A business must always be prepared to deal with the threats that endanger its existence and continued operation. If no coping plan is in place, a disaster may potentially cause devastating results.
There are three main types of plans that help organizations become ready for disasters. They are: IT Disaster Recovery (DR) plans, Business Continuity (BC) plans, and Pandemic plans.
Some companies will prepare each type of plan, while others may only use one or two of the three. It depends on the types of danger a business is exposed to, and how threatening company stakeholders determine those dangers to be.
IT Disaster Recovery plan
A DR plan is designed to prepare a company for transitioning IT systems and services to an alternative location when a disaster strikes, or when disruption to “data centre” operations is imminent. The plan describes which critical systems will be moved, the protocol for moving them, who will execute the plan, and what conditions warrant abandonment of the primary “data centre” site.
Business Continuity plan
A BC plan is drawn up to ensure that selected services and operations are continued through alternative means in the wake of disaster, or an anticipated disruption. BC plans require different information than DR plans because they prepare to re-locate functions, people and operations to a new site, not just IT systems, though they operate in a similar manner. Like the DR plan, the BC plan outlines protocol, roles, and escalation.
Pandemic plan
A Pandemic plan describes the preparations to continue selected services and operations through alternative means in the event of an epidemic. Unlike DR and BC plans, this may not include moving anything to a new location. Instead, a pandemic plan prepares a company to continue operating in situ, reducing service levels and maintaining focus on the most critical business functions, when a large percentage of staff is unable to perform at a single moment in time.
The types of plans, and the nature of each plan that a company prepares, will always depend on the threats facing them. For example, a company operating near a coast, at sea level, will need a DR plan that focuses on reacting to high tides or floods. Alternatively, a company operating in a location that is on the World Health Organization disease “hot list” should have a Pandemic plan.
To understand the preparations that will best serve a company, a risk and threat assessment should be conducted. This investigation identifies the most pressing dangers at hand, allowing an organization to prepare itself, based on greatest level of exposure.
