The Contingency Management aspect of Business Continuity

A disaster is an event that causes an unplanned or extended interruption in service that has the potential to affect the operations or finances of the business or its customer. A disaster goes beyond the scope of daily operations or emergency response procedures.

Disaster recovery is the process of responding to a disaster to ensure that support for critical business functions resume as quickly as possible. It minimizes lost dollars, transactions, and information. Disaster recovery also ensures repair or replacement of the stricken facility as quickly as possible. When a disaster occurs, it is necessary to execute a Disaster Recovery Plan, which provides for recovering information processing services within agreed upon service-level requirements.

Planning for the recovery and continuation of critical business functions after a service disruption is an increasingly important function. Businesses use computers extensively and depend on them for daily business operations, thus, any service interruption is very undesirable. To minimize the impact and risk of a service interruption, a company needs to identify business functions that are critical to the business, to define goals for contingency management, and to implement quality prevention and recovery plans. A disaster recovery plan should be documented for each company site. The plan should describe the contingency plans, required resources, recovery procedures, and team responsibilities to recover services.

Recovery planning involves developing strategies, procedures, and plans to recover services following a service interruption or loss. It also involves translating service level requirements into technical solutions. Recovery planning involves the development of logically and physically related software, hardware, facilities, network, data, people, and processes into a predefined set of solutions that facilitate service restoration over time.

Businesses should also ensure that the recovery plans for their organizations, service providers, and customers are integrated, in order to result in effective recovery of information processing and services within customer defined requirements.

To improve the effectiveness and integration of recovery plans, businesses should test their recovery capabilities periodically. Specific objectives should be defined and the results of the recovery tests documented. Businesses should then review test results, suggest needed improvements, and submit business proposals which enhance the recovery process.

No solution is foolproof. As a prudent planner, you need to make allowances for the unexpected. Because business continuity is essential in virtually every e-business environment, you need to identify critical business processes and assets, and know what should trigger recovery procedures. It's also very important to identify which recovery roles and responsibilities belong to IT, and which are best assigned to other parts of the organization.