importance of the inclusion of all key individuals must be emphasized because management might not be aware of critical key tasks for which they do not have direct oversight.

A questionnaire is a qualitative technique for assessing risk. Qualitative assessments are scenario-driven and do not attempt to assign dollar values to anticipated loss. A qualitative assessment ranks the seriousness of an impact using grades or classes, such as low, medium, high, or critical. This sort of grading process enables quicker progress in the identification of risks, and provides a means of classifying processes that might not easily equate to a dollar value. As an example:

  • Low —Minor inconvenience that customers might not notice. Outages could last for up to 30 days without any real inconvenience.
  • Medium —Loss of service would impact the organization after a few days to a week. Longer outages could affect the company's bottom line or result in the loss of customers.
  • High —Only short term outages of a few minutes to hours could be endured. Longer outages would have a severe financial impact. Negative press might also reduce outlook for future products and services.
  • Critical —Outage of any significance cannot be endured. Systems and controls must be in place or be developed to ensure redundancy so that no outage occurs.

The BIA can also be undertaken using a quantitative approach. This method of analysis attempts to assign a monetary value to all assets, exposures, and processes identified during the risk assessment. These values are used to calculate the material impact of a potential disaster, including both loss of income and expenses. A quantitative approach requires

  • Estimation of potential losses and determination of single loss expectancy (SLE)
  • Completion of a threat frequency analysis and calculation of the annual rate of occurrence (ARO)
  • Determination of the annual loss expectancy (ALE)

The process of performing a quantitative assessment is covered in much more detail in Chapter 10. It is important that a quantitative study include all associated costs resulting from a disaster, such as

  • Lost productivity
  • Delayed or canceled orders
  • Cost of repair
  • The value of the damaged equipment or lost data
  • The cost of rental equipment
  • The cost of emergency services
  • The cost to replace equipment or reload data

Both quantitative and qualitative assessment techniques require the BIA team to examine how the loss of service or data would affect the company. Each method is seeking to reduce risk and plan for contingencies, as shown in Figure 7.3 .

Figure 7.3

Figure 7.3 Risk reduction process.

The severity of an outage is generally measured by considering the maximum tolerable downtime (MTD) for which the organization can survive without that function or service. Will there be a loss of revenue or operational capital or will the organization be held personally liable? Although the team might be focused on what the immediate effect on an outage would be, cost can be immediate or delayed. Many organizations are under regulatory requirements. The result of an outage could be a legal penalty or fine. The organization's reputation could even be tarnished.

MTD is a measurement of the longest time that an organization can survive without a specific business function.

Reputation Has Its Value

Although some organizations might focus solely on dollar amounts when working through a BIA, reputation also needs to be considered. A quote from Benjamin Franklin states, "It takes many good deeds to build a good reputation, and only one bad one to lose it." To illustrate this point, consider the following brand names and their business reputations:

  • Cisco —An industry leader of quality networking equipment.
  • Ruth's Chris Steak House —An upscale eatery known for serving high-quality steaks seared at 1800° Fahrenheit.
  • Rolls-Royce —Known for high quality automobiles.
  • Enron —A symbol of corporate fraud and corruption.
  • Yugo —A low quality car released in the United States in the mid 1980s.
  • ValuJet —A once fast growing airline until a deadly crash in the Florida Everglades in 1996 played a part in the company merger and name change to AirTran.

Perhaps your vision of the companies listed is different that what was documented. The intent of the listing is to demonstrate that well-known corporate names do generate visions when people hear and read them. Companies work hard for years to gain a level of respect and positive reputation. Catastrophes don't just happen. Most occur because of human error or as the result of a series of overlooked mistakes. Will a mistake be fatal to your organization? Reputations can be easily damaged. That is why disaster recovery is so important. The very future of your organization may rest on it.

Recovery Strategy

Recovery strategies are the predefined actions that management has approved in the event that normal operations are interrupted. To judge the best strategy to recover from a given interruption, the team must evaluate and complete:

  • Detailed documentation of all costs associated with each possible alternative
  • Quoted cost estimates for any outside services that might be needed
  • Written agreements with chosen vendors for all outside services
  • Possible resumption strategies in case there is a complete loss of the facility
  • Complete documentation of findings and conclusions as report to management of chosen recovery strategy for feedback and approval

This information is used to determine the best course of action based on the analysis of data from the BIA. With so much to consider, it is helpful to divide the organization's recovery into specific areas, functions, or categories:

  • Business process recovery
  • Facility and supply recovery
  • User recovery
  • Operations recovery
  • Data and information recovery

Business Process Recovery

Business processes can be interrupted due to the loss of personnel, critical equipment, supplies, or office space; or from uprisings, such as strikes. As an example, in 2005 after Katrina, New Orleans had a huge influx of workers in the city rebuilding homes, offices, and damaged buildings. Fast food restaurants were eager to meet the demand these workers had for burgers, fries, tacos, and fried chicken. However, there was insufficient low-cost housing for the fast food industry's employees. The resulting shortage forced fast food restaurants to pay bonuses of up to $6,000 to entice potential employees to the area. It is worth noting that even if the facility is intact after a disaster, people are still required and are an important part of the business process recovery.

Workflow diagrams and documents can assist business process recovery by mapping relationships between critical functions. Let's process an order for a widget to illustrate a sample flow:

  • Is the widget in stock?
  • Which warehouse has the widget?
  • When can the widget be shipped?
  • Confirm capability to fulfill order with customer and provide total.
  • Process credit card information.
  • Verify funds were deposited in the bank.
  • Ship item to customer.
  • Restock widget for subsequent sales.

A more detailed listing would be appropriate for industrial use, but you get the idea. Building these types of flowcharts allows organizations to examine what resources are required for each step and what functions are critical for continued business operations.

Facility and Supply Recovery

Facility and supply interruptions can be caused by fire, loss of inventory, transportation problems, telecommunications, or heating, ventilating, and air conditioning (HVAC) problems. It is too late to start discussions on alternative sites when a disaster is striking your facility. Redundant services enable rapid recovery from these interruptions. Many options are available, from a dedicated offsite facility, to agreements with other organizations for shared space, to the option of building a prefab building and leaving it empty as a type of cold backup site. The following sections examine some of these options.

Subscription Services

Organizations might opt to contract their facility needs to a subscription service. The CISSP exam considers hot, warm, and cold sites to be subscription services. Data-processing facilities are expensive. The organization might decide to dedicate the funds for a hot, warm, or cold site. A hot site facility is ready to be brought online quickly. A hot site is fully configured and is equipped with the same system as the production network. It can be made operational within just a few hours. A hot site will need staff, data files, and procedural documentation. Hot sites are a high-cost recovery option, but can be justified when a short recovery time is required. Because hot sites are typically a subscription service, a range of associated fees exist, including monthly cost, subscription fees, testing costs, and usage or activation fees. Contracts for hot sites need to be closely examined because some charge extremely high activation fees to prevent users from utilizing the facility for anything less than a true disaster. To get an idea of the types of costs involved, http://www.drj.com reports that subscriptions for hot sites average 52 months in length and costs can be as high as $120,000 per month. Compare this to cold sites, which can also be 5 to 6 years in length and can average anywhere between $500 to $2,000 per month.

Regardless of what fees are involved, the hot site needs to be periodically tested. Theses tests should evaluate processing abilities as well as security. The physical security of the hot site should be at the same level or greater than the primary site. Finally, it is important to remember that the hot site is intended for short term usage only. As a subscriber-based service, there might be others competing for the same resource. The organization should have a plan to recover primary services quickly or move to a secondary location.

Hot sites should not be externally identifiable as this will increase their risk of sabotage and other potential disruptions.

For those companies lacking the funds to spend on a hot site or in situations where a short term outage is acceptable, a warm site might be acceptable. A warm site has data equipment and cables, and is partially configured. It could be made operational anywhere from in a few hours to a few days. The assumption with a warm site is that computer equipment and software can be procured as required due to a disaster. Although the warm site might have some computer equipment installed, it is typically of lower processing power than the primary site. The costs associated with a warm site are similar to those of a hot site but slightly lower. The warm site is a popular subscription alternative.

In situations where even longer outages are acceptable, a cold site might be the right choice. A cold site is basically an empty room with only rudimentary electrical power and computing capability. Although it might have a raised floor and some racks, it is nowhere near ready for use. It might take several weeks to a month to get the site operational. Cold sites offer the least preparedness when compared to hot and warm subscription services discussed.

Cold sites are a good choice for the recovery of noncritical services.

Redundant Sites

The CISSP exam considers redundant sites to be sites owned by the company. Although these might be either partially or totally configured, the CISSP exam does not typically expect you to know that level of detail. A redundant site is capable of handling all operations if another site fails. Although there is an increased cost, it offers the company fault tolerance. If the redundant sites are geographically dispersed, the possibility of more than one being damaged is reduced. For low to medium priority services, a distance of 10 to 20 miles from the primary site is considered acceptable. If the loss of services, for even a very short time, could cost the organization millions of dollars, the redundant site should be farther away. Therefore, redundant sites that are to support highly critical services should not be in the same geographical region or subject to the same types of natural disasters as the primary site.

For organizations that have multiple sites dispersed in different regions of the world, multiple processing centers might be an option. Multiple processing centers allow a branch in one area to act as backup for a branch in another area. Table 7.1 shows some sample functions and their recovery times.

Table 7.1. Organization Functions and Example Recovery Times

Mobile sites.

Mobile sites are another processing alternative. Mobile sites are usually tractor-trailer rigs that have been converted into data-processing centers. These sites contain all the necessary equipment and are mobile, permitting transport to any business location quickly. Rigs can also be chained together to provide space for data processing and provide communication capabilities. Mobile units are a good choice for areas where no recovery facilities exist and are commonly used by the military, large insurance agencies, and others.

Mobile sites are a nonmainstream alternative to traditional recovery options. Mobile sites typically consist of fully contained tractor trailer rigs that come with all the facilities needed for a data center. Units can be quickly moved to any site necessary.

Whatever recovery method is chosen, regular testing is important to verify that the redundant site meets the organization's needs, and that the plan can handle the workload to meet minimum processing requirements.

Reciprocal Agreement

The reciprocal agreement option requires two organizations to pledge assistance to one another in case of disaster. The support requires sharing space, computer facilities, and technology resources. On paper, this appears to be a cost-effective approach, but it has its drawbacks. The parties to this agreement must place their trust in the other organization to provide aid in case of a disaster. However, a nonvictim might become hesitant to follow through when a disaster actually occurs. Also, confidentiality requires special consideration. This is because the damaged organization is placed in a vulnerable position while needing to trust the sponsoring party housing the victim's confidential information. Legal liability can also be a concern. One company agrees to help the other organization out when down and as a result it is hacked. Finally, if locations of the parties of the agreement have physical proximity, there is always the danger that disaster could strike both parties; thereby, rendering the agreement useless.

The biggest drawback to reciprocal agreements is that they are hard to enforce and that many times incompatibilities in company cultures, hardware, or other, are not discovered until after a disaster strikes.

User Recovery

User recovery is primarily about what employees must have to accomplish their jobs. Requirements include

  • Procedures, documents, and manuals
  • Communication system
  • Means of mobility and transportation
  • User workspace and equipment
  • Alternative site facilities

At issue here is the fact that a company might be able to get employees to a backup facility after a disaster, but if there are no phones, desks, or computers, the employees' ability to work will be severely limited.

User recovery can even include food. As an example, my brother-in-law works for a large chemical company on the Texas Gulf Coast. During storms, hurricanes, or other disasters, he is required to stay at work as part of the emergency operations team. His job is to stay at the facility regardless of time; the disaster might last two days or two weeks. During a simulation test several years ago, it was discovered that someone had forgotten to order food for the facility where the employees were to remain for the duration of the drill. Luckily, the 40 or so hungry employees were not really in a disaster, and were able to order pizza and have it delivered. Had it been a real disaster, no takeout would have been available.

Operations Recovery

Operations recovery addresses interruptions caused by the loss of capability due to equipment failure. Redundancy solves this potential loss of availability, such as redundant equipment, Redundant Array of Inexpensive Disks (RAID), backup power supplies (BPS), and other redundant services.

Hardware failures are one of the most common disruptions that can occur. Preventing the disruptions is critical to operations. The best place to start planning redundancy is when equipment is purchased. At purchase time, there are two important numbers that the buyer must investigate:

  • Mean time between failure (MTBF) —Used to calculate the expected lifetime of a device. A higher MTBF means the equipment should last longer.
  • Mean time to repair (MTTR) —Used to estimate how long it would take to repair the equipment and get it back into production. Lower MTTR numbers mean the equipment requires less repair time and can be returned to service sooner.

A formula for calculating availability is

MTBF / (MTBF+ MTTR) = Availability

To maximize availability of critical equipment, an organization can consider obtaining a service level agreement (SLA) . There are all kinds of SLAs. In this situation the SLA is a contract between a company and a hardware vendor, in which the vendor promises to provide a certain level of protection and support. For a fee, the vendor agrees to repair or replace the covered equipment within the contracted time.

Fault tolerance can be used at the server or drive level. For servers, there is clustering , which is technology that allows you to group several servers together, where those servers are viewed logically as a single server. Users see the cluster as one unit. The advantage is that if one server in the cluster fails, the remaining active servers pick up the load and continue operation.

Fault tolerance on the drive level is achieved primarily with RAID, which provides hardware fault tolerance and/or performance improvements. This is achieved by breaking up the data and writing it to multiple disks. To applications and other devices, RAID appears as a single drive. Most RAID systems have hot-swappable disks. This means that faulty drives can be removed and replaced without restoring the entire computer system. If the RAID system uses parity and is fault tolerant, the parity data can be used to reconstruct the newly replaced drive. The technique for writing the data across multiple drives is called striping . Although write performance remains almost constant, read performance is drastically increased. RAID has humble beginnings that date back to the 1980s at the University of California. RAID is discussed in depth in Chapter 11, "Operations Security."

Although operations can be disrupted because of the failure of equipment, the loss of communications can also disrupt critical processes. Protecting communication with fault tolerance can be achieved through redundant WAN links, diverse routing, and alternate routing. Whatever method is chosen, the organization should verify capacity requirements and acceptable outage times. The primary methods for network protection include the following:

  • Diverse routing —This is the practice of routing traffic through different cable facilities. Organizations can obtain both diverse routing and alternate routing, but the cost is not cheap. Most of these systems use buried facilities. These systems usually enter a facility through the basement and can sometimes share space with other mechanical equipment. Recognize that this sharing adds to the risk of potential failure. Also, many cities have aging infrastructures, which is another potential point of failure.
  • Alternate routing —Redundant routing provides use of another transmission line if the regular line is busy or unavailable. This can include using a dialup connection in place of a dedicated connection, cell phone instead of a land line, or microwave communication in place of a fiber connection.
  • Last mile protection —This is a good choice for recovery facilities; it provides a second local loop connection, and is even more redundantly capable if an alternative carrier is used.
  • Voice communication recovery —Many organizations are highly dependent on voice communications. Others have started making the switch to Voice over IP (VoIP) for both voice and fax communication because of the cost savings. Some number of land lines should always be maintained to provide backup capability.

Networks are susceptible to the same types of outages as equipment. If operational recovery concerns are not addressed, these outages can be a real problem for companies that rely heavily on networks to deliver data when needed.

Free Space Optics (FSO) is an emerging technology that can be used to obtain high bandwidth, short haul, redundant links. FSO uses LED and/or laser light to transmit data between two points and is inexpensive, easy to install, and works great on campus WANs (see http://en.wikipedia.org/wiki/Free_Space_Optics ).

Data and Information Recovery

The focus here is on recovering the data. Solutions to data interruptions include backups, offsite storage, and/or remote journaling. Because data processing is essential to most organizations, the data and information recovery plan is critical. The objective of the plan is to back up critical software and data that permits quick restores with minimum loss of content. Policy should dictate when backups are performed, where the media is stored, who has access to the media, and what the reuse or rotation policy will be. Types of backup media include tape reels, tape cartridges, removable hard drives, disks, and cassettes.

Tape and optical systems still have the majority of market share for backup systems. Common types of media include

  • CDR/W media (recommended for temporary storage only)
  • Digital Audio Tape (DAT)
  • Digital Linear Tape (DLT)
  • Quarter Inch Tape (QIC)
  • Write Once Read Many (WORM)

Another technology worth mentioning is MAID (Massive Array of Inactive Disk). MAID offers a distributed hardware storage option for the storage for data and applications. It was designed to reduce the operational costs and improve long-term reliability of disk-based archives and backups. MAID is similar to RAID except it provides power management and advanced disk monitoring. MAID might or might not stripe data and/or supply redundancy. The MAID system powers down inactive drives, reduces heat output, electrical consumption, and increases the drive's life expectancy.

In addition to defining the media type, the organization must determine how often backups should be performed and what type of backup should be performed. Answers will vary depending on the cost of the media, the speed of the restoration needed, and the time allocated for backups. Backup methods include

  • Full backup —During a full backup, all data is backed up. No data files are skipped or bypassed. All items are copied to one tape, set of tapes, or backup media. If a restoration is required, only one tape or set of tapes is needed. Full backups take the most time to create, and the most space for storage media, but they also take the least time for restoration. A full backup resets the archive bit on all files.
  • Differential backup —A differential backup is a partial backup performed in conjunction with a full backup. Typically, a full backup is done once a week, and a daily differential backup is done periodically thereafter to back up only those files that have changed since the last full backup. Any restoration requires the last full backup and the most recent differential backup. This method takes less time than a full backup per each backup, but increases the restoration time because both the full and differential backups will be needed. A differential backup does not reset the archive bit on files.
  • Incremental backup —An incremental backup is faster yet to perform. It backs up only those files that have been modified since the previous incremental (or full) backup. Although fast to create, incremental backups require the most backup media and take the longest to recover from. A restoration requires the last full backup and all incremental backups since the last full backup. An incremental backup resets the archive bit on files.
  • Continuous backup —Some backup applications perform continuous backups , and keep a database of backup information. These systems are useful when a restoration is needed because the application can provide a full restore, point-in-time restore, or restore based on a selected list of files.

Test questions regarding different backup types can be quite tricky. Make sure you clearly know the difference before the exam.

Backup and Restoration

Backups need to be stored somewhere, and backups are needed quickly when it's time to restore. Where the backup media is stored can have a real impact on how quickly data can be restored and brought back online. The media should be stored in more than one physical location so that the possibility of loss is reduced. These remote sites should be managed by a tape librarian. It is this individual's job to maintain the site, control access, rotate media, and protect this valuable asset. Unauthorized access to the media is a huge risk because it could impact the organization's capability to provide uninterrupted service. Transportation to and from the remote site is also an important concern. Important backup and restoration considerations include

  • Maintenance of secure transportation to and from the site
  • Use of bonded delivery vehicles
  • Appropriate handling, loading, and unloading of backup media
  • Use of drivers trained on proper procedures to pick up, handle, and deliver backup media
  • Legal obligations for data such as encrypted media, and separation of sensitive data sets such as credit card numbers and CVCs
  • 24/7 access to the backup facility in case of an emergency

It is recommended that companies contract their offsite storage needs with a known firm that demonstrates control of their facility and is responsible for its maintenance. Physical and environmental controls at offsite storage locations should be equal to or better than the organization's own facility. A letter of agreement should specify who has access to the media and who is authorized to drop off or pick up media. There should also be agreement on response times that will be met in times of disaster. Onsite storage should maintain copies of recent backups to ensure the capability to recover critical files quickly.

Backup media should be securely maintained in an environmentally controlled facility with physical control appropriate for critical assets. The area should be fireproof, and anyone depositing or removing media should have a record of their access logged.

Software itself can be vulnerable, even when good backup policies are followed, because sometimes software vendors go out of business or no longer support needed applications. In these instances, escrow agreements can help.

Escrow agreements are one possible software-protection mechanism. Escrow agreements allow an organization to obtain access to the source code of business-critical software if the software vendor goes bankrupt or otherwise fails to perform as required.

Tape-Rotation Strategies

Although most backup media is rather robust, no backup media can last forever; it will fail over time. This means that tape rotation is another important part of backup and restoration. Additionally, backup media needs to be periodically tested. Backups will be of little use if you find out during a disaster that they have malfunctioned and no longer work.

Tape-rotation strategies can range from simple to complex.

  • Simple —A simple tape-rotation scheme uses one tape for every day of the week and then repeats the pattern the following week. One tape can be for Monday, one for Tuesday, and so on. You add a set of new tapes each month and then archive the previous month's set. After a predetermined number of months, you put the oldest tapes back into use.
  • Grandfather-father-son (GFS) —This scheme includes four tapes for weekly backups, one tape for monthly backups, and four tapes for daily backups (assuming you are using a five-day work week). It is called grandfather-father-son because the scheme establishes a kind of hierarchy. Grandfathers are the one monthly backup, fathers are the four weekly backups, and sons are the four daily backups.
  • Tower of Hanoi —This tape-rotation scheme is named after a mathematical puzzle. It involves using five sets of tapes, each set labeled A through E. Set A is used every other day; set B is used on the first non-A backup day and is used every 4th day; set C is used on the first non-A or non-B backup day and is used every 8th day; set D is used on the first non-A, non-B, or non-C day and is used every 16th day; and set E alternates with set D.

Other Data Backup Methods

Other alternatives that exist for further enhancing a company's resiliency and redundancy are listed in the following list. Some organizations use these techniques by themselves; others combine these techniques with other backup methods.

  • Database shadowing —Databases are a high-value asset for most organizations. File-based incremental backups can read only entire database tables and are considered too slow. A database shadowing system uses two physical disks to write the data to. It creates good redundancy by duplicating the database sets to mirrored servers. Therefore, this is an excellent way to provide fault tolerance and redundancy. Shadowing mirrors changes to the database as they occur.
  • Electronic vaulting —Electronic vaulting makes a copy of database changes to a secure backup location. This is a batch-process operation copying all current records, transactions, and/or files to the offsite location. To implement vaulting, an organization typically loads a software agent onto the systems to be backed up, and then, periodically, the vaulting service access the software agent on these systems to copy changed data.
  • Remote journaling —Remote journaling is similar to electronic vaulting, except that information is duplicated to the remote site as it is committed on the primary system. By performing live data transfers, this mechanism allows alternative sites to be fully synchronized and fault tolerant at all times. Depending on configuration, it is possible to configure remote journaling to record only the occurrence of transactions and not the actual content of the transactions. Remote journaling can provide a very high level of redundancy.
  • Storage area network (SAN) —An alternative to tape backup, a SAN supports disk mirroring, backup and restore, archiving, and retrieval of archived data in addition to data migration from one storage device to another. A SAN can be implemented locally or use storage at a redundant facility.

Choosing the Right Backup Method

It is not easy to choose the right backup method. To start the process, the team must consider how long of an outage the organization can endure and how current the restored information must be. These two recovery requirements are technically called

  • Recovery point objective (RPO) —Defines how current the data must be or how much data an organization can afford to lose. The greater the RPO, the more tolerant the process is to interruption.
  • Recovery time objective (RTO) —Specifies the maximum elapsed time required to recover an application at an alternative site. The greater the RTO, the longer the process can take to be restored and the more tolerant the organization is to interruption. Figure 7.4 illustrates the RTO can be used to determine acceptable downtime.

Figure 7.4

Figure 7.4 RPO and RTO.

What you should realize about both RPO and RTO is that the lower the time requirements are, the higher the maintenance cost will be to provide for reduced restoration capabilities. For example, most banks have a very small RPO because they cannot afford to lose any processed information.

Plan Design and Development

The BCP process is now ready for its next phase—plan design and development. In this phase, the team designs and develops a detailed plan for the recovery of critical business systems. The plan should be directed toward major catastrophes. Worst case scenarios are planned for because, by definition, the entire facility has been destroyed. If the organization can handle these types of events, less severe events such as disasters, which render the facility unusable only for a time, can be easily dealt with. The plan should be a guide for implementation. The plan should include information on both long-term and short-term goals and objectives:

  • Identify critical functions and priorities for restoration.
  • Identify support systems needed by critical functions.
  • Estimate potential outages and calculate the minimum resources needed to recover from the catastrophe.
  • Select recovery strategies and determine what vital personnel, systems, and equipment will be needed to accomplish the recovery.
  • Determine who will manage the restoration and testing process.
  • Calculate what type of funding and fiscal management is needed to accomplish these goals.

The plan should also detail how the organization will contact and mobilize employees, provide for ongoing communication between employees, interface with external groups, the media, and provide employee services. Each of these items is discussed next.

Personnel Mobilization

The process for contacting employees in case of an emergency needs to be worked out before a disaster. The process chosen depends on the nature and frequency of the emergency. Call trees and outbound dialing systems are widely used. An outbound dialing system stores the numbers to be called in an emergency. These systems can provide various services such as

  • Call rollover —If one number gets no response, the next is called.
  • Leave a recorded message —If an answering machine answers, a message can be left for the individual.
  • Request a call back —Even if a message is left, the system will continue to call back until the user calls in to the predefined phone number.

A call tree is a communication system in which the person in charge of the tree calls a lead person on every branch, who in turn calls all the leaves on that branch. If call trees are used, the team will want to verify that there is a feedback mechanism built in. As an example, the last person on any branch of the tree calls and confirms that he /she got the message. This can help ensure that everyone has been contacted. Call trees can be automated with VoIP and public switched telephone networks (PSTNs) and online services. Personnel mobilization can also be triggered by emails to PDAs, BlackBerrys, and so on. Such systems require the email server to be functioning.

Interface with External Groups

Deciding how to interface with external groups is another important aspect of business continuity. Damaging rumors can easily start and it is important to have protocols in place for dealing with these incidents, accidents, and catastrophes. The organization must decide how to deal with response teams, the fire department, the police department, ambulance, and other emergency response personnel.

Someone should be identified to deal with the media. Negative public opinion can be costly. It is important to have a properly trained spokesperson to speak and represent the organization. The media spokesperson must be in the communication path to have the facts before speaking or meeting with the press. The appointed spokesperson should interface with senior management and legal counsel prior to making any public statement. Meeting with the media during a crisis is not something that should be done without preparation.

The corporate plan should include generic communiqués that address each possible incident. The spokesperson will also need to know how to handle tough questions. Liability should never be assumed; the spokesperson should simply state that an investigation has begun. Tackling these tough issues up front will allow the company to have a preapproved framework to work with should a real disaster occur.

Employee Services

Companies have an inherent responsibility to employees and to their families. This means that paychecks must continue and that employees need to be taken care of. Employees must be trained on what to do in case of emergencies and on what they can expect from the company. Insurance and other necessary services must continue.

The number one priority of any BCP or DRP plan is to protect the safety of employees.

During a disaster, employees must know what is expected of them and who is in charge. Someone must have the authority to allocate emergency funding as needed. As an example, after Hurricane Katrina, the U.S. Congress passed 48 C.F.R. § 13.201(b) (2005), which increased the limit on FEMA-issued credit cards to $250,000. The idea was to allow government employees to acquire needed items quickly and without delay. Although funding is important, controls must also be in place to ensure that funds are not misappropriated.

Insurance is one option that companies can consider to remove a portion of the risk the team has uncovered during the BIA. Just as protection insurance can be purchased by individuals for a host of reasons, companies can purchase protection insurance for each of the following items:

  • Data centers
  • Hacker insurance
  • Software recovery
  • Business interruption
  • Documents, records, and important papers
  • Errors and omissions
  • Media transportation

Insurance is not without its drawbacks, such as high premiums, delayed claim payout, denied claims, and problems proving real financial loss. Also, most insurance policies pay for only a percentage of any actual loss and do not pay for lost income, increased operating expenses, or consequential loss.

The BCP team is now nearing the end of the plan's development process, and is ready to submit a completed plan for implementation. The plan is the result of all information gathered during the project initiation, the BIA, and the recovery strategies phase. A final checklist for completeness ensures the plan addresses all relevant factors, such as

  • Calculates what type of funding and fiscal management is needed to accomplish the stated goals
  • Determines the procedures for declaring a disaster and under what circumstances this will occur
  • Evaluates potential disasters and calculates the minimum resources needed to recover from the catastrophe
  • Determines critical functions and priorities for restoration
  • Identifies what recovery strategy and equipment will be needed to accomplish the recovery
  • Identifies individuals that are responsible for each function in the plan
  • Determines who will manage the restoration and testing process

The completed plan should be presented to senior management for approval. References for the plan should be cited in all related documents so that the plan is maintained and updated whenever there is a change or update to the infrastructure. When management approves the plan, it must be released and disseminated to employees. Awareness training will help make sure that everyone understands what their tasks and responsibilities are when an emergency occurs.

Awareness and Training

The goal of awareness and training is to make sure all employees know what to do in case of an emergency. If employees are untrained, they might simply stop what they're doing and run for the door anytime there's an emergency. Even worse, they might not leave when an alarm has sounded, even though the plan required they leave because of possible danger. Instructions should be written in easy to understand language that uses common terminology that everyone will understand. The organization should design and develop training programs to make sure each employee knows what to do and how to do it. Employees assigned to specific tasks should be trained to carry out needed procedures. If possible, plan for cross-training of teams so that those team members are familiar with a variety of recovery roles and responsibilities.

Although some companies might feel that the BCP development job is done once the plan is complete, it is important to remember that no demonstrated recovery exists until the plan has been tested.

This final phase of the process is to test and maintain the BCP. Training and awareness programs are also developed during this phase. The test of the disaster-recovery plan is critical. Without performing a test, there is no way to know whether the plan will work. Testing transforms theoretical plans into reality. Testing should be repeated at least once a year. Tests should start with easiest parts of the plan and then build to more complex items. The initial tests should focus on items that support core processing, and they should be scheduled during a time that causes minimal disruption to normal business operations. As a CISSP candidate, you should be aware of the five different types of BCP tests:

  • Checklist —Although this is not considered a replacement for a live test, a checklist is a good first test. A checklist test is performed by sending copies of the plan to different department managers and business unit managers for review. Each recipient reviews the plan to make sure nothing was overlooked.

The primary advantage of the structured walkthrough is to discover discrepancies between different departments.

  • Simulation —This is an actual simulation of a real disaster. This drill involves members of the response team acting in the same way they would if there had been an actual emergency. This test proceeds to the point of recovery or to relocation of the alternative site. The primary purpose of this test is to verify that members of the response team can perform the required duties with only the tools they would have available in a real disaster.
  • Parallel —A parallel test is similar to a structured walkthrough but actually invokes operations at the alternative site. Operations at the new and old sites are run in parallel.
  • Full interruption —This plan is the most detailed, time-consuming, and thorough. A full interruption test mimics a real disaster, and all steps are performed to complete backup operations. It includes all the individuals who would be involved in a real emergency; both internal and external to the organization. Although a full interruption test is the most thorough, it is also the scariest because it can create its own disaster.

The CISSP exam will require you to know the differences of each test type. You should also note the advantages and disadvantages of each.

The final step of the BCP process is to combine all this information into the BCP plan and inter-reference it with the organization's other emergency plans. Although the organization will want to keep a copy of the plan onsite, there should be another copy offsite. If a disaster occurs, rapid access to the plan will be critical.

Access to the plan should be restricted so that only those with a need to know can access the entire plan.

Monitoring and Maintenance

When the testing process is complete, a few additional items still need to be considered. This is important because some might falsely believe that the plan is completed once tested. That's not true. All the hard work that has gone into developing the plan can be lost if controls are not put into place to maintain the current level of business continuity and disaster recovery. Life is not static and neither should the organization's BCP plans be. The BCP should be a living document, subject to constant change.

To ensure the plan is maintained, first build in responsibility for the plan. This can be done by

  • Job descriptions —Individuals responsible for the plan should have this responsibility detailed in their job description. Management should work with HR to have this information added to the appropriate documents.
  • Performance reviews —The accomplishment (or lack of accomplishment) of appropriate plan maintenance tasks should be discussed in the responsible individual's annual or biannual evaluations.
  • Audits —The audit team should review the plan and make sure that it is current and appropriate. The audit team will also want to inspect the offsite storage facility and review its security, policies, and configuration.

Also, disaster recovery implications for monitoring, maintaining, and recovery should be made a part of any discussions for procuring new equipment, modifying current equipment, or for making changes to the infrastructure. The best method to accomplish this is to add BCP review into all change management procedures. If changes are required to the approved plans, they must also be documented and structured using change management. A centralized command and control structure eases this burden. Table 7.2 lists the individuals responsible for specific parts of the BCP process are listed in.

Table 7.2. BCP Process Responsibilities

Senior management is ultimately responsible for the BCP. This includes funding, project initiation, overall approval, and support.

  • 🔖 Save To Your Account

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply www.informit.com/u.aspx , enter your email address in the field supplied, and click the Submit button. On the resulting page, check the box of the particular item(s) you would no longer like to receive, and click the Unsubscribe button-->email [email protected] .

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form .

Other Collection and Use of Information

Application and system logs.

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

This site is not directed to children under the age of 13.

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page . If a user no longer desires our service and desires to delete his or her account, please contact us at [email protected] and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx .

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to [email protected] .

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020

Pearson Certification

  •  View Your Cart
  • 👤 Sign In
  • CISSP/Cybersecurity
  • Oracle/Java
  • Project Management
  • Exam Vouchers
  • Practice Tests
  • Video Courses
  • Learning Options
  • Deals & Promotions
  • Affiliate Program
  • Chapters & Articles
  • Special Offers & Newsletter
  • Customer Service & Order Help
  • Ordering Info
  • Tech Support & Product Help
  • Legal Notice
  • Ordering Information
  • Privacy Notice
  • Do Not Sell My Personal Information
  • User Groups
  • Write For Us

© 2023 Pearson Education, Pearson IT Certification . All rights reserved.

221 River Street , Hoboken , NJ 07030



  • Desktop Pop-up Alert
  • Desktop Scrolling Ticker
  • One-click Alert
  • Login Screen Alert
  • Corporate Screensaver
  • Corporate Wallpaper
  • Corporate Lockscreen
  • SMS notification
  • Emergency alert


  • Digital signage
  • Email notification
  • Extended reports
  • RSVP invitation
  • Video alert
  • Skin editor
  • Mobile Client app
  • Technical Support
  • Professional services
  • Annual maintenance

By industry

  • Engineering
  • Hospitality
  • Manufacturing
  • Oil and gas

By challenge

  • Change Management
  • Email overload
  • Employee Engagement
  • Emergency Communications
  • Remote communications
  • Compliance Communications
  • Crisis Communications
  • HR communications

Product overview

  • Product Overview
  • System requirements
  • Knowledge base
  • Documentation

System integration

  • AD integration
  • SSO integration
  • API integration
  • Automated incident notifications
  • MS Teams integration
  • Case studies
  • Become a partner
  • Our Partners

Disaster Recovery vs Business Continuity: 5 Top Differences

Caroline Duncan : Jan 19, 2023 12:30:00 PM

business continuity vs disaster recovery

Table of contents

What is business continuity?

What is disaster recovery, 5 differences between disaster recovery and business continuity.

Business continuity plan vs disaster recovery plan: do you need both?

What to include in a business continuity plan

What to include in a disaster recovery plan, the risks of not having business continuity and disaster recovery plans, why communication is critical in disaster situations.

The term business continuity is used to describe a business's process to remain operational during and after a disaster. This includes contingency planning for how a company will operate, who will carry out particular roles, where the business will operate from, and what effects this will have on normal business operations.

hbspt.cta._relativeUrls=true;hbspt.cta.load(2607633, '5069c8e2-ab41-4c12-be05-2c66b3d0562d', {"useNewLoader":"true","region":"na1"});

Disaster recovery is a term that describes the plans a company puts into place that it will use to respond to a disaster or other critical event. This can include natural disasters, fire, data loss, cyber-attacks, terrorism, accidents, active shooters and other incidents that have the ability to hamper the business’ operations. Disaster recovery plans help to guide the organization in its response to the incident or event and provide guidance on returning to usual operations safely.

Download 9 IT outage messages

IT outage messages

What is the difference between business continuity and disaster recovery? There are some similarities between the two planning processes: they empower a business with proactive strategies to help it prepare for a catastrophic event. However, there are several differences that organizations should be aware of when it comes to business continuity vs disaster recovery:

  • Essentially, business continuity is a focus on keeping the business operational while a disaster unfolds and in its immediate aftermath. On the other hand, disaster recovery32 is a focus on restoring processes, systems and IT infrastructure and data following a critical event.
  • Disaster recovery plans often involve scenario planning and conducting preparedness drills and other exercises long before there is an actual incident.
  • The delivery of a business continuity plan is at a different time from a disaster recovery plan.
  • They have different goals: business continuity plans are concerned with limiting downtime, while disaster recovery plans are concerned with ensuring the company doesn’t suffer from inefficient systems functions.
  • Business continuity is concerned with functioning in some capacity, albeit possibly reduced. Disaster recovery is concerned with getting back to normal business functions.
Real-life example of business continuity: Back in 2013, lightning struck the office building of a South Carolina based IT company that hosted servers for 200 clients. The company’s infrastructure was badly affected: cables were melted, computer hardware was burnt, equipment was destroyed and the office couldn’t be used at all.   The company had already implemented business continuity plans five years earlier that included relocating its client servers to a remote data server where continual backups were kept. Clients didn’t experience any issues, and employees had to relocate to temporary office premises for a period of time.

Business continuity vs disaster recovery plans: do you need both?

In order to ensure business continuity or disaster recovery, it is essential to have formal plans in place.

While it is possible to have just one or the other, businesses really should have both disaster recovery plans (DRP) and business continuity plans (BCP) in place to successfully navigate and recover from a disaster. While they are different, they do have some overlap and work well together to help minimize disruption and losses.

disaster recovery and business continuity-min

When developing a business continuity plan for your organization, you need to consider the following:

  • Create a list of all the critical business functions in your organization
  • Create a business impact analysis
  • Develop a range of different crises scenarios and consider how they could interrupt your business operations
  • Develop strategies to mitigate any vulnerabilities you have identified to maintain functionality in a disaster.
  • Identify employees who will have key roles in implementing business continuity processes.
  • Provide training to relevant employees
  • Review and evaluate your business continuity plan regularly.

The disaster recovery plan has some similar requirements and features to the business continuity plan. When developing one, you need to consider the following:

  • Identify people in your organization who should form a disaster recovery team.
  • Identify the critical processes and functions that could be affected by a disaster.
  • Identify potential disaster risks and consider how they could affect your business operations.
  • Design disaster recovery strategies and processes.
  • Devise back-up plans and procedures.
  • Ensure your employees are trained.
  • Test and maintain your plan on a regular basis.

Failing to be prepared for a critical situation or a disaster can have significant consequences for a business if it is caught out without appropriate plans.

This can include:

  • The inability for the business to function following a crisis
  • Reduction in productivity following a crisis
  • Financial losses
  • Reputational damage
  • Potential legal consequences, particularly if failure to plan and protect data results in regulatory violations
  • Death or injury to employees, customers, the public etc.
  • Complete data loss.

10 free emergency messages

Download 10 emergency messages

When your organization faces a crisis, it is important that your keep employees informed from the outset.

You must send regular, relevant, concise and factual information to employees, letting them know what is happening and providing them with any instructions to follow if necessary. As the situation changes, you should keep updating your staff.

Failure to inform your employees can cause false information and rumors to take hold. This can lead to mistrust, mistakes and can even worsen the situation.

If you need to reach all your employees quickly, using IT alerting software or an emergency alert system is one of the most successful methods of doing so.

DeskAlerts combines both functions. It will enable you to send messages quickly to thousands of employees at once in a way that can’t be ignored. You can reach employees no matter where they are working: in the office, on the road, in a non-desk role or at home, all over the world. The system uses a variety of communications channels, including pop-up alerts , desktop tickers , digital signage and push notifications on mobile phones to ensure your messages get through.

We’ve prepared some examples to help you get started using DeskAlerts pop-up alerts:

Example of a business continuity message that can be tailored to suit your company:.

Important information for all staff.   There has been a [type of incident] that is affecting our operations at [location]. As a result the following services/activities are unavailable and/or have been significantly affected [list these here].   We are enacting our business continuity plan so that we can continue to operate, although in a reduced capacity. Our website, social media channels and call centers have been updated to keep our customers and the community informed about the situation. We expect that the situation will last for [time frame] and are doing everything possible to get back up and running as normal. We will keep you updated as the situation unfolds.   Staff who have been affected should [list what is required of them during this time]   Your patience and cooperation at this difficult time is appreciated.   [CEO name]

Example of a disaster recovery message that can be tailored to suit your company:

Important information for all staff.   As a result of [describe incident] our systems have been severely impacted. This is affecting [company name’s] ability to carry out business. We have now enacted our disaster recovery plan and we have a dedicated team working on resolving the issue and restoring our systems and data.   This issue is expected to take up to [estimated time frame] to be resolved. In the meantime, staff can [list what tasks or work you may have employees do in the interim]. Further information will be communicated as the situation unfolds.   Staff are reminded to maintain confidentiality about this situation and not to post on social media or talk to the press. Customers with questions can be referred to our call center who will have the most up to date information and will prevent misinformation or old information from being circulated.   Your patience and cooperation at this challenging time is appreciated.   [CEO name}

Any business can find itself mired in a disaster when it least expects it. Having robust contingency plans in place will help to ensure that the business comes out the other side still able to operate.

What are disaster recovery and business continuity plans?

A disaster recovery plan is designed to save and recover data and other business processes in the event of a critical incident. A business continuity plan is designed to keep a business functioning in some capacity when it finds itself involved in a critical incident.

How is business continuity planning different from disaster recovery planning?

Business continuity plans are concerned with establishing how business operations will function in the event of abnormal circumstances as a result of an emergency or disaster. A disaster recovery plan is concerned with how applications and systems will be reinstated and returned to normal operation.

What is the difference between BCM and DR?

BCM – business continuity management – is an organization’s ability to keep delivering its products and services during a disaster. DR – disaster recovery – is generally about technology and refers to how an organization recovers from an incident.

What is BCP in disaster recovery?

In the disaster recovery process, a BCP is a business continuity plan that describes the way a company may mitigate loss of business and define the requirements to continue operations in a disaster situation.

What comes first, disaster recovery or business continuity?

Business continuity planning and disaster recovery involves following a process. A company should have business continuity planning as the foundation of its disaster planning – therefore it needs to happen before disaster recovery planning.

Is business continuity a new name for disaster recovery?

Business continuity is different from disaster recovery. It is focussed on keeping a business functioning in some capacity after a critical incident.

What is the difference between DRP and BCP in cyber security?

There are some differences in disaster recovery versus business continuity. Business continuity planning involves strategic long-term plans for a business’s uninterrupted operations in the event of a threat or disruption. Disaster recovery planning is a short-term tactical plan used to deal with specific computing and other IT-related outages .

Learn more about cybersecurity in the workplace .

Send Alerts that won't be skipped or ignored

Send urgent notifications to any corporate devices: PCs, phones, tablets, etc. 

The high visibility combined with our 100% delivery rate guarantee. Bypass information overload. Deliver key information even if the computer is on screensaver mode, locked or sleeping.


Posts by Tag

  • Alert Software (41)
  • Best Practices (2)
  • Business Continuity (7)
  • Change Management (22)
  • Communication in finance (5)
  • Communications Feedback Solutions (27)
  • Construction Industry (3)
  • Corporate Communication Strategy (17)
  • Corporate Communication Tools (28)
  • Corporate compliance (4)
  • Corporate lockscreen (3)
  • Corporate screensaver (4)
  • Corporate wallpaper (5)
  • COVID-19 (31)
  • Crisis Communications (5)
  • Cybersecurity (25)
  • Desktop Alerts (16)
  • Desktop Alerts Software (28)
  • Digital signage (6)
  • duty of care (4)
  • Education (8)
  • Email overload (17)
  • Emergency Alert System (68)
  • Emergency communications (18)
  • Employee Communication (22)
  • Employee Communication Channels (14)
  • Employee Engagement (41)
  • Employee quiz (2)
  • Employee survey (4)
  • Executive communications (4)
  • Government Industry (6)
  • Healthcare (22)
  • Helpdesk (26)
  • Hospitality (1)
  • HR Communications (55)
  • Improve Corporate Communication (430)
  • Internal Communication Best Practices (108)
  • Internal Communication Channels (28)
  • Internal Communication Plan (11)
  • Internal Communication Strategy (24)
  • Internal Communication Tools (51)
  • Internal Communications (48)
  • Internal marketing communications (2)
  • Internet Security (41)
  • IT communications (17)
  • IT Issues (24)
  • IT Outage (23)
  • Manufacturing (4)
  • Mass notification (27)
  • Mobile App (2)
  • MS Teams (2)
  • Organizational culture (8)
  • Pharmaceutical industry (1)
  • Pop-up alerts (7)
  • RSVP alert (3)
  • Security Awareness Training (17)
  • SMS Notifications (1)
  • Staff training (4)
  • Strategy-Internal Communication Tools (2)
  • Telecom (1)
  • Video Alert (3)

Digital Signage For Schools

Digital Signage For Schools

Internal Communications Challenges

11 min read

Internal Communications Challenges

Ineffective and inefficient internal communications could be harming your organization. When communication is poor, there is a myriad of flow on...

Emergency Alert Steps

Emergency Alert Steps

It’s easy to stay calm while everything is going well at work. It’s easy to feel safe on a regular workday. However, how do you handle an emergency...


Firm Business Continuity Planning and Risk Mitigation Strategies

This is the third article of a risk management series and focuses on business continuity planning and risk mitigation strategies. The first article Eight Steps to Establish a Firm Risk Management Program covered the benefits and steps of establishing risk management program and the second Ten Steps to Successful Firm Risk Management highlighted 10 key steps for successful risk management.

The articles are a result of discussions at recent IFAC’s SMP Committee meetings, which involves practitioners from around the world sharing their perspectives and insights. In February 2019 SMPC meeting featured a session about the Japanese accountancy professions involvement in disaster recovery support and reconstruction activities following the earthquake in 2011 .

Japan is one of the few nations that has an active disaster recovery support for small- and medium-sized entities (SMEs). It is well recognized that SMEs are critical to every countries economy, for innovation, employment and contribution to GDP. Hence, the continuation and sustainability of SMEs during and after any natural disaster is vital.

The Guide to Practice Management for Small- and Medium-Sized Practices (the PM Guide) includes a whole module on risk management including: professionalism and ethics, client engagement, quality control and business continuity planning and disaster recovery. In addition, practitioners are encouraged to use a Good Practice Checklist for Small Business as a marketing or diagnostic tool to help them determine the advice a small business client may need, and also help them in managing their own business. It includes a section on Environmental Management Tasks highlighting the necessity for SMEs to have a contingency plan for an emergency or disaster and contains a checklist on “how to respond to emergencies”. 

Developing a Business Continuity Plan

The key to business continuity planning and disaster recovery is to look at it as an entire function as whole and complete in itself. The most effective way to coordinate planning in this area is to include the various components required in one central document. This is called a Business Continuity Plan. The purpose of developing a Business Continuity Plan is to ensure the continuation of the firm during and following any critical incident that results in disruption to the normal operational capability of the firm.

The Business Continuity Plan is based on the Prevention, Preparedness, Response and Recovery (PPRR) framework:

Prevention is all about risk management planning (please see Eight Steps to Establish a Firm Risk Management Program). This is where the likelihood and/or effects of risk associated with an incident are identified and managed. The key elements of the risk management processes are implemented at this stage, with threats identified and dealt with, or reduced to an acceptable level. 

The key tool for the Preparedness element is the Business Impact Analysis. This is where the key activities of the firm that may be adversely affected by any disruptions are identified and prioritized.

The key function of the Response element is Incident Response Planning. This plan outlines the immediate actions to be taken to respond to an incident in terms of containment, control and minimizing of impacts.

The Recovery section focuses on recovery planning. The purpose is to outline the actions that are to be taken to recover from an incident in order to minimize disruption and recovery times.

Another important element of the Business Continuity Plan is the concept of regular updates and review. It is hoped that the firm will never need to use the plan, but if the need ever arises, staff should know the plan is up to date with current details, information and resources. This is important, as it should reflect the changing needs of the firm.

Key items the plan should include:

  • Distribution list: An up-to-date list should be maintained of the people who have been supplied with a copy of the plan and their contact details. Remember to keep a copy of the plan in a safe off-site location.
  • References and related documents: Make a list of all the documents that have a bearing on the Business Continuity Plan.
  • Undertake a risk management assessment of the firm;
  • Define and prioritize the firm’s critical practice functions;
  • Detail the immediate response to a critical incident;
  • Detail strategies and actions to be taken to enable the firm to continue operating; and
  • Review and update this plan on a regular basis.

Ten Risk Mitigation Strategies

Each firm should have risk mitigation strategies to prepare in case of death, loss or injury of a partner.

1. Document Sensitive Information

It is important to document and keep in a safe place critical information that is necessary for the effective running and operation of the firm. This information may include:

  • Client agreements and arrangements;
  • Employee agreements and arrangements;
  • Supplier agreements and arrangements;
  • Personal guarantees provided and to whom;
  • Bank and finance arrangements;
  • Lawyer’s name and contact details;
  • Intellectual property residing within or developed by the firm; and
  • Recommendations for ongoing management of the firm.

2. Maintain Adequate Insurance

It is important to maintain adequate insurance to cover the firm. It is prudent to ensure that the firm has adequate insurance to cover each partner and to provide the funds to pay out the estate for the partner’s share of the firm in the event of their death. The prudent firm will insure their key human assets just as they do their physical assets.   

Important insurance coverage to hold includes:

  • “Key person” insurance;
  • Partnership/shareholder insurance (this provides for payment to the survivors of the partner); and
  • Business equity insurance (it is important that the business equity insurance policy is supported by a “buy/sell agreement,” as discussed below).

3. Ensure there is a Valid “Buy/Sell Agreement”

If there are partners in the firm, it is important to ensure there is a legally drawn and valid “buy/sell agreement.” This outlines the terms and conditions agreed upon between the partners for the purchase or sale of their share in the firm. It should be confirmed that it has been reconciled with the partnership/shareholder insurance coverage to ensure there is no shortfall.

4. Inform Bankers and Suppliers

It is important to consider beforehand what might be the reaction of bankers, other lenders and suppliers to the death or incapacitation of a partner of the firm. For instance, would they be prepared to continue with their financial arrangements, or would they call up their debt? Consideration would need to be given to whether the firm has sufficient financial reserves to cover such a situation.

5. Ensure Adequate Training of Staff

Appropriate training should be provided to staff in the key areas of management and the operation of the firm so that it is not totally dependent on one partner. The PM Guide includes a whole module ‘ People Power: Developing a People Strategy ’, which covers leadership, managing and retaining employees, recognition, training and development.

6. Ensure Procedures Manual Written and Maintained

It is vital to the ongoing operation of the firm that a procedures manual has been prepared which fully documents the procedures, processes and operations of the practice. It needs to be maintained and kept current. This means the firm is able to continue to operate during the death or incapacitation of the practitioner until certainty as to its future is known. The procedures manual also becomes a key document in any valuation process which is undertaken, as it tends to add value to the firm by reducing reliance on one partner.

7. Ensure Job Descriptions are Completed

It is important that job descriptions have been completed for all roles within the firm and that each staff member is clear on the tasks they are to perform.

8. Undertake Regular Staff Appraisals

Regular staff appraisals allow staff to stay informed of their progress and development within the firm and provides the opportunity to provide feedback on their performance. It also provides the opportunity to advise the staff member of the steps that should be taken if a partner were to die or become incapacitated.

9. Partnership Issues

If there are partners within the firm, it is important they clarify what will happen in the event of either their death or their incapacitation.

10. Other Business Relationships

It is important to understand whether the untimely death or incapacitation of a partner would unduly affect any other business relationship that the firm has. There should be a documented succession and continuity plan in place.

disaster recovery planning and business continuity management are preventive controls

Monica Foerster

Partner at Confidor, Chair of IFAC's SMP Advisory Group

Monica Foerster became Chair of the IFAC SMP Advisory Group (SMPAG) in 2017, after serving as its Deputy Chair. A SMPAG member since 2014, she was nominated by Conselho Federal de Contabilidade (CFC) and Instituto dos Auditores Independentes do Brasil (IBRACON). With 20 years of experience in the accountancy profession, Ms. Foerster is a partner at Confidor, an accounting, tax, and law firm with offices in Porto Alegre and São Paulo, Brazil.

Monica is currently a member of the Board of Directors of Ibracon Brazil (where she was the SMP Director and coordinator of the SMP Working Group for 6 years), and a board member at the Accounting Council (where she was also the coordinator of the Committee of Audit Studies (CRCRS) for 4 years. 

Monica holds an MBA in financial management, controllership and audit from the FGV – Fundação Getúlio Vargas, Brazil, and a degree in accounting from the Universidade Federal do Rio Grande do Sul – UFRGS, Brazil. 

disaster recovery planning and business continuity management are preventive controls

Christopher Arnold

Christopher Arnold is a Director at the International Federation of Accountants (IFAC). He leads activities on contributing to and promoting the development, adoption and implementation of high-quality international standards, including the Member Compliance Program, Intellectual Property and Translations. Christopher is also responsible for IFAC’s SME (small- and medium-sized entities), SMP (small- and medium-sized practices) and research initiatives, which include developing thought leadership, public policy and advocacy. He was previously an Audit Manager for Deloitte and qualified as a professional accountant in a mid-tier accountancy practice in London (now called PKF-Littlejohn LLP). Christopher started his career as a Small Business Policy Adviser at the Association of Chartered Certified Accountants (ACCA).

Explore More On...

  • Governance & Risk Management
  • Small & Medium Practice Transformation

U.S. flag

An official website of the United States government

Here’s how you know

world globe

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

disaster recovery planning and business continuity management are preventive controls

IT Disaster Recovery Plan

world globe

Businesses use information technology to quickly and effectively process information. Employees use electronic mail and Voice Over Internet Protocol (VOIP) telephone systems to communicate. Electronic data interchange (EDI) is used to transmit data including orders and payments from one company to another. Servers process information and store large amounts of data. Desktop computers, laptops and wireless devices are used by employees to create, process, manage and communicate information. What do you when your information technology stops working?

An information technology disaster recovery plan (IT DRP) should be developed in conjunction with the business continuity plan . Priorities and recovery time objectives for information technology should be developed during the business impact analysis . Technology recovery strategies should be developed to restore hardware, applications and data in time to meet the needs of the business recovery.

Businesses large and small create and manage large volumes of electronic information or data. Much of that data is important. Some data is vital to the survival and continued operation of the business. The impact of data loss or corruption from hardware failure, human error, hacking or malware could be significant. A plan for data backup and restoration of electronic information is essential.

Resources for Information Technology Disaster Recovery Planning

  • Computer Security Resource Center - National Institute of Standards and Technology (NIST), Computer Security Division Special Publications
  • Contingency Planning Guide for Federal Information Systems - NIST Special Publication 800-34 Rev. 1
  • Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities – NIST Special Publication 800-84
  • Building An Information Technology Security Awareness and Training Program - NIST Special Publication 800-50

IT Recovery Strategies

Recovery strategies should be developed for Information technology (IT) systems, applications and data. This includes networks, servers, desktops, laptops, wireless devices, data and connectivity. Priorities for IT recovery should be consistent with the priorities for recovery of business functions and processes that were developed during the business impact analysis . IT resources required to support time-sensitive business functions and processes should also be identified. The recovery time for an IT resource should match the recovery time objective for the business function or process that depends on the IT resource.

Information technology systems require hardware, software, data and connectivity. Without one component of the “system,” the system may not run. Therefore, recovery strategies should be developed to anticipate the loss of one or more of the following system components:

  • Computer room environment (secure computer room with climate control, conditioned and backup power supply, etc.)
  • Hardware (networks, servers, desktop and laptop computers, wireless devices and peripherals)
  • Connectivity to a service provider (fiber, cable, wireless, etc.)
  • Software applications (electronic data interchange, electronic mail, enterprise resource management, office productivity, etc.)
  • Data and restoration

Some business applications cannot tolerate any downtime. They utilize dual data centers capable of handling all data processing needs, which run in parallel with data mirrored or synchronized between the two centers. This is a very expensive solution that only larger companies can afford. However, there are other solutions available for small to medium sized businesses with critical business applications and data to protect.

Internal Recovery Strategies

Many businesses have access to more than one facility. Hardware at an alternate facility can be configured to run similar hardware and software applications when needed. Assuming data is backed up off-site or data is mirrored between the two sites, data can be restored at the alternate site and processing can continue.

Vendor Supported Recovery Strategies

There are vendors that can provide “hot sites” for IT disaster recovery. These sites are fully configured data centers with commonly used hardware and software products. Subscribers may provide unique equipment or software either at the time of disaster or store it at the hot site ready for use.

Data streams, data security services and applications can be hosted and managed by vendors. This information can be accessed at the primary business site or any alternate site using a web browser. If an outage is detected at the client site by the vendor, the vendor automatically holds data until the client’s system is restored. These vendors can also provide data filtering and detection of malware threats, which enhance cyber security.

Developing an IT Disaster Recovery Plan

Businesses should develop an IT disaster recovery plan. It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and wireless devices), software applications and data. The plan should include a strategy to ensure that all critical information is backed up.

Identify critical software applications and data and the hardware required to run them. Using standardized hardware will help to replicate and reimage new hardware. Ensure that copies of program software are available to enable re-installation on replacement equipment. Prioritize hardware and software restoration.

Document the IT disaster recovery plan as part of the business continuity plan . Test the plan periodically to make sure that it works.

Data Backup

Businesses generate large amounts of data and data files are changing throughout the workday. Data can be lost, corrupted, compromised or stolen through hardware failure, human error, hacking and malware. Loss or corruption of data could result in significant business disruption.

Data backup and recovery should be an integral part of the business continuity plan and information technology disaster recovery plan. Developing a data backup strategy begins with identifying what data to backup, selecting and implementing hardware and software backup procedures, scheduling and conducting backups and periodically validating that data has been accurately backed up.

Developing the Data Backup Plan

Identify data on network servers, desktop computers, laptop computers and wireless devices that needs to be backed up along with other hard copy records and information. The plan should include regularly scheduled backups from wireless devices, laptop computers and desktop computers to a network server. Data on the server can then be backed up. Backing up hard copy vital records can be accomplished by scanning paper records into digital formats and allowing them to be backed up along with other digital data.

Options for Data Backup

Tapes, cartridges and large capacity USB drives with integrated data backup software are effective means for businesses to backup data. The frequency of backups, security of the backups and secure off-site storage should be addressed in the plan. Backups should be stored with the same level of security as the original data.

Many vendors offer online data backup services including storage in the “cloud”. This is a cost-effective solution for businesses with an internet connection. Software installed on the client server or computer is automatically backed up.

Data should be backed up as frequently as necessary to ensure that, if data is lost, it is not unacceptable to the business. The business impact analysis should evaluate the potential for lost data and define the “recovery point objective.” Data restoration times should be confirmed and compared with the IT and business function recovery time objectives.

Last Updated: 02/17/2021

Return to top

Maven Business Plans

disaster recovery planning and business continuity management are preventive controls


The terms disaster recovery and business continuity planning are appeared together so often.  It allows businesses to remain operational after an unforeseen event. The objective of both these plans is to limit the risk of data loss. Besides, it will enable a corporation to operate as frequently as possible after an interruption.

However, business continuity and disaster recovery are not the same things. They are related and connected to each other but are not similar.


It is the decision-making and operational tool to ensure the continuity of activities.

To be a useful tool, it must answer a set of questions:

  • What are the organization’s critical activities/processes/products?
  • What are the issues in the event of an event impacting them?
  • What are the needs (qualitative, quantitative) to ensure their continuity and minimize the impacts?

The key to answering them is consistency. According to this logic, the starting point defines what is critical for the organization. Further, it also determines the needs and appropriate strategy.

In practical terms, business continuity means making a plan to ensure that your enterprise is prepared to work continually. It aims to establish a strategy. And to ensures the continuity of activities following a disaster seriously disrupting normal business functioning.

Not all events that bring organizations to their knees are as dramatic as significant hurricanes or floods. Even the effects of a normal storm could deactivate key resources and disrupt your business. An effective business continuity plan allows you to resume operations quickly after a disaster.

Business Continuity Plans still benefit from renewed interest in times of crisis. That is the same in the case, during the coronavirus COVID-19 pandemic. It is essential to put the business continuity plan in place to reduce losses to a minimum. It’s an ideal way to defend these types of crises.

It helps to cover all stages and respect schedules so that the necessary resources, processes, and functions restart as quickly as possible.


A Disaster Recovery Plan (DRP) is a documented process for recovering IT and business infrastructure in case of a disaster. Surely, a disaster can occur for a whole host of natural or human-made reasons. For example, a snowstorm, floods, or even acts of terrorism and hacking, as was the case recently with ransomware. All of these examples can be qualified as sinister.

In many instances, when an IT environment experiences serious problems following a disaster, data loss is probably one of the most common consequences. So it is essential to ensure that your data center has at least two back-ups.

DRP is a document that lists the steps to take to rebuild your computer system in case of a crisis. Further, it allows us to restart the applications necessary for a company’s activities. It aims to anticipate and mitigate the devastating effects of a crisis or natural disaster.

Many businesses make DRP plans but ignore or neglect to update annually. For example, when Hurricane Harvey caused unexpected indoor flooding in Houston. Many businesses quickly sank as people struggled to evacuate.

What is the key difference between business continuity and disaster recovery?

Disaster recovery is part of IT business continuity planning. It is all about accessing data after a disaster quickly. There are similarities between business continuity and disaster recovery, as both take into account a variety of unexpected events. That is ranging from cyber-attacks and human error to natural disasters such as flooding. They also aim to keep the business running as frequently as possible, especially for mission-critical applications. However, the key difference between them is when the plan is implemented.

The business continuity plan is more proactive. It generally refers to the processes and procedures that an organization must implement. It ensures the continuity of mission-critical functions during and after a disaster. In simple words, it allows us to keep operations functional during and after the event.

Disaster recovery is more responsive. It includes specific steps that the business must take to resume operations following an incident. Disaster recovery actions take place after the event, and response times can range from seconds to days. Cut to the chase. It focuses on how you come to normal after a disaster.

For example, if a hurricane or flood destroys your office building, the solution to recovering your business might be to allow employees to do remote work. However, this solution only serves as part of the emergency response. You can’t use it for long-term efficiency.

Your disaster recovery solution focuses on ways for employees to get back to the same location. Besides, it also focuses on the replacement of office furniture and equipment. 

The development of the BCP and the disaster recovery IT plan generally begins with consultations. After that, the members of both teams carrying out a risk analysis. The organization recognizes the most critical aspects of the business. Besides, it will identify how quickly and to what extent plans should be executed after an incident.

Leave a Comment Cancel Reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

  • Bahasa Indonesia
  • Sign out of AWS Builder ID
  • AWS Management Console
  • Account Settings
  • Billing & Cost Management
  • Security Credentials
  • AWS Personal Health Dashboard
  • Support Center
  • Expert Help
  • Knowledge Center
  • AWS Support Overview
  • AWS re:Post

Our Controls

AWS data centers are secure by design and our controls make that possible. Before we build a data center, we spend countless hours considering potential threats and designing, implementing, and testing controls to ensure the systems, technology, and people we deploy counteract risk. To help you fulfill your own audit and regulatory requirements, we are providing you with insight into some of our physical and environmental controls below.

Secure Design

Prior to choosing a location, AWS performs initial environmental and geographic assessments. Data center locations are carefully selected to mitigate environmental risks, such as flooding, extreme weather, and seismic activity. Our Availability Zones are built to be independent and physically separated from one another.

Data centers are designed to anticipate and tolerate failure while maintaining service levels. In case of failure, automated processes move traffic away from the affected area. Core applications are deployed to an N+1 standard, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.

AWS has identified critical system components required to maintain the availability of our system and recover service in the event of outage. Critical system components are backed up across multiple, isolated locations known as Availability Zones. Each Availability Zone is engineered to operate independently with high reliability. Availability Zones are connected to enable you to easily architect applications that automatically fail-over between Availability Zones without interruption. Highly resilient systems, and therefore service availability, is a function of the system design. Through the use of Availability Zones and data replication, AWS customers can achieve extremely short recovery time and recovery point objectives, as well as the highest levels of service availability.

AWS continuously monitors service usage to deploy infrastructure to support our availability commitments and requirements. AWS maintains a capacity planning model that assesses our infrastructure usage and demands at least monthly. This model supports planning of future demands and includes considerations such as information processing, telecommunications, and audit log storage.

Business Continuity & Disaster Recovery

The AWS Business Continuity Plan outlines measures to avoid and lessen environmental disruptions. It includes operational details about steps to take before, during, and after an event. The Business Continuity Plan is supported by testing that includes simulations of different scenarios. During and after testing, AWS documents people and process performance, corrective actions, and lessons learned with the aim of continuous improvement.

AWS incorporates pandemic response policies and procedures into its disaster recovery planning to prepare to respond rapidly to infectious disease outbreak threats. Mitigation strategies include alternative staffing models to transfer critical processes to out-of-region resources, and activation of a crisis management plan to support critical business operations. Pandemic plans reference international health agencies and regulations, including points of contact for international agencies.

Physical Access

AWS provides physical data center access only to approved employees. All employees who need data center access must first apply for access and provide a valid business justification. These requests are granted based on the principle of least privilege, where requests must specify to which layer of the data center the individual needs access, and are time-bound. Requests are reviewed and approved by authorized personnel, and access is revoked after the requested time expires. Once granted admittance, individuals are restricted to areas specified in their permissions.

Third-party access is requested by approved AWS employees, who must apply for third-party access and provide a valid business justification. These requests are granted based on the principle of least privilege, where requests must specify to which layer of the data center the individual needs access, and are time-bound. These requests are approved by authorized personnel, and access is revoked after request time expires. Once granted admittance, individuals are restricted to areas specified in their permissions. Anyone granted visitor badge access must present identification when arriving on site and are signed in and escorted by authorized staff.

Physical access to data centers in  AWS GovCloud (US)  is restricted to employees who have been validated as being US citizens.

Monitoring & Logging

Access to data centers is regularly reviewed. Access is automatically revoked when an employee’s record is terminated in Amazon’s HR system. In addition, when an employee or contractor’s access expires in accordance with the approved request duration, his or her access is revoked, even if he or she continues to be an employee of Amazon.

Physical access to AWS data centers is logged, monitored, and retained. AWS correlates information gained from logical and physical monitoring systems to enhance security on an as-needed basis.

We monitor our data centers using our global Security Operations Centers, which are responsible for monitoring, triaging, and executing security programs. They provide 24/7 global support by managing and monitoring data center access activities, equipping local teams and other support teams to respond to security incidents by triaging, consulting, analyzing, and dispatching responses.

Surveillance & Detection

Physical access points to server rooms are recorded by Closed Circuit Television Camera (CCTV). Images are retained according to legal and compliance requirements.

Physical access is controlled at building ingress points by professional security staff utilizing surveillance, detection systems, and other electronic means. Authorized staff utilize multi-factor authentication mechanisms to access data centers. Entrances to server rooms are secured with devices that sound alarms to initiate an incident response if the door is forced or held open.

Electronic intrusion detection systems are installed within the data layer to monitor, detect, and automatically alert appropriate personnel of security incidents. Ingress and egress points to server rooms are secured with devices that require each individual to provide multi-factor authentication before granting entry or exit. These devices will sound alarms if the door is forced open without authentication or held open. Door alarming devices are also configured to detect instances where an individual exits or enters a data layer without providing multi-factor authentication. Alarms are immediately dispatched to 24/7 AWS Security Operations Centers for immediate logging, analysis, and response.

Device Management

AWS assets are centrally managed through an inventory management system that stores and tracks owner, location, status, maintenance, and descriptive information for AWS-owned assets. Following procurement, assets are scanned and tracked, and assets undergoing maintenance are checked and monitored for ownership, status, and resolution.

Media storage devices used to store customer data are classified by AWS as Critical and treated accordingly, as high impact, throughout their life-cycles. AWS has exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned.

Operational Support Systems

Our data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day. AWS ensures data centers are equipped with back-up power supply to ensure power is available to maintain operations in the event of an electrical failure for critical and essential loads in the facility.

AWS data centers use mechanisms to control climate and maintain an appropriate operating temperature for servers and other hardware to prevent overheating and reduce the possibility of service outages. Personnel and systems monitor and control temperature and humidity at appropriate levels.

AWS data centers are equipped with automatic fire detection and suppression equipment. Fire detection systems utilize smoke detection sensors within networking, mechanical, and infrastructure spaces. These areas are also protected by suppression systems.

In order to detect the presence of water leaks, AWS equips data centers with functionality to detect the presence of water. If water is detected, mechanisms are in place to remove water in order to prevent any additional water damage.

Infrastructure Maintenance

AWS monitors and performs preventative maintenance of electrical and mechanical equipment to maintain the continued operability of systems within AWS data centers. Equipment maintenance procedures are carried out by qualified persons and completed according to a documented maintenance schedule.

AWS monitors electrical and mechanical systems and equipment to enable immediate identification of issues. This is carried out by utilizing continuous audit tools and information provided through our Building Management and Electrical Monitoring Systems. Preventative maintenance is performed to maintain the continued operability of equipment.

Governance & Risk

The AWS Security Operations Center performs regular threat and vulnerability reviews of data centers. Ongoing assessment and mitigation of potential vulnerabilities is performed through data center risk assessment activities. This assessment is performed in addition to the enterprise-level risk assessment process used to identify and manage risks presented to the business as a whole. This process also takes regional regulatory and environmental risks into consideration.

Third-party testing of AWS data centers, as documented in our third-party reports, ensures AWS has appropriately implemented security measures aligned to established rules needed to obtain security certifications. Depending on the compliance program and its requirements, external auditors may perform testing of media disposal, review security camera footage, observe entrances and hallways throughout a data center, test electronic access control devices, and examine data center equipment.

deprecated-browser pixel tag

Ending Support for Internet Explorer


  1. 4 Reasons Your Organization Needs a Business Continuity Plan (BCP)

    disaster recovery planning and business continuity management are preventive controls

  2. Disaster Recovery or Business Continuity. What’s the Difference?

    disaster recovery planning and business continuity management are preventive controls

  3. IT-Centric Disaster Recovery & Business Continuity

    disaster recovery planning and business continuity management are preventive controls

  4. Business Continuity vs Disaster Recovery

    disaster recovery planning and business continuity management are preventive controls

  5. Business Continuity vs. Disaster Recovery

    disaster recovery planning and business continuity management are preventive controls

  6. Business Continuity-Disaster Recovery

    disaster recovery planning and business continuity management are preventive controls


  1. Science based Disaster Risk Management Planning


  3. CC 2.3 Disaster Recovery

  4. Seminar: Evidence for Policy in Disaster Risk Management (Day 1)


  6. Community Practitioners' Platform for Resilience: Disaster Risk Reduction Statement at GP11


  1. Business continuity and disaster recovery planning: The basics

    Mar 25, 2021 9 mins Business Continuity Disaster Recovery Security Good business continuity plans will keep your company up and running through interruptions of any kind: power...

  2. Business Continuity & Disaster Recovery Planning (BCP & DRP)

    44.2k views Network Security Regulation & Compliance What is business continuity In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures.

  3. What is BCDR? Business continuity and disaster recovery guide

    BCDR practices enable an organization to get back on its feet after problems occur, reduce the risk of data loss and reputational harm, and improve operations while decreasing the chance of emergencies. Some businesses might have a head start on BCDR. DR is an established function in many IT departments with respect to individual systems.

  4. Business Continuity vs. Disaster Recovery: 5 Key Differences

    Business continuity and disaster recovery are instrumental to preparing for pandemics, natural disasters, wildfires and even cyberattacks. Both require regular review, and they may sometimes require revision to ensure they match the company's evolving goals. An emergency management leader will continually test and modify these plans as needed.

  5. Business Continuity Management, Disaster Recovery Planning: Compliance

    Business Continuity (BC) is the discipline of creating, implementing, and maintaining policies and procedures to guarantee that important business operations are resilient and ready for disaster response, disaster recovery, and events that threaten an organization's existence (Kliem & Richie, 2015 ).

  6. Disaster Recovery And Business Continuity Takeaways From The ...

    getty Prior to the Covid-19 outbreak, only 22% of companies had the infrastructure in place to support mass remote working — and yet, despite that fact, an estimated 37% of organizations to date...

  7. PDF Disaster Recovery and Business Continuity Plan

    The objective of having a Business Continuity and Disaster Recovery Plan and associated controls is to ensure that the organization can still accomplish its mission and it would not lose the capability to process, retrieve and protect information maintained in the event of an interruption or disaster leading...

  8. Views on business continuity and disaster recovery

    Abstract Purpose There is a noticeable confusion in the literature between Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP). The two expressions are very often used interchangeably especially when it comes to their application.

  9. Business Continuity Plan

    English Business Continuity Planning Process Diagram - Text Version When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential.

  10. Business continuity: Managing disaster and disruption

    Risk of business interruption can be physical, virtual, reputational and always financial - and should be well-planned for. A sound business continuity plan should be written and tested in a tabletop exercise to be effective. An ideal tabletop exercise should be prepared well in advance and designed to test location-specific vulnerabilities.

  11. Business Continuity Management, Disaster Recovery Planning: Compliance

    The Chapter explains four key BCM processes that can be divided into the following six phases: Project initiation, Risk Assessment/Business Impact Analysis, Determining the BCM Strategy, Creation...

  12. Understanding disaster recovery and business continuity

    While disaster recovery plans focus on how to keep everything safe and secure in an unlikely event, business continuity plans describe how and where an organization can continue to operate if forced into a temporary location as a result of something unexpected.

  13. Disaster Recovery and Business Continuity Management

    Disaster Recovery and Business Continuity Management There are many different approaches to BCP and DRP. Some companies address these processes separately, whereas others focus on a continuous process that interweaves the plans.

  14. Disaster Recovery vs Business Continuity: 5 Top Differences

    However, there are several differences that organizations should be aware of when it comes to business continuity vs disaster recovery: Essentially, business continuity is a focus on keeping the business operational while a disaster unfolds and in its immediate aftermath. On the other hand, disaster recovery32 is a focus on restoring processes ...

  15. Firm Business Continuity Planning and Risk Mitigation Strategies

    The Business Continuity Plan is based on the Prevention, Preparedness, Response and Recovery (PPRR) framework: Prevention is all about risk management planning (please see Eight Steps to Establish a Firm Risk Management Program). This is where the likelihood and/or effects of risk associated with an incident are identified and managed.

  16. IT Disaster Recovery Plan

    Businesses should develop an information technology disaster recovery plan (IT DRP) in conjunction with a business continuity plan. Businesses use information technology to quickly and effectively process information. Employees use electronic mail and Voice Over Internet Protocol (VOIP) telephone systems to communicate. Electronic data interchange (EDI) is used to transmit data including ...

  17. PDF Business Continuity/Disaster Recovery Plan Development

    293 Business Continuity/Disaster Recovery Plan Development Solutions in this chapter: Phases of Business Continuity and Disaster Recovery Defining BC/DR Teams and Key Personnel Defining Tasks, Assigning Resources Communications Plans Event Logs, Change Control, and Appendices Chapter 6 Summary Solutions Fast Track Frequently Asked Questions

  18. Disaster recovery and business continuity auditing

    Disaster recovery is a subset of business continuity. Where DRP encompasses the policies, tools and procedures to enable recovery of data following a catastrophic event, business continuity planning (BCP) involves keeping all aspects of a business functioning regardless of potential disruptive events. As such, a business continuity plan is a ...

  19. Integrated business continuity and disaster recovery planning: Towards

    In this paper, a novel Integrated Business Continuity and Disaster Recovery Planning (IBCDRP) framework is developed. Subsequently, an interactive Multi-Objective Mixed Integer Linear Programming (MOMILP) model is formulated to find efficient (i.e., Pareto-optimal) resource allocation patterns among candidate BC and DR plans while considering ...

  20. PDF Contingency Disaster Recovery Plan

    The National Institute of Standards and Technology (NIST) defines contingency planning as management policies and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergency, system failure, or disaster.

  21. PDF NIST SP 800-34, Revision 1

    Mission/business process focused plan that may be activated in coordination with a COOP plan to sustain non- mission essential functions . Continuity of Operations (COOP) Plan. Provides procedures and guidance to sustain an organization's mission essential functions at an alternate site for up to 30 days; mandated by federal directives.

  22. Difference between Disaster Recovery and Business Continuity Planning

    The terms disaster recovery and business continuity planning are appeared together so often. It allows businesses to remain operational after an unforeseen event. The objective of both these plans is to limit the risk of data loss. Besides, it will enable a corporation to operate as frequently as possible after an interruption.

  23. Data Centers

    The AWS Business Continuity Plan outlines measures to avoid and lessen environmental disruptions. It includes operational details about steps to take before, during, and after an event. ... AWS incorporates pandemic response policies and procedures into its disaster recovery planning to prepare to respond rapidly to infectious disease outbreak ...