When an organisation’s operations function as expected, we can focus on delivering our best products and services. But our operating environment doesn't always work as expected – sometimes due to the complexity of today’s organisations and sometimes due to natural events. For those times, a plan is needed to guide decisions and actions to keep things going and minimise impact on key stakeholders.
This guide provides an overview of the importance of a business continuity plan and disaster recovery plan. In working through the requirements of these plans, an organisation must identify:
- activities that allow for the delivery of key products and services
- possible threats to these key activities
- where contingences may be needed to enable continuity through times of crisis.
What is a business continuity plan?
A business continuity plan is a document that answers the question, 'How do we continue to deliver our services and products after experiencing a major disruption?'
The disruption can be caused by a variety of threats.
Typically, the focus of business continuity is on continuing to provide core services, with other activities suspended until the organisation can recover completely. The plan outlines the procedures to be followed in the event of a disruption. These procedures may include:
- alternative communication options with staff, suppliers and clients
- backup equipment providers to be contacted
- manual processes are to be followed.
Why it's important to have a business continuity plan
With the events of the COVID-19 pandemic, organisations have had to pivot quickly to working in different ways to ensure continuity of service delivery. A pandemic is one of a variety of threats that an organisation can face that can affect the continuity of operations within an organisation.
Ensuring business continuity is a key element of good governance and requires organisational leadership buy-in to work. Depending on the size of the organisation, business continuity can fall to a small number of people, or to a team.
While a plan on paper is important, it is important to exercise a business continuity plan on a regular basis. This will ensure that the requirements of the plan become ingrained in the mindset of the leadership and other relevant organisational stakeholders. It will help identify gaps in processes that can be resolved prior to a real-life deployment.
The plan must also be reviewed and updated regularly as the organisation develops and internal and external factors evolve, requiring modifications to the actions outlined in the plan.
A business continuity plan is not the same thing as a disaster recovery plan. A disaster recovery plan, which usually sits within a business recovery plan, is a plan for recovering technical infrastructure, including technology platforms and telecommunications infrastructure, after a major incident.
What is a disaster recovery plan?
Every organisation needs a disaster recovery plan. It usually sits within the wider-ranging business continuity plan. The disaster recovery plan assists in recovering from disruptive events that impede access to essential technical infrastructure and/or data that support key business services.
A disaster recovery plan refers to the specific parts of the business continuity plan that focus on an organisation’s activities relating to digital technology, communications, and IT systems. The emphasis is on restoring technology to allow the organisation to gain full access to reliable data.
The plan sets out how an organisation can recover access to critical data and technology systems after a disruption. While the focus is on recovering the technical components required for the organisation to function, business stakeholders must be involved to define the timeframes and other requirements necessary for the disaster recovery exercise to be successful.
Why it's important to have a disaster recovery plan
Technical infrastructure and IT systems are increasingly an essential element of any organisation’s operations. For example, email systems and constituent relationship management (CRM) systems are critical to the day-to-day functions of most service-delivery not-for-profits.
Determining the potential consequences of a technology disruption event to an organisation is important to minimise impact of the disruption to internal and external stakeholders. Identifying the expected availability requirements of technical systems and the contingencies that may be needed to meet these requirements allows an organisation to be better prepared for disaster.
The development and maintenance of a disaster recovery plan requires input from senior leadership as well as from members of the internal technical team or IT support provider.