Business continuity

Beyond the Disaster Recovery Plan

In the digital age, organizations are forced to digitize their entire activity, at the strategic, management and operational levels. In this context, protecting against cyber threats becomes a key aspect when it comes to guaranteeing the continuity of their operations, intrinsically linked to their information systems.

Business continuity

Continuity: applying availability measures

The words continuity, disaster recovery and cyber-resilience are increasingly heard as solutions to recover from a disruptive incident that affects the information systems on which the business is based.

Continuity can be seen as a derivative of information security, focusing essentially on the availability dimension.

The application of availability measures in organizations is not something new; measures have already been taken (albeit at a minimum level and of a purely technical nature), such as backing up. For some time now, Spain has had legislation on protection, requiring backups (at least of personal data), which in some way boosted the application of certain measures to improve availability.

The irremediable evolution of availability measures

Undoubtedly, these availability measures, applied so far, are beginning to be insufficient in a reality in which factors change at a rapid pace from several fronts:

Business continuity

Continuity goes from punctual action to global strategy

All indications are that organizations should consider a new approach to continuity that not only consists of having backup mechanisms, but also of having a backup and recovery strategy aligned with the current environment (new threats and legal requirements) and the needs of the business.

Business continuity

Continuity Plan

In the first instance, organizations should undertake a Business Impact Analysis (BIA) that calculates the damage caused to the organization by the unavailability of resources for a disruptive incident based on time and, based on the results of this analysis, determine maximum recovery times.
Depending on these recovery times, different backup and recovery strategies will be determined and, therefore, the Continuity Plan, including the Disaster Recovery Plan (DRP). It is important that the owners of the corporate processes and the management are involved in this analysis, since it is they who have the criteria to better assess the consequences of unavailability of operations.
Among the business impact analysis methodologies, MAGERIT should be highlighted, which can be addressed using the PILAR tool.
This exercise is key to optimize the investment in Continuity, since the resources will be recovered to the extent that it is not more expensive to recover them than what is lost due to their unavailability. Just as investments in security must be approached according to risks, in the case of continuity, backup and recovery investments must be made according to the impacts of unavailability.

Business continuity

Continuity Management

Having mechanisms of Continuity is not enough, continuous maintenance and improvement is necessary if we do not want these mechanisms to cease to be effective over time.
And in order to manage continuity, a management framework is needed that contemplates the entire life cycle (planning, implementation of plans, tests, improvements) without leaving aside the training and awareness of those involved, as well as the active participation and support of the management.
Management can be based on the international standard ISO 22301, which contemplates the aforementioned cycle (PDCA cycle: Plan, Do, Check, Act) and, furthermore, compliance is certifiable by an accredited entity.

The Technological Response to Continuity

The technology market, aware of the growing needs for cyber-resilience, also offers much more advanced and sophisticated continuity solutions than there were a few years ago. From cloud backup to online backup platforms in record time.

Keys of Continuity

  • Backup and Recovery Strategy

    Backup and Recovery Strategy

    Based on a business impact analysis involving management.

  • Compliance

    Compliance

    Appropriate consideration of normative requirements or standards related to Continuity.

  • Management strategy

    Management strategy

    An adequate management framework covering the entire life cycle (Plan, do, Check, Act).

This will ensure that we minimise the impact of a disruptive incident on the continuity of our operations, while optimising the costs associated with the mechanisms used to implement this continuity.

Related Services

  • Strategic security. Governance, risk and compliance

    Strategic security. Governance, risk and compliance

    IT Consulting ranging from Information Security Management System (ISMS) – ISO 27001, National Security Scheme (NSS), Data Protection Regulation: GDPR and LOPD-GDD, PCI-DSS and PSD2, PIC Law and NIS Law, Risk Analysis and Security Master Plan, BIA, Continuity Management (ISO 22301) and DRP, Virtual CISO, Virtual DPO and PMO for Cybersecurity, Training and awareness-raising.

    More about this service

Related Products

Related Insights