BC Planning Life Cycle

From the conceptualization to the realization of the BC plan, a lifecycle of activities can be defined for the BC process.

The BC planning lifecycle includes five stages

1. Establishing objectives

2. Analyzing

3. Designing and developing

4. Implementing

5. Training, testing, assessing, and maintaining

Establishing objectives

Determine BC requirements.

Estimate the scope and budget to achieve requirements.

Select a BC team by considering subject matter experts from all areas of the business, whether internal or external.

Create BC policies.

Analyzing

Collect information on data profiles, business processes, infrastructure support, dependencies, and frequency of using business infrastructure.

Identify critical business needs and assign recovery priorities.

Create a risk analysis for critical areas and mitigation strategies.

Conduct a Business Impact Analysis (BIA).

Create a cost and benefit analysis based on the consequences of data unavailability.

Evaluate options.

Designing and developing

Define the team structure and assign individual roles and responsibilities. For example, different teams are formed for activities such as emergency response, damage assessment, and infrastructure and application recovery.

Design data protection strategies and develop infrastructure.

Develop contingency scenarios.

Develop emergency response procedures.

Detail recovery and restart procedures.

Implementing

Implement risk management and mitigation procedures that include backup, replication, and management of resources.

Prepare the disaster recovery sites that can be utilized if a disaster affects the primary data center.

Implement redundancy for every resource in a data center to avoid single points of failure.

Training, testing, assessing, and maintaining

Train the employees who are responsible for backup and replication of business-critical data on a regular basis or whenever there is a modification in the BC plan.

Train employees on emergency response procedures when disasters are declared.

Train the recovery team on recovery procedures based on contingency scenarios.

Perform damage assessment processes and review recovery plans

Test the BC plan regularly to evaluate its performance and identify its limitations.

Assess the performance reports and identify limitations.

Update the BC plans and recovery/restart procedures to reflect regular changes within the data center.

Recovery-Point Objective (RPO):

This is the point in time to which systems and data must be recovered after an outage.

It defines the amount of data loss that a business can endure.

A large RPO signifies high tolerance to information loss in a business.

Example, if the RPO is six hours, backups or replicas must be made at least once in 6 hours.

Recovery-Time Objective (RTO):

The time within which systems, applications, or functions must be recovered after an outage.

It defines the amount of downtime that a business can endure and survive.

Businesses can optimize disaster recovery plans after defining the RTO for a given data center or network.

For example, if the RTO is two hours, then use a disk backup because it enables a faster restore than a tape backup.