Business Continuity & Disaster Recovery (BCDR)
Business Continuity (BC)
Business Continuity is a set of activities aimed to reduce damages and impacts, caused by disasters and security incidents, in order to reach an acceptable level, using a combination of preventive controls and recovery activities. Therefor an integrated framework is established for processes planning and implantation security controls and countermeasures in order to prevent business core provided services’ disruption, Interruption or slowness
Business continuity framework consists of the following stages/activities:
➢ Business Impact Analysis (BIA)
Qualitative and quantitative analysis that estimate impacts on business processes and resources, that are being employed for services supply, as a result of services unavailability. Contemplated economic/financial impacts can be either, direct impacts (for example financial loss and legal sanctions) or indirect impact (for instance reputation loss or service restore expenses).
➢ RA (Risk Analysis)
evaluating risks that are associated to resources that support business processes in relation to the likelihood of occurrence of a security incidents (threat), to the related exposure level (vulnerability) and on the impacts consequences that might affect the services supply basis.
➢ Combined analysis of the RA and BIA results
are carried out for a correlation between impacts (evaluated in the BIA stage) and causes (considered security incidents in the RA stage). The best business Continuity strategy (related to services supply) then is identified based on the above mentioned combined analysis.
➢ Costs /benefits are aimed to:
- Defining accepted impacts and risks thresholds;
- Identifying assets that to include in the Risk Treatment and/or Business Continuity;
- Selecting an adequate Business Continuity.
➢ Risk Treatment Plan and Business Continuity Plan development
an appropriate emergency plan that leads business administrations in managing risks they are subject to and risks enterprises assets are exposed to. This is by identifying and listing actions that are to be formerly, temporarily and subsequently undertaken in case of emergency, in order to assure the continuity of services and the engaged actors availability.
This documenti is mainly aimed to maximize efficiency when dealing with an emergency, by planning and specifying all needed actions, assigning responsibilities and identifying a process to follow. (identifying: “who” should do “what” and “when”)
Disaster Recovery Plan is a key element as it makes part of the Business Continuity planning process. Disaster Recovery Plan technically specifies precautions to be taken and activities to be carried out in order to secure data and protect business functions from attacks or disasters, as well as restoring systems, data and infrastructures that are necessary for supplying the core business services. Therefore Business Continuity imposes a thorough evaluation that is aimed to:
- Identifying the enterprise core activities
- Estimating economic/financial impacts induced by a temporary or permanent unavailability of each business process in relation to the enterprise overall context.
These steps allow to figure out an overview of the domain continuity and:
- Suitable Business Continuity stratetgy for impacts profiles and organization missions
- Business Continuity Plans (BCPs), or rather technological, organizational and procedural implementation aspects that are guaranteed, in accordance with the identified strategies and the availability of resources necessary for carrying out enterprise processes which are crucial for the business mission continuity.