Business Continuity Planning


 I have witnessed small and large organizations suffer significant financial losses during unplanned outages resulting from Super Storm Sandy to a simple server power supply failure. In every case, they had one thing in common, a lack of proper planning to address the crisis. A good DR plan is essential, but only one component of a Business Continuity Plan (BCP)  A business continuity plan looks beyond your IT infrastructure at all of your business processes. Each business process is evaluated through a process called Business Impact Analysis (BIA) . The BIA provides critical information that sets the foundation for the BCP. 
  
" Business impact analysis (BIA) differentiates critical (urgent) and non-critical (nonurgent) organization functions/activities. Critical functions are those whose disruption is regarded as unacceptable. Perceptions of acceptability are affected by the cost of recovery solutions. A function may also be considered critical if dictated by law. For each critical (in scope) function, two values are then assigned:
Recovery Point Objective (RPO) – the acceptable latency of data that will not be recovered. For example is it acceptable for the company to lose 2 days of data?[8]
Recovery Time Objective (RTO)  – the acceptable amount of time to restore the function.
The recovery point objective must ensure that the maximum tolerable data loss for each activity is not exceeded. The recovery time objective must ensure that the Maximum Tolerable Period of Disruption (MTPoD) for each activity is not exceeded.
Next, the impact analysis results in the recovery requirements for each critical function. Recovery requirements consist of the following information:
The business requirements for recovery of the critical function, and/or
The technical requirements for recovery of the critical function"

Ready.gov Resources:  https://www.ready.gov/business