Business Continuity and Disaster Recovery are entirely different strategies despite their similarities. Business Continuity is to ensure that the business continues executing critical business processes. Disaster Recovery outlines the processes and procedures to restore vital technology to execute those business processes.

In Part 13 of our Business Continuity Planning series, we discussed how to design a business recovery strategy. This article will cover the final stages of building a BCP. You will learn:

• how to conduct awareness workshops

• how to test your recovery strategy

• how to document your BCP how to operationalize your BCP

In Part 12 of our Business Continuity Planning series, we discussed the key inputs you need to define your organization’s recovery strategy, as well as the advantages of having a secondary physical location that can be used as a recovery site. In this article, we will discuss the components of the recovery strategy that are necessary to document and operationalize.

In Part 11 of our Business Continuity Planning series, we discussed some of the key aspects of building a recovery strategy, such as disaster categorization and classification. In this article, we will discuss what you should consider when designing your recovery strategy.

A well executed recovery strategy could mean the difference between your organization bouncing back after a disaster or never recovering. While there are countless potential disasters you can face, if you can categorize them into two or three simple groups and assess the severity of the risks, you will find it much easier to respond quickly and effectively when something does happen.

Once your team has prepared for the risk assessment phase, you should identify the risks to the key processes (and their dependencies, including manpower, office, information and hardware). Once identified, these risks should be analyzed and ultimately their severity and likelihood should be evaluated. These findings should then be discussed with enterprise risk teams, GRC, department heads, presented to the applicable committee(s) and transferred to your enterprise risk management team for tracking.

Once the business impact reporting is done, preparation to conduct risk assessment must commence. The scope and context for the risk assessment must be defined and the analysts must be identified. A framework to conduct the risk assessment must be developed or adopted, depending on the availability of such a framework in your organization. Then you need to conduct a workshop with the risk management team to discuss your plan, incorporate their feedback and then present the strategy for this phase of the program to the committee and the champions.

In this article, we will look at the post-interview analysis, clarifications stage and the process for reporting and acceptance.

In Part 6 of our Business Continuity Planning series, we discussed the preparations required to conduct interviews for a business impact analysis (BIA). In this article we will discuss conducting interviews with your selected champions and subject matter experts (SMEs) for the analysis.

Business impact analysis is a crucial part in planning for business continuity, so designing a thorough  data collection template is essential. The template must be designed according to your company needs and then tested with some real business scenarios. Only then, can you confirm the interview schedules and officially begin conducting your analysis. In this article, we will discuss preparing for business impact analysis which is part of the planning stage of the program.