BCP & DR

Introduction

The Business Continuity Plan (BCP) is a set of documents that covers the way a business plans for, and maintains critical business functions, before, during and after a disaster. The main reason companies implement a plan is so that they can continue to provide their services and products to customers. If a disaster happens and the company is not able to deliver to customers, there is a risk that customers will go to another company (which could lead to a loss of customers and income).

Disaster Recovery (DR) is more focused on what happens after a disaster. While the BCP focuses on the whole business, DR plans tend to focus more on the technical side of the business, including areas such as data backup and recovery, and computer systems.

While these two plans are slightly different, they do share the same common goals – which is to support the company during and after a disaster. Jovasi Technology recommends that organisations tailor their BCP & DR plans around the ISO 22301 certification, which is an industry recognised standard. The ISO 22301 standard is designed so that any organisation (regardless of its size or complexity) can benefit from its implementation to manage their overall business risks and develop the capability to plan for, and respond to, incidents and business disruptions.

The consequences of incidents or unexpected disruptions may be far-reaching and might involve loss of life, loss of assets, or the inability to deliver products and services on time, which the organisation's survival might depend. The BCM plan identifies the products and services that are crucial to the organisation’s survival, and helps to establish what responses will be needed if a disruption occurs.

Benefits

Minimise the disruption to your organisation by planning ahead.

Improve your crisis management methods to deal quickly with any disruption.

Define acceptable timescales for resuming business activities.

A recognised BCMS will increase client confidence in your organisation.

Continually improve your BCMS by conducting regular audits and testing.

Enhance your reputation with customers by demonstrating your commitment to maintaining excellent service.

Testing

There is no doubt that testing a plan is the only way to truly know it will work, and it is recommended that organisations test their plans at least once a year. Whilst it isn't always convenient to simulate a full disaster, there are different testing options that can be used to provide an opportunity to identify issues in the business continuity plan:

Table top exercise - This usually occurs in a conference room with the team working through the plan, looking for gaps and ensuring that all business units are represented therein.
Structured walk-through - Each team member walks through his or her components of the plan in detail to identify weaknesses. Often, the team works through the test with a specific disaster in mind. Any weaknesses should be corrected and an updated plan distributed to all pertinent staff.
Full simulation - This type of test is the most accurate, as it involves simulating a disaster in full (with all the equipment, supplies and personnel that would be needed). The purpose of a simulation is to determine if you can carry out critical business functions during the event.

Services

Jovasi Technology can help your organisation develop business continuity and disaster recovery plans, identify key personnel and help test your plans.

Business Continuity

Onsite meetings.
Business impact analysis
Continuity team creation
Plan creation
Optional BCP testing.
Telephone & e-mail support.

From £750 +VAT

Quote

Disaster Recovery

Onsite meetings.
Continuity team creation
Plan creation
Optional DR testing.
Telephone & e-mail support.

From £550 +VAT

Quote

Additional Services

In addition to the development of business continuity and disaster recovery plans, Jovasi Technology can also certify your company with the ISAME certification and help your company gain the ISO 22301 accreditation. In order to remain compliant, organisations must conduct continually test and improve their Business Continuity Plan.

Datasheet

Business Continuity & Disaster Recovery Datasheet (175Kb)

Frequently Asked Questions

Is it possible to implement ISO 22301 without ISO 27001?Yes, but the emphasis will be on business continuity & disaster recovery only, and not on the wider aspects of information security.
How long does it take to implement ISO 22301?This depends on the size of the organisation, but can take anything from about 5 days to 2 months.
Does ISO 22301 have to be implemented throughout the entire organisation?No, it is possible to set the scope of implementation for only one part of the organisation (e.g. specific locations/countries). However, for smaller organisations, it is recommended to cover the whole organisation.
Can Jovasi Technology certify us to ISO 22301?No, as we only provide the documentation, training and support towards the certification. The certification itself must be made by an accredited certification body (which we can work alongside as part of the process).
What is business continuity management (BCM)?It is a range of internal or external risks that could negatively impact your organisation (any event that interferes with the normal running of your business). Business continuity management is the planning process and activities used to identify those aspects of your business.
What is the relationship between ISO 22301 and ISO 27001?ISO 22301 is not part of ISO 27001, but there is a degree of overlap in requirements, particularly with reference to ISO 27001’s risk management requirements.