Business Continuity, Critical Path, and Critical Operations are concerned with how you keep the business going.
Mission critical functions are functions you require to keep the business going, such as web servers, firewalls, power to the facility, etc. (this also includes staff needed to operate equipment and application troubleshooting). For example, an ecommerce site would need to keep its sales and inventory fully functional to maintain operations.
If a disaster happens, business continuity has failed in some regard, and contingency operations will be initiated, this basically means that critical stuff mentioned above will be brought up and functional first.
Once contingency procedures have brought the critical functions back, disaster recovery would be initiated, which represents the efforts needed to transition from contingency operations to normal operations. Here is a breakdown of the order:
- Business continuity – mission critical
- Contingency operations
- Disaster Recovery
The acronym “BCDR” is frequently used for business continuity and disaster recovery, however you can use the acronym to visualize the order in which recovery procedures should be done at a high level.
BC and DR efforts are often performed concurrently by the same or related functions in the organization.
A plan should be developed either for BC and DR separately, or together as BCDR plan.
Recovery Objectives
Recovery objectives need to be determined by senior management. Here are the terms to be familiar with:
Maximum allowable outage (MAO) – previously known as MTD and MAD, this is the maximum time operations can be down before business goes under.
Recovery point objective (RPO) – the maximum data that can be lost before a business goes under (measured in time).
Recovery Time Objective (RTO) – the preferred amount of time biz operations can be down (the key word here would be goal).
Determining the critical path
So how is the mysterious critical path determined? The primary tool to be aware of is the Business Impact Analysis (BIA) – a tool or template that contains asset values, the business impact if there is a loss, and possible threats to the organization.
Methods of conducting the BIA include:
- Internal survey – talk to the asset owners; this can be informative but can also be biased
- Financial audit – audits are thorough but might not be accurate for value fluctuations
- Customer responses/surveys – such surveys only see the customer’s view, not the whole organization, operations, or the whole value chain