Each of the organization should develop their own business continuity and disaster recovery planning. What does it mean actually?
Basically business continuity and disaster recovery planning consists of two different processes but combined together into a single management framework.
Before you develop the document of the business continuity and disaster recovery planning for your organization, you need to understand the distinction between “business continuity (BC) planning” and “disaster recovery (DR) planning”. To better understand the difference between the two processes, the following scenario might help you understand the two processes.
Suppose you are in charge of the Information technology department of a mining company in a remote site. All the servers and other main networking devices are located in a single server room. In an incident where an electrical short circuit causes the fire that burn the server room and other adjacent buildings including the servers, the networking devices and the cabling system, nothing left. Some actions must be taken based on the business continuity and disaster recovery planning document. The following examples describe appropriate actions that must be taken:
Disaster Recovery Actions
One of the preventive actions regarding the disaster recovery planning is to separate the servers into two different buildings (the main server room and the alternate server room) which are separated far enough so in case of one building where the main server room located is caught by the fire, the alternate server room in the other building will not be affected.
What are the disaster recovery actions you should take? First action is to activate the alternate server room as the main server room. Other tasks regarding the activation of the new server room should also be done too including restoring the data as necessary as possible, rerouting the communication systems and so on as to make the system back operational in a minimum level. This allows the users to start working as soon as the system is restored even in a minimum level. This is the Disaster Recovery process to restore the system back operational to allow the users to start working even in a minimum level.
Business Continuity Actions
Business continuity processes are actions that must be taken to restore the system back operational in its fullest including the following:
- Build another server room as a replacement of the main server that was burned out. New server room must be in a good design with racks, fire alarm system, easy to reach fire extinguishers and probably an exit door and other things that must be compliant to HSE.
- Run the backbone cables between the alternate server and the new server rooms.
- Purchase new servers, switches, networking routers, backup drives and other networking devices that were burned out.
- And other tasks that make the system back in its fullest operation.
With this scenario, we can understand exactly the different between the two processes business continuity and disaster recovery planning.
Business Continuity Disaster Recovery Planning
Each of the organizations should manage their own information systems including the security protection against any types of networking threats, hardware and software infrastructure as well as developing the business continuity and disaster recovery planning. The emerging internet threats are real that can cost the companies around the world millions of dollars each year. An ongoing process of reviewing the security holes,identifying any possible security risks must be done in a regular basis. Updating the document when new risks are found and appropriate controls are taken should also be done.
Business continuity and disaster recovery planning document is like a framework of processes that we should do to recover the networking infrastructure in case of disaster occurs in any scale either small or large disaster.
A Disaster Recovery planning assists in providing a pre-defined and co-ordinate list of steps for the minimization of the overall effects of a disaster and recovery from a disaster. During or following a disaster, a Disaster Recovery planning aids in avoiding confusion to ensure a swift recovery to a stable level of business continuity operations.
Preventive Strategy
One of the tasks that should be included in your business continuity and disaster recovery plan is the preventive strategy. The preventive strategy should cover all the necessary actions must be done in avoiding the potential disaster to occur. The risk security assessment must be performed in a regular basis to find any possible potential disaster to occur.
Such measures are crucial to the mitigation of the risk and are usually implemented upon the identification of a potential risk. The following examples are generally performed by any organizations in their preventive strategy.
- A well managed backup strategy must be in place. This can include the daily, weekly and monthly backup. Sending the backup tapes offsite in a regular basis is also important to prevent any large scale disaster to occur.
- Installing a well managed firewall in each of the entry point of the internet must be in place in preventing any types of internet threats.
- A well managed anti-virus infrastructure must be in place either using the software based anti-virus software or any UTM appliances with update services from the third party company.
- Deploying such kinds of router redundancy for un-interruptible internet connectivity to keep the business running
- Load balancing and clustering system should also be implemented if the availability of the network services with zero downtime is required
Recovery
The other actions that must be taken in your business continuity and disaster recovery plan are recovery actions. The recovery strategy should cover all the necessary steps to take when the disaster occurs and the executions of the steps must be as swift as possible in order to avoid the prolonged timeframes in an acceptable level of operation. Any types of recovery strategies must be in place including the following examples:
- Any backup system should prove to work when the restore action is done. Therefore any regular test of the restore process must be performed to assure that the backup and restore system work perfectly in case of disaster occurs.
- Build an alternate server room with acceptable standby servers and proved to work operational so in case of the disaster occur that causes the main server room disappear, the alternate server room can be operational at least in a minimum level. Domain name servers includingdirectory services are usually the first priority servers to be operational at the first stage.
- Backup drive in alternate server room must prove to work fast in case of huge data restoration is required
Business continuity and disaster recovery planning as a framework processes that must be taken in case of disaster occurs must be developed by each of the organizations in any scale.