It’s not often that businesses face catastrophic events, but they should still plan for natural disasters, security threats, and power outages. If organizations want to ensure a smooth recovery process and continuity of operations, developing their own Disaster Recovery (DR) and Business Continuity Plan (BCP) - as well as reviewing the plans of their vendors - can help.
While IT teams have long thought through how to manage potential disturbances to their information systems, it’s no longer only for IT to consider. BC/DR has been thrust into mainstream consciousness, in large part due to the COVID-19 pandemic and its impact on businesses.
While we hope to never rely on a DR/BCP, they provide teams and customers with the peace of mind that their data is secure and reachable if anything were to happen.
BCP specifies how an organization will prevent disruption in the event of an unexpected outage or disaster. It also lays out how they plan to circumvent potential threats. The main goal of the BCP is to inform how a company ensures operations continue uninterrupted during extenuating circumstances or an unforeseen disaster.
While similar to a BCP, Disaster Recovery specifies how an organization plans to return a platform or service to working order after a disaster. Thus, the DR assumes there may be a period where systems and processes are not functioning properly. The goal of an effective Disaster Recovery Plan is to minimize disruption time. As such, it includes protocols to help get all aspects of a business running again quickly.
Although both ensure that an organization is prepared for emergencies, the difference between disaster recovery planning and business continuity planning is important to understand. Disaster recovery involves getting all essential processes, such as IT infrastructure and operations, running after an unexpected outage. Business continuity, however, explains how operations will be maintained during a pandemic or disaster.
It’s important to remember that your BCP/DR extend to your software vendors, too.
When considering a software vendor or re-evaluating an existing investment, understanding their DR/BCP is an important step. If your vendor doesn’t have a plan in place before a crisis, your business processes could come to a halt. These plans should also be regularly reviewed. Here at Rethink, we ensure our DR/BCP are up to date with regular audits and SOC reports.
Below are some important criteria to consider when reviewing a vendor’s DR/BCP frameworks.
Your vendor should be able to work remotely or from a separate location if their physical business is inaccessible for any reason. Thus, the vendor should document how staff will access tools and administrative portals remotely, such as through a VPN. Essentially, a disruption to your vendor’s physical offices should not equate to a change in your service.
Regardless of a disaster or pandemic, your data security should always be top of mind. Your vendor should have clear safeguards to ensure your data is never compromised.
If the vendor has to execute their disaster recovery plan, the time to getting your services back up and running should be minimal. secure backup location ensures your data is accessible. For example, if you rely on a vendor to host your data, a server outage should not impact your ability to access the data from a secure backup location.
If a data breach or unforeseen crisis occurs, your vendor should have clear protocols and multiple options for contacting you. That way, your team is kept in the loop and can plan accordingly.
Some questions regarding the vendor’s communication practices may include:
Today, most software systems you rely on will work with third parties of their own. Thus, understanding how they vet and monitor the protocols of their third-party providers is an important step, as their data management policies essentially become your own.
A software vendor should have clear policies for reviewing and auditing their third parties DR and BCP.
When we create a disaster recovery and business continuity plan, our goal is to be as prepared as possible for any unforeseen disasters. Along with developing your own policies, you also want to ensure your software vendors have effective DR/BCPs to guarantee the security of your data and continuity of operations.
This article was originally published in April 2020.
Subscribe to our newsletter for the latest property tax management tips, tools, and resources right to your inbox