The business recovery plan is one of the three parts of contingency planning and lies between the response plan and the continuity plan in terms of its duration. The response plan to be implemented initially is to combat active attacks, while in the longer term, a continuity plan is needed to secure the business.
We have recently been involved in cases where a company’s information systems have been damaged or destroyed as a result of a human error. The problem has been that information critical to business has been completely or partially destroyed. This has led to a paralysis of the business, either in part or in full, as the case may be. In general, there is no crisis plan for a situation of this style, but the situation has had to start from scratch to think about how things are going and what situation to recover to, and to find out if recovery is possible at all.
Unfortunately, backups and the creation of a continuity and recovery plan are often neglected, especially in small and medium-sized enterprises. Failure to do so is easy because of its cost, but in the event of damage, the company’s business and its continuity are at stake. Very many companies have come across NAS or other disk systems that can synchronize data between multiple locations. The company has a false sense of security that the information is backed up in more than one place. The problem is that in the event of an error, the data is deleted or corrupted, synchronization causes the data to be accessed in the same way in all places. In this case, without a proper backup system, the information is likely to be permanently lost to the sky wind.
Another possible situation is that the backup system exists, but the backup media is in the same fire compartment as the servers, resulting in the loss of both in the event of a fire. If all of the above are in order, then unfortunately, crisis recovery plans are often missing. A crisis recovery plan determines how information systems return to normal operation in the event of a problem (i.e., a crisis). One of the core areas of a recovery plan is to identify business-critical information. In addition, the recovery plan outlines measures for restoring from backups and prioritizing data and systems recovery from a business perspective.
What to consider
When designing its information systems as a whole, the company must consider how the data is backed up and retrieved, and what is the criticality rating of the services and information for the business.
Issues to be identified in the recovery plan:
• To what point should you be able to return (for example, the previous day or week)?
• How fast should the recovery take place?
• In the event of a major disaster, which executives are needed on site? (IT suppliers, business managers / directors, systems testers, own IT staff)
• Communication? Who is informed and how often? Who informs?
• Which systems are operationally critical in a larger problem situation? In what order should the systems be put back into operation?
These few simple questions, as they go through with the business, provide a comprehensive answer to how to proceed in a crisis situation and what is needed to recover from the situation. However, plans are not sufficient unless crisis management and recovery are practiced annually, preferably twice a year. In this case, when a crisis situation arises, the activity has been practiced in such a way that it already goes on a routine. As a result of the internship, the procedures are clear to all parties.