How to create a business continuity plan

Having a plan can mean the difference between recovery and disaster

No one likes to think about the worst thing that could happen to their organisations. But the more complex our IT architectures become - particularly with varying cloud or hybrid platforms - the more essential it is to have a business continuity plan in place in case of downtime.

In the past two years, 95% of enterprises have had to deal with at least one data centre outage, according to Gravic Inc. These disruptions sideline entire data centres, not just single systems. A study from the Ponemon Institute into data breaches in 2018 has shown that the averate total cost of a data breach last year was $3.86 million, with the most costly component being lost business cost. Even a small disruption to business will cost money, so having a plan in place can mitigate revenue losses.

A business continuity plan is more than just making sure critical IT and services are available if disruption occurs, or being able to restore functions quickly. A good plan should aim to keep the complete ecosystem of critical business functions operational in the event of a serious incident.

Why have a business continuity plan?

There are a wide range of reasons why an organisation should have a business continuity plan put in place 

Advertisement
Advertisement - Article continues below

Firstly, it is a communication tool. Having a plan in place means that everyone will know what to do in an emergency. In a disaster, if someone doesn't know what role they need to play, the risks aren't going to be mitigated.

Secondly, it means that your organisation is proactive. When disaster strikes people will know what to do instead of trying to figure out things as they go along. This also helps manage any negative impact on the company's reputation; it may be difficult to avoid data breaches entirely, but demonstrating preparedness will make clients more understanding.

Thirdly, having a plan means that you have a good chance of recovering from disaster. When you protect mission-critical parts of a business, there is a good chance of survival and staff morale will be higher for it.

Not only does having a plan increase your chances of recovering from an incident, but it also reduces the likelihood of you having another one. Businesses that don't have a business continuity plan are 32.3% likely to have a data breach at some point over the next two years, but this falls to 23.4% for businesses with a plan, according to the Ponemon Institute.

Finally, a business continuity plan can reduce the time it takes to identify and contain the data breach incident, especially if staff have a structured plan to follow. It significantly minimises disruption if teams are aware what steps they need to take to keep the business up and running.

What's in a business continuity plan?

A plan should provide a roadmap for employees so they know what to do when things go bad. Such a plan should include the following. 

Threat analysis natural disasters, such as a flood can destroy IT infrastructure, while a cybersecurity hack can put your network offline but not affect personnel. Bombs could kill people and destroy equipment. It's important to cover what to do for all major possible threats.

Who's responsible when disaster strikes, an organisation should have a list of personnel to contact and what they role in a continuity plan will be. An organisation should also keep contact details of external services, such as police, fire, etc.

Plan a backup it is important to have a backup of important data offsite away from where an organisation is based. There should also be consideration given to backup power supplies. In addition to uninterruptible power supplies, one should also consider what to do if the power will be out for a considerable amount of time.

Alternative comms and operational sites if you have no telephones or internet, you need to plan how you will keep in contact with customers, employees and others. A plan should also cover how and where to set up operations in an alternative location.

Advertisement
Advertisement - Article continues below

Increasingly, organisations are putting in place formal disaster recovery (DR) processes as part of their business continuity plans.

A global study into DR processes in 2018 showed that 39% of companies had an automated DR process in place, up from just 16% in 2017. Using automated processes like this to get your business up and running in the event of a breach is a good way to make significant cost savings.

Managing a business continuity plan

Managing a business continuity plan means keeping it up to date, changing details to ensure they are correct. It is also important to review the impact of new processes, systems and technology on a regular basis and add these to the original plan.

Those responsible for the plan should also make sure that all employees that could be affected by a disruption to the business have read and understood the plan, what their role in the implementation is and how the plan will be executed. Even non-essential personnel should be informed about such things as building evacuation measures, as well as emergency locations.

In the event of a breach, the business continuity plan should be reviewed and adapted if necessary to further minimise disruption in the future.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/government-it-strategy/28305/ir35-news
Policy & legislation

Businesses urged to continue IR35 preparations despite Conservative review pledge

3 Dec 2019
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/wifi-hotspots/31488/how-to-boost-your-business-wi-fi
wifi & hotspots

How to boost your business Wi-Fi

22 Oct 2019
Visit/strategy/28223/cio-job-description-what-does-a-cio-do
Business strategy

CIO job description: What does a CIO do?

1 Oct 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019