Dyson College of Arts and Sciences
Issue link: http://dysoncollege.uberflip.com/i/128987
disruptive event takes place. This plan concerns the entire organization, including any disaster recovery departments or teams that have been created by the IT unit. The BCP aims at providing the feasible restoration of all business operations, including information technology, in a prompt manner. The BCP will contain, for each functional unit and its departments, a description of all the requirements that are necessary to continuing their operations. Let us examine the BCP definition proposed by The Business Continuity Institute (Business Continuity Institute, 2010): "BCP is a holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience with the capacity for an effective response that safeguards the interests of key stakeholders, reputation, brand, and value creating activities." This definition introduces several important requirements for the business continuity process. It emphasizes that the main objective for business continuity is to safeguard the interests of stakeholders, reputation, brand, and value-creating activities. The business continuity process establishes a comprehensive framework for building resilience through scanning the environment for potential business disruption threats, measuring and managing risks, and devising an effective business continuity response system. What Is a Disaster Recovery Plan? A disaster recovery plan is the sequence of steps approved by management to recover from a disruptive incident so that business may be restored to an acceptable level of operation. A disruptive incident may be as small as a faulty switch, or as large as the work of terrorism. These undesired incidents may be the work of nature, as in fires, earthquakes, floods, storms, and so on; the work of man, such as man-made attacks, a workers' strike, malicious programs, viruses, and so on; or the work of technology, such as network congestion, malfunctioning hardware, or faulty telecommunication devices. Why Do We Need a Disaster Recovery Plan? Unfortunately, there is probably nothing easier than justifying the need of a disaster recovery. Terrorism is on the rise. Internet attacks are on the rise. Natural threats and unpredictable weather changes are on the rise. Our dependency on technology is on the rise. Our exposure to unsafe global computing, as well as open connections to the Internet and, consequently, to the rest of the world, are on the rise (Raggad, 2010). We may need to fight on multiple fronts in order to protect the organization. We need to fight terrorism every single day. Even though the likelihood of this threat seems to be low, its high impact will make it a high priority for the organization. It is better to be safe than sorry. Readiness of the organization to respond to any type of threat is an important rule of thumb, despite any risk and feasibility equations that may say otherwise. Figure 1 illustrates the effects of natural, man-made, technological, and biological threats on an organization's computing environment. The disaster recovery is in fact IT recovery as business continuity is restored by restoring the computing environment. The restored computing environment may not be good enough to resume the business configuration that was in place when the disaster occurred. 60