What is BCDR? Business continuity and disaster recovery guide

Organizations embarking on a business continuity and disaster recovery planning process have numerous resources to draw upon. Those include standards, tools ranging from templates to software products, and advisory services.

“To build a plan, you have many templates that exist and many best practices and many consultants,” ESG’s Bertrand said. “There’s no reason not to have a strong DR plan.”

BCDR standards
Government and private sector standards bodies, including the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO), have published BCDR guidelines. The standards, which cover topics from crisis management to risk assessment, provide frameworks on which businesses can build their BCDR plans.

The following is a sampling of standards:

• ISO 22301:2019: Security and resilience — Business continuity management systems — Requirements
• ISO 22313:2012: Societal security — Business continuity management systems — Guidance
• ISO 22320:2018: Security and resilience — Emergency management — Guidelines for incident management
• ISO/IEC 27031:2011: Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity (being redeveloped as ISO/IEC WD 27031)
• ISO 31000:2018, Risk management — Guidelines
• ISO Guide 73:2009: Risk management — Vocabulary
• IEC 31010:2019: Risk management — Risk assessment techniques
• ISO/TS 22317:2015: Societal security — Business continuity management systems — Guidelines for business impact analysis (BIA) (to be replaced Business continuity and disaster recovery plan templates
  Templates provide preset forms that organizations can fill out to create BCDR planning documents. Some templates cover the BCDR plan as a whole or address particular aspects of the BCDR planning.

  This general BCP, for example, includes provisions for natural disasters, fires, network service provider outages and floods or other water damage. A planning template can also assist SMBs, which could simplify the process, depending on organization’s size and complexity.

  A BCDR plan might call for a service-level agreement (SLA), which sets standards for the quality of an organization’s BCDR recovery program. They can also help ensure services obtained through third parties, such as DR hot sites, perform at acceptable levels. This template addresses SLAs for BCDR programs.

  As noted above, conducting a BIA can help organizations with business continuity planning. This BIA report template provides a mechanism for documenting parent process, subprocesses and the financial and operational effects in the event of an interruption.

  Organizations can also benefit from scheduling BCDR activities for the ongoing care and maintenance of business continuity strategy. Activities range from scheduling a BIA to reviewing a technology disaster recovery plan.

  BCDR software
  Specialized BCDR software provides another tool for organizations ready to build a plan. BCDR products, sometimes referred to as business continuity software or business continuity management software, aim to help organizations build business continuity and disaster recovery plans. They typically cover a range of planning activities, such as BIA and risk assessment, and offer incident response capabilities.

  Vendors in the market include Assurance Software, Avalution Consulting, Continuity Logic, Dell Technologies (RSA Security), eBRP Solutions, Fusion Risk Management and SAI Global.

  BCDR planning services
  Another option is to outsource the organization’s BCDR needs to a third-party firm that can provide risk analysis, plan development and maintenance, and training. It’s incumbent upon the business to analyze its needs before selecting a BCDR firm, nailing down such information as what it wants to outsource, what services it expects of the vendor, the risks of an outsourcing agreement and how much it plans to spend.

  Potential sources of planning support include accounting firms, which can perform BIAs as part of the business continuity planning process. Accounting firms should typically be able to help clients determine the cost of workload outages, but buyers should ideally select a firm with experience in business continuity or IT resource planning, according to writer and former CIO Brien Posey. Consulting firms can also help with BCDR planning, Posey added.

  Managed service providers (MSPs) often serve as virtual CIOs for their SMB customers. In that role, MSPs can help with planning. Because their business is to manage a customer’s IT assets, they are able to develop a plan for dealing with technology outages.