{"id":124,"date":"2016-06-07T11:09:00","date_gmt":"2016-06-07T11:09:00","guid":{"rendered":"https:\/\/www.7sec.com\/blog\/?p=124"},"modified":"2021-06-10T13:15:04","modified_gmt":"2021-06-10T13:15:04","slug":"business-continuity-disaster-recovery-101","status":"publish","type":"post","link":"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/","title":{"rendered":"Business Continuity &#038; Disaster Recovery 101"},"content":{"rendered":"\r\n<p>Even when all else fails, there is still hope! Business Continuity Planning and Disaster Recovery Planning are here as the last resort to protect your business.<\/p>\r\n\r\n\r\n\r\n<p>Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are an organization\u2019s last corrective control when all other controls have failed! BCP\/DRP may prevent or provide a remedy for force majeure circumstances such as injury, loss of life, or failure of an entire organization.<\/p>\r\n\r\n\r\n\r\n<p>Furthermore, BCP\/DRP provide the advantage of being able to view the organization\u2019s critical processes and assets in a different, often clarifying light. Risk analysis conducted during a BCP\/DRP plan stage often leads to immediate mitigating actions.<\/p>\r\n\r\n\r\n\r\n<p>An eventual potentially crippling disaster may have no impact due to prudent <a href=\"https:\/\/www.7sec.com\/governance\/risk-management\/\" target=\"_blank\" rel=\"noopener\">risk management<\/a> steps taken as a result of thorough BCP\/DRP plans.<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\">HOW DO you BEGIN?<\/h4>\r\n\r\n\r\n\r\n<p>Developing a Business Continuity Planning and Disaster Recovery Planning are essential for a company\u2019s responsiveness and ability to recover from an interruption in normal business functions or catastrophic events. In order to ensure that all planning has been considered, the BCP\/DRP have a specific set of requirements to review and implement. Below are listed the high-level steps to achieving a sound, logical BCP\/DRP:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Define Project Scope;<\/li>\r\n<li>Business Impact Analysis;<\/li>\r\n<li>Identify Preventive Controls;<\/li>\r\n<li>Recovery Strategy;<\/li>\r\n<li>Plan Design and Development;<\/li>\r\n<li>Implementation, Training, and Testing;<\/li>\r\n<li>BCP\/DRP Maintenance.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\">what is the difference between BUSINESS CONTINUITY and DISASTER RECOVERY?<\/h4>\r\n\r\n\r\n\r\n<p>Business Continuity Planning\u00a0will ensure the business will continue to operate prior to, during, and after a disaster happens.<\/p>\r\n\r\n\r\n\r\n<p>The focus is on the business in its entirety and making sure critical services and functions provided by the business will still be performed, both if threatened by disruption as well as after the threat has subsided.<\/p>\r\n\r\n\r\n\r\n<p>Organizations need to consider common threats to their critical functions as well as any associated vulnerabilities that might facilitate a significant disruption. Business Continuity Planning is a long-term strategy for continued successful operation despite inevitable threats and disasters.<\/p>\r\n\r\n\r\n\r\n<p>Disaster Recovery Planning\u2013 while Business Continuity Planning is responsible for the strategic, long-term, business-oriented plan for uninterrupted operation when faced with a threat or disruption, the Disaster Recovery Planning will provide the tactics. In essence, DRP is a short-term plan for dealing with specific IT-oriented outages.<\/p>\r\n\r\n\r\n\r\n<p>Mitigating a virus infection with a risk of spreading is an example of a specific IT-oriented disruption that a DRP must address. The focus is on efficiently mitigating the outage impact and the immediate response and recovery of critical IT systems. Disaster Recovery Planning provides a means for immediate response to disasters.<\/p>\r\n\r\n\r\n\r\n<div class=\"wp-block-image filt_hue_50\">\r\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-125\" src=\"https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5.png\" alt=\"\" width=\"450\" height=\"450\" srcset=\"https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5.png 1000w, https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5-300x300.png 300w, https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5-150x150.png 150w, https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5-768x768.png 768w\" sizes=\"auto, (max-width: 450px) 85vw, 450px\" \/><\/figure>\r\n<\/div>\r\n\r\n\r\n\r\n<p>&nbsp;<\/p>\r\n\r\n\r\n\r\n<p>The relation between BCP &amp; DRP \u2013 the BCP\u00a0is an all-inclusive plan that includes, amongst multiple specific plans, the DRP\u00a0\u2013 the importance stems from the fact that the focus and process of these overlap critically.<\/p>\r\n\r\n\r\n\r\n<p>Continual provision of business-critical services facing threats is achieved with the aid of the tactical DRP. The plans, with their different scopes, are organically intertwined.<\/p>\r\n\r\n\r\n\r\n<p>In order to distinguish between a BCP and a DRP one needs to realize that the BCP is concerned with the business-critical function or service provided by the company, whereas the DRP focuses on the actual systems and their interoperability so the business function is performed.<\/p>\r\n\r\n\r\n\r\n<p><strong>SOME RELATED PLANS<\/strong><\/p>\r\n\r\n\r\n\r\n<p>As mentioned before, the Business Continuity Plan is an umbrella plan that contains other plans, in addition to the Disaster Recovery Plan:<\/p>\r\n\r\n\r\n\r\n<p>Continuity of Operations Plan (COOP) \u2013 describes the procedures required to maintain operations during a disaster. This includes the transfer of personnel to an alternative disaster recovery site and operations of that site.<\/p>\r\n\r\n\r\n\r\n<p>Continuity of Support Plan \u2013 focuses narrowly on the support of specific IT systems and applications. It is also called the IT contingency plan, emphasizing IT over general business support.<\/p>\r\n\r\n\r\n\r\n<p>Cyber Incident Response Plan (CIRP) \u2013 designed to respond to disruptive cyber events, including network-based attacks, worms, computer viruses, Trojan horses, etc.<\/p>\r\n\r\n\r\n\r\n<p>Business Recovery Plan (BRP) \u2013 also known as the business resumption plan, details the steps required to restore normal business operations.<\/p>\r\n\r\n\r\n\r\n<p>Crisis Communications Plan \u2013 used for communicating to staff and the public in the event of a disruptive event. Instructions for notifying the affected members of the organization are an integral part of any BCP\/DRP.<\/p>\r\n\r\n\r\n\r\n<p>Occupant Emergency Plan (OEP) \u2013 provides the response procedures for occupants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property.<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\">how does the testing work?<\/h4>\r\n\r\n\r\n\r\n<p><strong>IT STARTS WITH THE DISASTER RECOVERY PLAN<\/strong><\/p>\r\n\r\n\r\n\r\n<p>The Disaster Recovery Plan must be an actionable prescription for recovery. Writing the plan is not enough, thorough testing is needed. Information systems are in a constant state of flux, with infrastructure, hardware, software, and configuration changes altering the way the DRP needs to be carried out. Testing the details of the DRP will ensure both the initial and continued efficacy of the plan. The tests must be performed on an annual basis as an absolute minimum.<\/p>\r\n\r\n\r\n\r\n<p>Review\u00a0\u2013 the most basic form of initial DRP testing. It involves simply reading the DRP in its entirety.<\/p>\r\n\r\n\r\n\r\n<p>Checklist\u00a0\u2013 also referred to as consistency testing, lists all necessary components required for a successful recovery and ensures that they are, or will be, readily available should a disaster occur.<\/p>\r\n\r\n\r\n\r\n<p>Walkthrough\/Tabletop \u2013 the goal is to talk through the proposed recovery procedures in a structured manner to determine whether there are any noticeable omissions, gaps, erroneous assumptions, or simply technical missteps that would hinder the recovery process from successfully being carried out.<\/p>\r\n\r\n\r\n\r\n<p>Simulation (aka Walkthrough Drill) \u2013 goes beyond talking about the process and actually has teams carry out the recovery process. The team must respond to a simulated disaster as directed by the DRP.<\/p>\r\n\r\n\r\n\r\n<p>Parallel Processing \u2013 involves the recovery of critical processing components at an alternative computing facility, and then restore data from a previous backup. Regular production systems are not interrupted.<\/p>\r\n\r\n\r\n\r\n<p>Partial &amp; Complete Interruption \u2013 extreme caution should be exercised before attempting an actual interruption test. This test causes the organization to actually stop processing normal business at the primary location and use an alternative computing facility.<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>Even when all else fails, there is still hope! Business Continuity Planning and Disaster Recovery Planning are here as the last resort to protect your business. Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are an organization\u2019s last corrective control when all other controls have failed! BCP\/DRP may prevent or provide a remedy for &hellip; <a href=\"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Business Continuity &#038; Disaster Recovery 101&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,3,4],"tags":[112,121,110,120,119,114,116,115,122,118,111,113,117,123,124,78],"class_list":["post-124","post","type-post","status-publish","format-standard","hentry","category-compliance","category-integration","category-it-governance","tag-bcp","tag-brp","tag-business-continuity","tag-business-recovery-plan","tag-cirp","tag-continuity-of-operations-plan","tag-continuity-of-support-plan","tag-coop","tag-crisis-communications-plan","tag-cyber-incident-response-plan","tag-disaster-recovery-planning","tag-drp","tag-it-contingency-plan","tag-occupant-emergency-plan","tag-oep","tag-risk-management"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Business Continuity &amp; Disaster Recovery 101 - Information Security Blog - 7Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Business Continuity &amp; Disaster Recovery 101 - Information Security Blog - 7Security\" \/>\n<meta property=\"og:description\" content=\"Even when all else fails, there is still hope! Business Continuity Planning and Disaster Recovery Planning are here as the last resort to protect your business. Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are an organization\u2019s last corrective control when all other controls have failed! BCP\/DRP may prevent or provide a remedy for &hellip; Continue reading &quot;Business Continuity &#038; Disaster Recovery 101&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/\" \/>\n<meta property=\"og:site_name\" content=\"Information Security Blog - 7Security\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-07T11:09:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-10T13:15:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5.png\" \/>\n<meta name=\"author\" content=\"madmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"madmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/\",\"url\":\"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/\",\"name\":\"Business Continuity & Disaster Recovery 101 - Information Security Blog - 7Security\",\"isPartOf\":{\"@id\":\"https:\/\/www.7sec.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5.png\",\"datePublished\":\"2016-06-07T11:09:00+00:00\",\"dateModified\":\"2021-06-10T13:15:04+00:00\",\"author\":{\"@id\":\"https:\/\/www.7sec.com\/blog\/#\/schema\/person\/1abb37c561f43ccf0296b04701971f65\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/#primaryimage\",\"url\":\"https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5.png\",\"contentUrl\":\"https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5.png\",\"width\":1000,\"height\":1000},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.7sec.com\/blog\/#website\",\"url\":\"https:\/\/www.7sec.com\/blog\/\",\"name\":\"Information Security Blog - 7Security\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.7sec.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.7sec.com\/blog\/#\/schema\/person\/1abb37c561f43ccf0296b04701971f65\",\"name\":\"madmin\",\"sameAs\":[\"https:\/\/www.7sec.com\/blog\"],\"url\":\"https:\/\/www.7sec.com\/blog\/author\/madmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Business Continuity & Disaster Recovery 101 - Information Security Blog - 7Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/","og_locale":"en_US","og_type":"article","og_title":"Business Continuity & Disaster Recovery 101 - Information Security Blog - 7Security","og_description":"Even when all else fails, there is still hope! Business Continuity Planning and Disaster Recovery Planning are here as the last resort to protect your business. Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are an organization\u2019s last corrective control when all other controls have failed! BCP\/DRP may prevent or provide a remedy for &hellip; Continue reading \"Business Continuity &#038; Disaster Recovery 101\"","og_url":"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/","og_site_name":"Information Security Blog - 7Security","article_published_time":"2016-06-07T11:09:00+00:00","article_modified_time":"2021-06-10T13:15:04+00:00","og_image":[{"url":"https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5.png","type":"","width":"","height":""}],"author":"madmin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"madmin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/","url":"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/","name":"Business Continuity & Disaster Recovery 101 - Information Security Blog - 7Security","isPartOf":{"@id":"https:\/\/www.7sec.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/#primaryimage"},"image":{"@id":"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/#primaryimage"},"thumbnailUrl":"https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5.png","datePublished":"2016-06-07T11:09:00+00:00","dateModified":"2021-06-10T13:15:04+00:00","author":{"@id":"https:\/\/www.7sec.com\/blog\/#\/schema\/person\/1abb37c561f43ccf0296b04701971f65"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.7sec.com\/blog\/business-continuity-disaster-recovery-101\/#primaryimage","url":"https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5.png","contentUrl":"https:\/\/www.7sec.com\/blog\/wp-content\/uploads\/2021\/04\/cont5.png","width":1000,"height":1000},{"@type":"WebSite","@id":"https:\/\/www.7sec.com\/blog\/#website","url":"https:\/\/www.7sec.com\/blog\/","name":"Information Security Blog - 7Security","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.7sec.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.7sec.com\/blog\/#\/schema\/person\/1abb37c561f43ccf0296b04701971f65","name":"madmin","sameAs":["https:\/\/www.7sec.com\/blog"],"url":"https:\/\/www.7sec.com\/blog\/author\/madmin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.7sec.com\/blog\/wp-json\/wp\/v2\/posts\/124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.7sec.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.7sec.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.7sec.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.7sec.com\/blog\/wp-json\/wp\/v2\/comments?post=124"}],"version-history":[{"count":10,"href":"https:\/\/www.7sec.com\/blog\/wp-json\/wp\/v2\/posts\/124\/revisions"}],"predecessor-version":[{"id":279,"href":"https:\/\/www.7sec.com\/blog\/wp-json\/wp\/v2\/posts\/124\/revisions\/279"}],"wp:attachment":[{"href":"https:\/\/www.7sec.com\/blog\/wp-json\/wp\/v2\/media?parent=124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.7sec.com\/blog\/wp-json\/wp\/v2\/categories?post=124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.7sec.com\/blog\/wp-json\/wp\/v2\/tags?post=124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}