is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management, system backups, change control, and help desk. Business continuity is not something implemented at the time of a disaster
Business Continuity refers to those activities performed daily to maintain service, consistency, and recover-ability.
is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after natural or human-induced disaster. Disaster recovery is a subset of business continuity.
is a comprehensive organizational plan that includes the disaster recovery plan. A Business Continuity Plan (BCP) consists of the five component plans:
The first three plans (Business Resumption, Occupant Emergency, and Continuity of Operations Plans) do not deal with the IT infrastructure. They further state that the Incident Management Plan (IMP) does deal with the IT infrastructure, but since it establishes structure and procedures to address cyber attacks against an organization’s IT systems, it generally does not represent an agent for activating the Disaster Recovery Plan, leaving The Disaster Recovery Plan as the only BCP component of interest to IT.
Comes in various forms, each reflecting the corporation’s particular set of circumstances. The following are some of the general step required to develop and implement a plan.
Control measures are steps or mechanisms that can reduce or eliminate various threats for organizations. Different types of measures can be included in BCP/DRP.
Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure.
A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.
Types of measures:
These controls should be always documented and tested regularly.
The following is a list of the most common strategies for data protection.
In many cases, an organization may elect to use an outsourced disaster recovery provider to provide a stand-by site and systems rather than using their own remote facilities.
In addition to preparing for the need to recover systems, organizations must also implement precautionary measures with an objective of preventing a disaster in the first place. These may include some of the following: