The increasing amount of data has become an enormous challenge for companies in the past two years. More and more data is now being collected, processed, transferred and stored in internal or external data centers. Big Data Analysis, in other words, analyzes all these data, is becoming a dominant trend within companies, as the sophisticated software required to accomplish such a task becomes affordable. But with this exponential rise in data stocks, the risk of losing data also increases.
Regardless of the reason (a hard drive dysfunction, end-of-life disc, bad user manipulation, natural disasters …), a loss of data can have serious effects for a company or individual. For a business, a loss of data can lead, in the worst case, to bankruptcy when, for example, delays cannot be met on an ongoing project or databases are no longer available. Having backups does not necessarily mean that they will work properly during a disaster. Therefore, building a solid disaster recovery plan is not only a reassuring element, it is a necessity!
What is a Business Continuity Plan (BCP) and what does it include?
A Business Continuity Plan (BCP) is of great value to a company in the event that its business is interrupted, which usually costs them money. To reduce these losses to a minimum, a PCA document must cover all steps and adhere to the agendas, so that the necessary resources, processes and functions are able to restart as quickly as possible.
What is a Disaster Recovery Plan (DRP) and what does it consist of?
A Disaster Recovery Plan (DRP) is a documented process to recover an IT and business infrastructure in the event of a disaster. Indeed, a disaster can occur for a whole lot of natural or artificial reasons, such as a snow storm, floods, acts of terrorism and piracy, as was the case with the ransomwares. All these examples can be described as sinister. In many cases where a computing environment is experiencing serious problems following a disaster, data loss is probably one of the most common consequences.
What should be considered when developing a BCP/DRP?
A good BCP/DRP plan should not only cover the usual reasons for data loss (hardware failure or natural causes). It should also cover less common incidents such as a ransomware attack or sabotage. Each company should adapt to these situations but also to new dangers, possibly currently unknown but potentially dangerous in the short term,
A good BCP/DRP plan should always be created with the participation of all those involved in the process. It just does not make sense to create a plan through one or two people and then run it by management order. The more people involved in creating a plan, the more possible pitfalls can be discovered and avoided, making the defense plan as efficient as possible.
Computer consultants often state that a risk assessment is necessary for the creation of a BCP/DRP, since all potential threats to the company are listed in this document to ensure that it is able to protect itself. Yet this is only half true because a risk assessment defines what can cause a failure, not its effects.
Better identify the risks likely to have an impact on the functioning of the company
This step identifies risks and threats, both internally and externally, that may affect the smooth functioning of business operations. The Business Impact Analysis (BIA) can be carried out simply by means of a questionnaire for the employees concerned. However, if you have enough time, an analysis of risk assessment with a true BIA is the best way to proceed.
Testing is required to ensure that the BCP/DRP plan is working properly when a disaster strikes. Therefore, when developing a plan, testing it is an integral part of the process. Trying to reduce costs and make only limited tests, the strength of a plan may be insufficient, which in the event of failure will surely result in much higher costs. It is therefore necessary to obtain the necessary budget from the beginning of the plan,
In the same way that you upgrade your hardware, it is important to update your BCP/DRP plan. It is not uncommon for a plan to have 100 pages or more, in order to cover each step in detail. As technologies often change and in order to keep abreast of changes in the plan, it is wise to divide it into several distinct steps for a better overview and to facilitate future changes,
An important question often asked about the use of BCP/DRP plans: is it really necessary to develop a huge plan with hundreds of pages? The answer is no. Sometimes a simple 2-10 page document containing important information may be enough to cover all the steps needed to respond to disasters or data loss. But of course, it depends very much on the structure of the companies and their settlement. In any case, it is wise to create a short version of the document in order to make the main steps quickly available to the employees concerned.