business continuity disaster recovery plan case study

Disaster Recovery Plan for Business Continuity: Case Study in a Business Sector

26 Pages Posted: 27 Aug 2018 Last revised: 13 Mar 2020

Jacob Joseph Kassema

Freelancer / Independent

Date Written: June 16, 2016

An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned incidents that threaten an IT infrastructure, which includes hardware, software, networks, processes and people. Protecting your organization's investment in its technology infrastructure, and protecting your organization’s ability to conduct business are the key reasons for implementing an IT disaster recovery plan. As IT systems have become increasingly critical to the smooth operation of a company, and arguably the economy as a whole, the importance of ensuring the continued operation of those systems, and their rapid recovery, has increased. This study found that, most of the companies that had a major loss of business data, 43% never reopen and 29% closed within two years. As a result, preparation for continuation or recovery of systems needs to be taken very seriously. This involves a significant investment of time and money with the aim of ensuring minimal losses in the event of a disruptive event. That is why this study concluded that, it is important to make sure that all the production and business operation systems are properly backed up with an appropriate technology for easy and quick recovery for business continuity in case of any disruption may occur.

Keywords: IT Disaster Recovery, Disaster Recovery, Business Continuity Plan

Suggested Citation: Suggested Citation

Jacob Joseph Kassema (Contact Author)

Freelancer / independent ( email ).

United States 5043870732 (Phone)

Do you have a job opening that you would like to promote on SSRN?

Paper statistics, related ejournals, io: productivity, innovation & technology ejournal.

Subscribe to this fee journal for more curated articles on this topic

Organizations & Markets: Policies & Processes eJournal

Information systems ejournal, applied computing ejournal, high performance computing ejournal.

(888) 244-1912
[email protected]

Understanding Business Continuity vs BDR: A Guide
About Invenio IT
Business Continuity

7 Real-Life Business Continuity Plan Examples You’ll Want to Read

May 13, 2024
11 min read

It’s no secret that we believe in the importance of disaster preparedness and business continuity at every organization. But what does that planning actually look like when it’s put to the test in a real-world scenario?

Today, we look at 7 business continuity examples to show how organizations have worked to minimize downtime (or not) after critical events.

Business Continuity Examples & Failures

1) ransomware disrupts ireland’s healthcare system.

For years, healthcare organizations have been a top target for ransomware attacks. The critical nature of their operations, combined with notoriously lax IT security throughout the industry, are a magnet for ransomware groups looking for big payouts.

But despite the warnings, healthcare orgs still remain vulnerable. A prime example was the 2021 ransomware attack on Ireland’s healthcare system (HSE) – the fallout from which was still being felt nearly a year later.

According to reports, the attack had a widespread impact on operations:

Dozens of outpatient services were shut down
IT outages affected at least 5 hospitals, including Children’s Health Ireland (CHI) at Crumlin Hospital
Employee payment systems were knocked offline, delaying pay for 146,000 staff
Covid-19 test results were delayed and a Covid-19 vaccine portal went offline
Appointments were canceled across numerous facilities and medical departments
Near-full recovery and restoration of all servers and applications took more than 3 months

All told, the attack was projected to cost more than $100 million in recovery efforts alone. That figure does not include the projected costs to implement a wide range of new security protocols that were recommended in the wake of the attack.

Like several of the business continuity examples highlighted below, the Ireland attack did have some good disaster recovery methods in place. Despite the impact of the event, there were several mitigating factors that prevented the attack from being even worse, such as:

Once the attack was known, cybersecurity teams shut down more than 85,000 computers to stop the spread.
Disaster recovery teams inspected more than 2,000 IT systems, one by one, to contain the damage and ensure they were clean.
Cloud-based systems were not exposed to the ransomware.

However, there was some luck involved.

As HSE raced to contain the damage from the attack and secured a High Court Injunction to restrain the sharing of its hacked data, the attackers suddenly released the decryption key online. Without that decryption, HSE would not have had adequate data backup systems to recover from the attack. As the group concluded in its post-incident review :

“It is unclear how much data would have been unrecoverable if a decryption key had not become available as the HSE’s backup infrastructure was only periodically backed up to offline tape. Therefore it is highly likely that segments of data for backup would have remained encrypted, resulting in significant data loss. It is also likely to have taken considerably longer to recover systems without the decryption key.”

2) The city of Atlanta is hobbled by ransomware

There has been no shortage of other headline-making ransomware attacks over the last few years. But one that stands out (and whose impact reverberated for at least a year after the incident) was the March 2018 SamSam ransomware attack on the City of Atlanta .

The attack devastated the city government’s computer systems:

Numerous city services were disrupted, including police records, courts, utilities, parking services and other programs.
Computer systems were shut down for 5 days, forcing many departments to complete essential paperwork by hand.
Even as services were slowly brought back online over the following weeks, the full recovery took months.

Attackers demanded a $52,000 ransom payment. But when all was said and done, the full impact of the attack was projected to cost more than $17 million. Nearly $3 million alone was spent on contracts for emergency IT consultants and crisis management firms.

In many ways, the Atlanta ransomware attack is a lesson in inadequate business continuity planning. The event revealed that the city’s IT was woefully unprepared for the attack. Just two months prior, an audit found 1,500 to 2,000 vulnerabilities in the city’s IT systems, which were compounded by “obsolete software and an IT culture driven by ‘ad hoc or undocumented’ processes,” according to StateScoop .

Which vulnerabilities allowed the attack to happen? Weak passwords, most likely. That is a common entry point for SamSam attackers, who use brute-force software to guess thousands of password combinations in a matter of seconds. Frankly, it’s an unsophisticated method that could have been prevented with stronger password management protocols.

Despite the business continuity missteps, credit should still be given to the many IT professionals (internal and external) who worked to restore critical city services as quickly as possible. What’s clear is that the city did have some disaster recovery procedures in place that allowed it to restore critical services. If it hadn’t, the event likely would have been much worse.

3) Fire torches office of managed services provider (MSP)

Here’s an example of business continuity planning done right:

In 2013, lightning struck an office building in Mount Pleasant, South Carolina, causing a fire to break out. The offices were home to Cantey Technology, an IT company that hosts servers for more than 200 clients.

The fire torched Cantey’s network infrastructure, melting cables and burning its computer hardware. The equipment was destroyed beyond repair and the office was unusable. For a company whose core service is hosting servers for other companies, the situation looked bleak. Cantey’s entire infrastructure was destroyed.

But ultimately, Cantey’s clients never knew the difference:

As part of its business continuity plan, Cantey had already moved its client servers to a remote data center, where continual backups were stored.
Even though Cantey’s staff were forced to move to a temporary office, its clients never experienced any interruption in service.

It was an outcome that could have turned out very differently. Only five years prior, the company had kept all of its client servers on site. But founder Willis Cantey made the right determination that this setup created too many risks. All it would take is one major on-site disruption to wipe out his entire business, as well as his clients’ businesses, potentially leaving him exposed to legal liabilities as well.

Cantey thus implemented a more comprehensive business continuity plan and moved his clients’ servers off-site. And in doing so, he averted disaster. This makes for an excellent business continuity plan case study that demonstrates how proper planning can significantly reduce the risk of a major operational disruption.

4) Computer virus infects UK hospital network

In another post , we highlighted one of the worst business continuity examples we saw in 2016 – before ransomware had become a well-known threat in the business community.

On October 30, 2016, a nasty “computer virus” infected a network of hospitals in the UK, known as the Northern Lincolnshire and Goole NHS Foundation Trust. At the time, little was known about the virus, but its impact on operations was devastating:

The virus crippled its systems and halted operations at three separate hospitals for five days.
Patients were literally turned away at the door and sent to other hospitals, even in cases of “major trauma” or childbirth.
In total, more than 2,800 patient procedures and appointments were canceled because of the attack. Only critical emergency patients, such as those suffering from severe accidents, were admitted.

Remarkably, a report in Computing.co.uk speculated that there had been no business continuity plan in place. Even if there had been, clearly there were failings. Disaster scenarios can be truly life-or-death at healthcare facilities. Every healthcare organization must have a clear business continuity plan outlined with comprehensive measures for responding to a critical IT systems failure. If there had been in this case, the hospitals likely could have remained open with little to no disruption.

The hospital system was initially tight-lipped about the attack. But in the year following the incident, it became clear that ransomware was to blame – specifically, the Globe2 variant.

Interestingly, however, hospital officials did not say the ransomware infection was due to an infected email being opened (which is what allows most infections to occur). Instead, they said a misconfigured firewall was to blame. (It’s unclear then exactly how the ransomware passed through the firewall—it may have come through inboxes after all.) Unfortunately, officials knew about the firewall misconfiguration before the attack occurred, which is what makes this incident a prime example of a business continuity failure. The organization had plans to fix the problem, but they were too late. The attack occurred “before the necessary work on weakest parts of the system had been completed.”

5) Electric company responds to unstable WAN connection

Here is another example of well-executed business continuity.

After a major electric company in Georgia experienced failure with one of its data lines, it took several proactive steps to ensure its critical systems would not experience interruption in the future. The company implemented a FatPipe WARP at its main site, bonding two connections to achieve redundancy, and it also readied plans for a third data line. Additionally, the company replicated its mission-critical servers off-site, incorporating its own site-failover WARP.

According to Disasterrecovery.org:

“Each office has a WARP, which bonds lines from separate ISPs connected by a fiber loop. They effectively established data-line failover at both offices by setting up a single WARP at each location. They also accomplished a total site failover solution by implementing the site failover between the disaster recovery and main office locations.”

While the initial WAN problem was minimal, this is a good example of a company that is planning ahead to prevent a worst-case scenario. Given the critical nature of the utility company’s services (which deliver energy to 170,000 homes across five counties surrounding Atlanta), it’s imperative that there are numerous failsafes in place.

6) German telecom giant rapidly restores service after fire

Among the better business continuity examples we’ve seen, incident management solutions are increasingly playing an important role.

Take the case of a German telecom company that discovered a dangerous fire was encroaching on one of its crucial facilities. The building was a central switching center, which housed important telecom wiring and equipment that were vital to providing service to millions of customers.

The company uses an incident management system from Simba, which alerted staff to the fire, evaluated the impact of the incident, automatically activated incident management response teams and sent emergency alerts to Simba’s 1,600 Germany-based employees. The fire did indeed reach the building, ultimately knocking out the entire switching center. But with an effective incident management system in place, combined with a redundant network design, the company was able to fully restore service within six hours.

7) Internet marketing firm goes mobile in the face of Hurricane Harvey

Research shows that 40-60% of small businesses never reopen their doors after a major disaster. Here’s an example of one small firm that didn’t want to become another statistic.

In August 2017, Hurricane Harvey slammed into Southeast Texas, ravaging homes and businesses across the region. Over 4 days, some areas received more than 40 inches of rain. And by the time the storm cleared, it had caused more than $125 billion in damage.

Countless small businesses were devastated by the hurricane. Gaille Media, a small Internet marketing agency, was almost one of them. Despite being located on the second floor of an office building, Gaille’s offices were flooded when Lake Houston overflowed. The flooding was so severe, nobody could enter the building for three months. And when Gaille’s staff were finally able to enter the space after water levels receded, any hopes for recovering the space were quickly crushed. The office was destroyed, and mold was rampant.

The company never returned to the building. However, its operations were hardly affected.

That’s because Gaille kept most of its data stored in the cloud, allowing staff to work remotely through the storm and after. Even with the office shuttered, they never lost access to their critical documents and records. In fact, when it came time to decide where to relocate, the owner ultimately decided to keep the company decentralized, allowing workers to continue working remotely (and providing a glimpse of how other businesses around the world would similarly adapt to disaster during the Covid-19 pandemic three years later).

Had the company kept all its data stored at the office, the business may never have recovered.

Examples of business continuity failures

Some of the real-life business continuity examples above paint a picture of what can go wrong when there are lapses in continuity planning. But what exactly do those lapses look like? What are the specific mistakes that can increase a company’s risk of disaster?

Here are some examples of business continuity failures due to poor planning:

No business continuity plan: Every business needs a BCP that outlines its unique threats, along with protocols for prevention and recovery.
No risk assessment: A major component of your BCP is a risk assessment that should define how your business is at risk of various disaster scenarios. We list several examples of these risks below.
No business impact analysis: The risk assessment is useless without an analysis of how those threats actually affect the business. Organizations must conduct an impact analysis to understand how various events will disrupt operations and at what cost.
No prevention: Business continuity isn’t just about keeping the business running in a disaster. It’s about risk mitigation as well. Companies must be proactive about implementing technologies and protocols that will prevent disruptive events from occurring in the first place.
No recovery plan: Every disaster scenario needs a clear path to recovery. Without such protocols and systems, recovery will take far longer, if it happens at all.

Examples of threats to your business continuity

It’s important to remember that business-threatening disasters can take many forms. It’s not always a destructive natural disaster. In fact, it’s far more common to experience disaster from “the inside” – events that hurt your productivity or affect your IT infrastructure and are just as disruptive to your operations.

Example threats include:

Cyberattacks
Malware and viruses
Network & internet disruptions
Hardware/software failure
Natural disasters
Severe weather
Flooding (including pipe bursts)
Terrorist attacks
Office vandalism/destruction
Workforce stoppages (transportation blockages, strikes, etc.)

The list goes on and on. Any single one of these threats can disrupt your business, which is why it’s so important to take continuity planning seriously.

Business continuity technology

Within IT, data loss is often the primary focus of business continuity and disaster recovery (BC/DR). And for good reason …

Data is the lifeblood of most business operations today, encompassing all the emails, files, software and operating systems that companies depend on every day. A major loss of data, whether caused by ransomware, human error or some other event, can be disastrous for businesses of any size.

Backing up that data is thus a vital component of business continuity planning.

Today’s best data backup systems are smarter and more resilient than they were even just a decade ago. Solutions from Datto, for example, are built with numerous features to ensure continuity, including hybrid cloud technology (backups stored both on-site and in the cloud), instant virtualization, ransomware detection and automatic backup verification, just to name a few. You can check out Datto SIRIS pricing here.

Like other BC initiatives, a data backup solution itself won’t prevent data-loss events from occurring. But it does ensure that businesses can rapidly recover data if/when disaster strikes, so that operations are minimally impacted – and that’s the whole point of business continuity.

Examples of business continuity plan

By now, you’re starting to get the picture: business continuity planning is crucial. But how do you actually create the plan? What does the document look like?

While each business’s BCP is unique to its needs, the foundation of the plan is generally the same for most organizations. The core goal is to document a company’s risks and outline what is needed to avoid an operational disruption.

Here are some examples of business continuity plan components to include in your documentation:

Objective: Outline the key goals of the plan, especially as they relate to specific business units or systems.
Contact Information: Include communication information for the people responsible for overseeing continuity planning or for those who will manage disaster recovery efforts.
Risk Assessment: Outline the specific disaster scenarios that put the business at risk of an operational disruption and their likelihood of occurring.
Business Impact Analysis: Document in clear terms how each type of disaster will affect the business, including impact on various operations, estimated recovery time and associated financial losses.
Preventative Measures: Outline the procedures, plans and systems that will help the company minimize the risk of various disasters from occurring.
Disaster Response Plan: Document the specific protocols that should be followed immediately following a disruption to minimize the impact.
Business Continuity & Disaster Recovery Systems: Outline the systems and procedures that should be used to maintain continuity or recover from an outage.
Backup Locations & Contingency Assets: Identify any secondary resources that should be leveraged if primary resources are unavailable, such as backup office spaces, servers, devices, office furniture and so on.
Communication Plan: Outline how the organization will distribute information to employees or between recovery teams if primary communication lines are unavailable.
Continuity Testing: Document how recovery procedures and systems in the plan should be tested to confirm they are effective, and the frequency for conducting those tests.
Continuity Gaps & Recommendations: Be clear about any limitations in the current planning and what steps are recommended to fill those gaps.
Plan Review & Update Schedule: Create a schedule for reviewing and updating the business continuity plan to ensure the documentation remains accurate and relevant.

Examples of business continuity plans can differ by industry, but most companies will want to incorporate all of the components above, regardless of business size or sector.

Business continuity plan case study

In February 2023, a ransomware attack struck Karmak – a prominent technology solutions provider for the trucking industry. However, the company acted quickly to contain the attack before it disrupted its operations or customers, providing a solid case study for how to maintain continuity during a cyberattack.

Karmak’s business continuity planning played a key role in averting disaster. According to an industry trade publication, Karmak had a “detailed cyberattack response plan, which went into effect immediately after the attack.” The company used security monitoring solutions to detect and thwart the attack. Plus, employees had been rigorously trained on cybersecurity and knew how to respond.

End result: Karmak contained the attack within hours, preventing customer data from breached and minimizing the impact on internal systems.

Frequently Asked Questions

1. what is an example of business continuity.

Any scenario in which a business can continue to operate through a disruptive event is an example of business continuity. For example, a company facing a ransomware attack might maintain business continuity by restoring infected files from a data backup.

2. What are examples of business continuity plans?

An example of a business continuity plan is a comprehensive document that assesses a business’s risk for operational disruptions and outlines the steps for avoiding such disruptions. Example components of the plan include a risk assessment, business impact analysis, communications plan and disaster recovery plan.

3. What is a real-life example of business continuity?

The Covid-19 pandemic illustrated many real-life examples of business continuity. Companies took several measures to continue operating during the health crisis, such as allowing employees to work from home, instituting physical distancing and providing protective equipment to critical workers.

Avert disaster with the technology your business needs

Avoid a major operational disruption with today’s best technology for business continuity, disaster recovery and cybersecurity. Schedule a meeting with one of our data-protection specialists at Invenio IT or contact us by calling (646) 395-1170 or by emailing [email protected] .

Get The Ultimate Business Continuity Resource for IT Leaders

Join 23,000+ readers in the Data Protection Forum

Do you know what makes Datto Encryption So Secure?

2023 Guide to Datto SaaS Protection for M365 and Google Workspace

Where’s My Data? 411 on Datto Locations around the Globe

Guide to Datto SIRIS Models for BCDR

5 Datto Competitors to Compare (Plus Some Free Alternatives)

Cybersecurity.

Products & Services
Community & Resources
Why ConnectWise

Integrated front and back office solutions

Manage customer endpoints and data

Protect your clients’ critical business assets

The purpose-built platform for MSPs

business continuity disaster recovery plan case study

See our latest product innovations that enhance your ConnectWise experience. View roadmap>>

Industry events and networking

Peer groups and product training

Top-rated vendors and integrations

Business-driving insights and guidance

Company profile, values, and leaders

The latest ConnectWise updates

Roles and industries we support

The only truly unified platform purpose-built for MSPs. Learn more >>

ConnectWise solution resources

Certifications and resources

Access your products, see announcements, and find support Log in to ConnectWise Home >>

Discover total profit solutions for IT companies. Learn more >>

What is business continuity and disaster recovery (BCDR)?

Unforeseen events are bound to occur–and for businesses, it’s critically important to have streamlined processes and plans in place to properly respond to an event like a cyberattack or power outage. Events like these can stall or completely stop operations and take time to recover from, especially if there isn’t a plan in place to get back up and running.

A business continuity and disaster recovery ( BCDR ) strategy can help organizations restore normal operations more quickly; however, not all organizations implement a BCDR plan , which can leave them at risk of financial losses or an inability to comply with industry regulations. The U.S. Federal Emergency Management Agency (FEMA) estimates that about 25% of businesses don’t reopen after a disaster, making it even more important for organizations to plan accordingly.

If you’re an MSP looking to implement a BCDR solution for a client or simply want to expand your service offerings, this article will help you find the right solution.

BCDR definition

A business continuity and disaster recovery plan is a combination of business processes and data solutions that work together to ensure an organization's business operations can continue with minimal impact in the event of an emergency. Business downtime can be caused by events like:

Natural disasters
Cyberattacks
Power outages
A human error like an accidental deletion
Hardware failure

Historically, backup plans for critical data involved onsite backup solutions like a disk or tape. This backup media could then be taken off-site to ensure it’s protected in an emergency. However, this form of physical backup can be prohibitive and slow down business if it’s not easily accessible.

With the advent of cloud computing and streamlined business continuity software, businesses of all sizes can now access effective BCDR solutions and enhance their disaster preparedness. A BCDR plan that’s properly managed in partnership with an MSP and regularly updated, can help prevent data and revenue loss.

The difference between business continuity (BC) and disaster recovery (DR)

Business continuity is focused on supporting all aspects of a business when an emergency or disaster occurs, while disaster recovery focuses on recovering lost data and getting IT systems back online. A backup and disaster recovery plan (BDR) can be a part of a business continuity plan and may include steps for how to address certain aspects of the business and mitigate potential impacts and risks.

Business continuity includes all parts of an organization including:

Employees and their contact information.
List of third parties and other important entities involved with the business.
Understanding of critical business operations.
Physical assets like an office building.
IT infrastructure .

Disaster recovery is more specific to IT systems that affect an organization. It’s the process of recovering lost data and other assets as a result of effective backup plans. If network backups aren’t properly maintained and disaster strikes, it can be costly to your clients, their employees, and their vendors. Critical systems that may be included in a backup and disaster recovery plan are:

Devices like phones
Network connections
Applications used for business
Important files
Network drives

Ultimately, businesses should plan for business continuity and disaster recovery . The combination of a business continuity backup plan and disaster recovery plan can protect data and minimize business downtime, which can translate into a more secure and profitable business for your clients.

Why BCDR is important

Since the future isn’t predictable, it’s important to have a BCDR strategy in place when weather events, unplanned outages, or cyberattacks occur. Data can be lost or destroyed during events like these, and without a plan in place, businesses can suffer. They may even be at risk of going out of business due to revenue and data loss, and damage to their reputation.

Having an effective BCDR plan can be an important line of defense for businesses of all sizes, and can protect your clients and their employees, while also providing peace of mind. In many cases, effective cybersecurity and BCDR are intertwined. For more information on this relationship, check out our webinar, Protect and Recover with Cybersecurity and BCDR Solutions .

What does a BCDR plan do?

A BCDR plan is a combination of policies and procedures to help when there’s an emergency or outage so business operations can be restored quickly and effectively. A good BCDR plan will address all aspects of a business, be tested regularly, and rely on BCDR solutions that are trustworthy and comprehensive.

When helping your clients create a plan, consider the following:

The type of BCDR strategy or solution they currently use.
How often the BCDR plan is tested .
The time it could take to recover from a disaster.
The amount of time a business can be down without total loss.
Costs involved with business downtime.
Are there multiple types of backups (cloud, physical, off-site, hot sites, cold sites, etc.)?

With these considerations in mind, you and your clients can start making BCDR plan steps to ensure their solutions provide the right levels of recovery and security. Some steps you may cover are:

Identifying the problem : It’s important to determine where the problem occurred, what systems and assets it’s affecting, and how it could affect a client’s business.
Deciding what needs to be recovered . It’s crucial to figure out what needs to be restored so that business can continue as soon as possible. Identifying the most critical systems can help determine where to begin with recovery, like which data and files to restore and how far back-in-time assets need to be recovered.
Check that the recovery plan aligns with users . This is where testing a BCDR plan can be important because you want to ensure that the plan in place allows users across a network to access what they need, while still having network connectivity.
Restore systems . This may include restoring the original system and deciding the best way to go about doing that.
Evaluate the plan after the event . Did your BCDR strategy work? How well? Take time to assess what worked and what didn’t and update your BCDR plan accordingly. When updating a BCDR plan, be sure to remember the considerations noted above.

Solutions to support your BCDR strategy

Developing an effective BCDR plan can be challenging when an organization tries to do it without the help of a qualified MSP. They may not have the experience and tools to properly prepare, which can prove costly in the long run. That’s where your team can step in to become a partner organizations can trust.

Some best practices to scale your BCDR business include:

Helping clients fully recover and remain secure . Comprehensive BCDR services can help you support every level of your clients’ business, including their valuable data. With trusted backup solutions, you can guarantee against data loss, which isn’t provided by every backup service.
Providing BCDR services from a single vendor . While organizations can work with several vendors to create a BCDR plan , this can lead to silos and make recovery more cumbersome. By offering one solution to your clients, you can better ensure business continuity.
Offering strategic outsourcing . A good BCDR solution will offer outsourcing to a network operations center (NOC) to help manage your team's tasks, like securing more endpoints, conducting routine tasks, and closing the skills gap. NOCs can keep costs more manageable for your clients and help you scale your MSP business with additional resources and offerings.

If you’re looking to grow your BCDR service offering, ConnectWise is here to help you scale while keeping your clients secure. Start your BCDR product demo today or check out our MSP’s Guide to BCDR for more best practices and strategies for MSPs.

What are some common challenges businesses face when implementing BCDR plans?

Organizations trying to create a BCDR plan may find it challenging to:

Make planning a priority because of time and resource constraints.
Ensure the plan is comprehensive enough to protect their business.
Create the plan on their own because of the overwhelming amount of data and process to manage.

This gives MSPs the opportunity to offer solutions to these challenges, to help your clients be more prepared and secure.

How often should BCDR plans be reviewed and updated?

There is no set standard for how often a BCDR plan should be reviewed or updated. However, to ensure preparedness, it’s wise to do an annual review to account for any changes in your client’s business, like staffing, a new location, IT infrastructure, or regulatory guidelines.

What is the difference between hot, warm, and cold sites in BCDR planning?

Hot, warm, and cold sites represent different backup options. Hot sites contain copies of all data centers, including software and hardware, and are ready to go when needed, particularly for mission-critical operations. Cold sites don’t have server hardware or software and are reserved for a time when a disaster occurs and backups need to be done and are typically less expensive than running a hot site. A warm site offers basic equipment; however, you still need to load your data.

Evaluation of Business Continuity Management - A case study of disaster recovery during the Covid-19 pandemic

Fredrik Tegström
Filip Nilsson

Summary, in English

Department/s

Engineering Logistics
Department of Industrial Management and Logistics

Publishing year

Available as PDF - 9 MB
Download statistics

Document type

Student publication for Master's degree (two years)

Business and Economics
Business continuity
Disaster recovery
Continuity planning
Andreas Norrman

Scientific presentation

Popular Summary - Evaluation of Business Continuity Management

Cloudian Products

The Object Storage Buyer’s Guide

Technical/financial benefits; how to evaluate for your environment.

HyperIQ Observability & Analytics

Watch 2-min Intro

Evaluator Group Webinar

Skills Shortage? Ease the Storage Management Burden. Watch On-Demand

Scaling Object Storage with Adaptive Data Management

Get White Paper

Solutions

Industries

Scaling AI: Leveraging Object Storage to Meet the Modern Demands of AI Workflows

2021 Enterprise Ransomware Victims Report

Don’t Be a Victim

Scalable S3-Compatible Storage, On-Prem with AWS Outposts

Trending Topic: On-Prem S3 for Data Analytics

Watch Webinar

Ransomware 2021: A Conversation with Veeam CISO Gil Vega

Hear His Thoughts

How a Private Cloud Addresses the Kubernetes Storage Challenge

Free White Paper

Data Security & Compliance: 3s Every CIO Should Ask Ask the Right ??s

Satellite Application Catapult Deploys Cloudian for Scalable Storage

Replaces conventional NAS, saves 75%

Read Their Story

On-Demand Webinar

Veeam & Cloudian: Office 365 Backup – It’s Essential

Why the FBI Can’t Stop Cybercrime and How You Can

8 Reasons to Choose Cloudian for State & Local Government Data

Get 8 Reasons

Cloudian HyperStore SEC17a-4 Cohasset Assessment Report

Read the Assessment

Hybrid Cloud for Telecom

Hybrid Cloud for Manufacturers

Tape: Does It Measure Up?

Get Free eBook

Customer Testimonial: University of Leicester

Hear from Mark

Public Health England: Resilient IT Infrastructure for an Uncertain Time

Watch On-Demand

How to Accelerate Genomics Data Analysis Pipelines by 10X

Hear from Weka

How MSPs Can Build Profitable Revenue Streams with Storage Services

Technology Partners

Get Scalable Storage On-Prem for AWS Outposts

Hear from AWS

The Path to the Hybrid World: Amazon S3-Compatible Storage On-Prem for AWS Hybrid Edge

Learn from AWS

Lock Ransomware Out with Commvault & Cloudian

Cribl Stream with Cloudian HyperStore S3 Data Lake

Why Object Storage is Best for Advanced Analytics Apps in Greenplum

Explore Solution

Customer Video: NTT Communications

Hear from NTT

How to Store Kasten Backups to Cloudian

Klik.Solutions Delivers World-Class Backup-as-a-Service with Lenovo & Cloudian

Why They Chose Us

Modernize SQL Server with S3 Data Lake

Find Out How

Immutable Object Storage for European SMBs from RNT Rausch and Cloudian

Backup/Archive to Cloudian with Rubrik NAS Cloud Direct

On-Premises Object Storage for Snowflake Analytics Workloads

Get the Details

Splunk, ClearShark, and Cloudian discuss Federal Industry Storage Trends

Teradata & Cloudian: Modern Data Analytics for Hybrid and Multi-Cloud

1-Step to Data Protection: All You Need to Know About Veeam v12 + Cloudian

Step up to Cloudian

Modernize Your Enterprise Archive Storage with Cloudian and Veritas

Read About It

Unified Analytics Data Lake Platform with Vertica and Cloudian HyperStore

VMware Cloud Providers: Get started in cloud storage, free.

Get Started

Customers

Cloudian Enables Leading Swiss Financial Institution to Retain and Analyze More Big Data

Read Case Study

Indonesian Financial Services Company Replaces NAS With Cloudian

National Cancer Institute Reduces Cost and Time to Insight with Cloudian

US Department of Defense Deploys Cloudian

State of California Selects Storage-as-a-Service Offering Powered by Cloudian

Australian Genomic Sequencing Leader Accelerates Research with Cloudian

Swiss Education Non-Profit Achieves Scale and Flexibility of Public Cloud On-Prem with Cloudian

Indonesia Ministry of Education Deploys Cloudian Object Storage to Keep Up with Data Growth

Leading German Paper Company Meets Growing Data Backup Needs with Cloudian

Vox Media Automates Archive Process to Accelerate Workflow by 10X

WGBH Boston Builds a Hybrid Cloud Active Archive With Cloudian HyperStore

Large German Retailer Consolidates Primary and Secondary Storage to Cloudian

How a Sovereign Cloud Provider Succeeds in Cloud Storage Services

View On-Demand

IT Service Provider Drives Business Growth with Cloudian-based Offering

Calcasieu Parish Sheriff Deploys Hybrid Cloud for Digital Evidence Data

Montebello Bus Lines Mobile Video Surveillance with Cloudian Object Storage

Resources

Storage Guides

Ransomware Protection Buyer’s Guide

Get Free Guide

Company

Cloudian Named a Gartner Peer Insights Customers’ Choice for Distributed File Systems and Object Storage

Read Reviews

Disaster Recovery and Business Continuity Plans

Disaster recovery and business continuity are tightly related. In the 1970s, organizations started preparing Disaster Recovery (DR) plans, which were mainly focused on natural disasters. In the 1980s and onwards, the focus shifted to a more holistic view, named Business Continuity (BC).

While disaster recovery narrowly focused on how to bring systems back online after a disaster, business continuity aimed to develop a proactive process that would keep businesses alive and operating even in the face of a major crisis. Accordingly, a disaster recovery plan is limited to ensuring data protection, preventing damage to systems and recovering them as quickly as possible, while a business continuity plan covers all aspects of the business including business processes, manpower, partners and suppliers.

In this article you learn: • What is a business continuity plan? • 7 chapters of a sample business continuity plan • The difference between a DR and BC plan • A BC plan in action: hour by hour • Ensuring business continuity for your data with Cloudian

What is a Business Continuity Plan?

A business continuity plan details how a business will continue operating and serving its customers, even in the face of a dramatic event like a natural disaster, major IT failure, or a cyberattack. The end goal is to preserve a company’s financial viability, market position, reputation, and customers, even in the face of a crisis.

Business continuity planning covers every aspect of the business including:

Business processes —how can a process continue working even if critical equipment or supplies were missing?
Human resources —how can critical staff continue performing their work if, for example, workstations are destroyed or there is no Internet connection?
Business partners and suppliers —how can suppliers continue their work with the company if, for example, lines of communication or road transport is unavailable?

A business continuity plan must consider important questions and provide good answers. What single points of failure exist in the organization? What are the critical dependencies on equipment, in-house staff, suppliers or other third parties? What workarounds exist for disruption of any of these? Which organizational processes, staff, skills and technology are needed to maintain business operations and fully recover from a disaster?

7 Chapters of a Business Continuity Plan

A typical business continuity plan contains the following sections:

Goals of the plan —should quantify which parts of the business are considered critical and how smoothly they should be able to operate during a crisis
Budget —resources allocated to business continuity planning and preparation
Personnel —who is responsible for maintaining the business continuity program and executing practical steps during a crisis. Which other stakeholders exist—senior management, legal, PR, customers, partners, etc—and how they should be involved or notified.
Business Impact Analysis —a holistic review of critical business processes, their weak points and how they are likely to be affected by different types of disasters.
Proactive strategies —processes that should be carried out on a regular basis to prevent or more easily overcome disasters.
This chapter includes an IT disaster recovery plan.
Long-term reactive strategies —what the organization should do on “day two”, after the disaster has ended, to fully recover and rebuild systems to their original state.

Business Continuity vs. Disaster Recovery Plan

The terms business continuity plan and disaster recovery plan are sometimes used interchangeably. However, as we illustrated in our plan structure above, a disaster recovery plan is an important section within a business continuity plan. See our guides on IT disaster recovery plans and disaster recovery policy .

The table below illustrates how a business continuity plan differs from an IT disaster recovery plan—it touches on the same aspects but from a holistic business perspective.


Aimed at ensuring business operations continue during and after a crisis, to preserve financial stability and reputation	Aimed at ensuring minimal damage to IT assets in a disaster and speedy, complete recovery
Inventory of all critical business assets—staff, suppliers, vehicles, buildings, etc.	Inventory of IT assets—network equipment, servers, endpoints, etc.
Business Impact Analysis of all threats affecting business operations	Analysis of threats affecting IT infrastructure
Includes an ongoing proactive component to prevent and prepare for disaster	Only focused on reactive measures in case disaster happens

Business Continuity Plan in Action: Hour by Hour

Once you have a business continuity plan, here is what a crisis could look like, hour by hour, as the plan unfolds. The activities below are just examples, and of course, will vary depending on the crisis and the nature of the business.


	Business continuity team is alerted to the crisis Contact made with authorities (firefighters, police, etc) Alternate physical facility is activated, or employees directed to work from home Critical IT systems switched over to remote DR site
	In case of casualties among employees, succession plan activated Assessment of damage to physical facilities Assessment of damage to IT resources Notifying customers, press, and suppliers Switching to backup vendors in case a vendor or supplier was also affected by the disaster
	Restoring critical parts of the primary facility Transitioning critical staff back to the facility Restoring critical IT systems Routing activity back to recovered systems
	Fully rebuilding primary facility Transitioning all staff back to the facility Restoring all IT systems Resuming normal operations

Ensuring Business Continuity for Your Data with Cloudian

Cloudian offers low-cost disk-based storage that lets you store up to 1.5 Petabytes of backups. The Cloudian appliance can be deployed in your local data center, or in a remote DR site. We provide integrated data management tools that let you store data seamlessly to a remote appliance.

Cloudian also supports a hybrid cloud setup. The Cloudian appliance can replicate your data to a cloud storage service such as Amazon S3, Azure Blob Storage or Google Cloud Storage. This allows you to backup data frequently and enjoy fast local access while keeping a copy of data on the cloud in case the on-premise data center goes down.

Learn more about Cloudian’s data protection solutions.

Get Started With Cloudian Today

Request a Demo

Join a 30 minute demo with a Cloudian expert.

Download a Free Trial

Try Cloudian in your shop. Run on any VM, even your laptop.

Receive a Cloudian quote and see how much you can save.

Privacy Overview
Strictly Necessary Cookies

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Disaster recovery planning and management

Free1970 - stock.adobe.com

Real-life business continuity failures: 4 examples to study

Business continuity failures are costly and can significantly harm a company's reputation. These four high-profile examples demonstrate what can go wrong when a plan fails.

Stuart Burns

The best business continuity planning happens before an incident takes place, but IT teams can use examples of others' failure to bolster their own planning.

No one likes publicizing their mistakes, and organizations that experience a business continuity crisis are no different. Because each business continuity failure presents a learning opportunity for other businesses, it's unfortunate that real-life examples can be hard to track down -- that is, unless the organization has a high-enough profile for the issue to make the news.

Although IT teams won't be able to read a news article and understand a particular company's business continuity plan and how it helps critical business functions continue in the event of serious disruption or disaster, they can use such failures to see the aspects of a company's plan that were likely missing or followed incorrectly.

Below are four examples of major business continuity failures, how they happened and what IT teams can do to prevent the same thing from happening at their organizations.

FAA system failure causes U.S. ground stop

On Jan. 11, 2023, thousands of flights across the U.S. were grounded due to an hourslong Federal Aviation Administration (FAA) system outage of the Notice to Air Missions (NOTAM) database. NOTAM is a critical system that pilots must consult before takeoff to inform them of hazards and runway closures.

The NOTAM system is also old.

While the FAA said the root issue was a deleted file, the outage time could have been significantly reduced if the legacy infrastructure had offered the high availability of more up-to-date systems . It might be a tall order to replace a longstanding, internationally used system such as NOTAM, but organizations that are resistant to replacing existing systems can learn from this business continuity failure. Outdated systems that prevent implementing current standards and recovery times make business continuity more difficult than it already is.

Lessons: IT teams in organizations that -- for whatever reason -- cannot replace outdated legacy systems should prioritize business continuity strategies such as knowing how to test without interrupting operations, finding high availability processes and verifying backup integrity. They can also point to high-profile incidents such as the FAA system outage as evidence for new system needs.

Business continuity planning lifecycle diagram.

Microsoft Azure/Office outage halts users internationally

Also in January 2023, Microsoft had a major outage that affected users across the globe, but especially in Europe .

The outage left many business and personal users unable to access email and files or manage Azure infrastructure. The root cause was eventually tracked down to a bad routing change Microsoft made to its core routing infrastructure.

Lessons: Unfortunately, no one-size-fits-all fix for cloud computing exists. Larger businesses can mitigate outages by using multiple zones. In that situation, each region has multiple data centers that are hundreds of miles away from each other and share no resources, so loss of a single zone does not take down the environment.

Smaller companies might find it is more useful to use built-in disaster recovery tools, such as those in Azure , to completely fail over and get back up running quickly. This does require some preplanning, but does not require the complexity and cost of a multizone setup with redundancy.

Larger organizations with higher availability requirements can instead use the availability features to handle a downed data center by having redundancy and rerouting of traffic.

Fire damages OVHcloud's data center -- and reputation

Not even the biggest companies with endless resources can prevent natural disasters from occurring. In the case of extreme weather, business continuity is a matter of being prepared. Unfortunately, OVHcloud was not.

In March 2021, one of the cloud provider's data centers caught fire, and the fire suppression measures were not up to the job. Many clients woke up to find their rented servers offline. To make things worse, one of the backup arrays was completely destroyed in the fire, losing critical backups that the service provider could have used to recover customer data.

This crisis did not only affect immediate business functions -- OVHcloud's reputation suffered due to the outage, and it was the subject of a $10 million class-action lawsuit from more than 140 of its clients.

Lessons: The OVHcloud business continuity failure illustrates the importance of the 3-2-1 rule of data backup . Multiple backups, on different hardware, in different locations is the most surefire way to ensure data is safe in a fire or natural disaster. That way, if the data center is destroyed, there is still a data backup elsewhere that the client can restore to get services working again.

Ransomware compromises NHS Foundation Trust

The National Health Service (NHS) is one of the largest employers in the U.K. Downtime costs significant money and endangers public healthcare, making the Aug. 4, 2022, ransomware attack on the NHS a prime example of a disastrous business continuity failure.

The attack, which targeted a major software provider for the NHS, took several months to remediate fully. During the initial stages, the front-line staff had to revert to pen and paper, and make do with whatever records they had that were not computer-based. Part of the delay in service restoration was the impact to legacy systems.

However, there was a bigger problem with this failure: hidden shadow IT systems installed by employees with little to no professional IT oversight.

Lessons: Legacy IT systems frequently incur a higher maintenance cost and are more likely to be neglected when it comes to maintenance and updates. It is easier said than done, but one way to avoid these issues is replacing legacy systems.

Organizations must also have strict policies regarding the acquisition and management of IT systems and software. Any purchase must be tightly managed and done in conjunction with IT staff approval, since they are often aware of issues that less technically savvy managers might not know about.

Business continuity plan software providers to know

Dig Deeper on Disaster recovery planning and management

OVHcloud debuts ‘comprehensive’ carbon calculator for customers

OVHcloud opens India datacentre

FAA outage highlights importance of high availability

Disaster Recovery Plan for Business Continuity: Case Study in a Business Sector

2016, SSRN Electronic Journal

Related Papers

Ahmed AL Zaidy

Court system plays a central role in the constitution in the United States, as information technology now involving in almost all aspects of the daily life, for businesses, government agencies, and individual’s activities. Courts also dependents on information technology, in computerize case management systems, electronic filing, electronic retrieval, and communications systems. Disasters can strike court systems as all other systems in the United States, as a natural disaster, and / or Human made disasters, therefor, having a plan that can help protect the systems, and data of the courts is an essential. The need of having a correct and affective disaster recovery, and business continuity plans efforts need to be taken serially and essential.

Nigussie Tariku

IT services and solutions in the banking sector should be protected to keep the business continuity in a disastrous scenario. This study aims to develop an Information Technology Disaster Recovery Plan (IT DRP) framework in the case of Ethiopian Banks. Qualitative case study method is employed to investigate current best practices and challenges in Ethiopian banks. The findings indicated that Banks do not have IT DRP in place. Lack of framework, lack of focused group, lack of experiences, and lack of standardization are some of the challenges identified. Accordingly, the IT DRP framework is proposed for Banks of Ethiopia. The framework is confirmed and validated by the subject experts. The framework can serve banks as a quality tool to evaluate existing IT DRP or develop new ones based on their business needs. Recommendations are also forwarded and related topics are suggested for future research to extend this work.

Nijaz Bajgoric

Securities industry regulations require each broker-dealer to create and maintain a business continuity plan tailored to the size and need of the member and reasonably designed to enable the member to meet its existing obligations to its clients or other counter-parties. In accordance with these requirements, Wells Fargo Advisors has designed a business continuity plan to address possible scenarios to minimize any service impact to our clients.

IJAIT (International Journal of Applied Information Technology)

wawa wikusna

Based on data, Indonesia ranks second in the list of the highest number of deaths due to natural disasters in the Asia-Pacific. Over the past 20 years, various natural disasters in this country have also caused economic losses of at least US$ 22.5 billion. This data means that disasters in various sizes and scales can occur and affect business. Disaster threats can occur in various forms, such as earthquakes, tsunamis, and floods. The threat of disasters will certainly disrupt and can have a fatal impact on the sustainability of business supported by information technology, the Ministry of Women's Empowerment and Child Protection (KPPPA) as a case study has an interest in this matter. One of the infrastructures that become an essential asset as the performance support capacity of the KPPPA is an information system and technology. System tools and Information technology are business process support tools at the KPPPA so that businesses have sustainability and can run well. Disast...

Vishal D I N E S H K U M A R Soni

The disaster recovery planning forms to be an important component of any organization to overcome unplanned adversity. To function the successful organization or business model, the structuring of different sectors plays an important role and disaster planning becomes one such core element. Well before the catastrophic event occurs, an organized planned disaster management strategy can overcome the unexpected event and help to recover. In most organization, are equipped with the latest technological fronts but lacks disaster recovery plan management which may often lead to crisis. Even in the current scenario, where a large number of unexpected events are encountered, scanty measures are being implemented to equipped with disaster recovery plan management. Hence, based on these facts, the present study emphasis, the importance, components, and planning strategies of disaster recovery. Though a large number of reports highlight the structuring and functioning of an organization, only small studies have shed light on the presented topic which became the subject of investigation and study in this mini-review. Keywords: Disaster, Recovery, Planning, Information science, Management, Business, Organization

Michael Allen

IOP Conference Series: Materials Science and Engineering

difana meilani

International Journal of Electrical and Computer Engineering (IJECE)

Felix Bankole

Information Management & Computer Security

Jacques Botha

In a world where continuous operations are essential for business survival, action must be taken to ensure that information and the business processes that use the information are continuously available. This usually involves the selection and implementation of a suitable business continuity plan. Implementing such a plan is, however, not always a simple task. This especially holds true for small to medium‐sized organizations. An implementation method that could be applied to most business continuity planning methodologies would, therefore, be a welcome tool, especially for small to medium‐sized organisations. This paper presents a theoretical model for such an implementation method.

Leslie Acheson Wey

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.

RELATED PAPERS

International Journal of Modern Education and Computer Science

Hossam Mohamed

SSRN Electronic Journal

Jacob Kassema

International Journal of Business Continuity and Risk Management

Miguel Crespo , Maurice Dawson

Economic Research-Ekonomska Istraživanja

people.rit.edu

JAGADEESHWARAN RANGANATHAN

International Journal of Engineering Business Management

Manal Yunis

ARGHYA ADHYA

Marchelius Kalvin

Irfan Bhatti

Journal of Advanced Management Science

Jarot Sembodo Suroso

1. Run a business impact analysis

Business impact analysis (BIA) helps organizations better understand the various threats they face. Strong BIA includes creating robust descriptions of all potential threats and any vulnerabilities they might expose. Also, the BIA estimates the likelihood of each event so the organization can prioritize them accordingly.

2. Create potential responses

For each threat you identify in your BIA, you’ll need to develop a response for your business. Different threats require different strategies, so for each disaster you might face it’s good to create a detailed plan for how you could potentially recover.

3. Assign roles and responsibilities

The next step is to figure out what’s required of everyone on your disaster recovery team in the event of a disaster. This step must document expectations and consider how individuals will communicate during an unplanned incident. Remember, many threats shut down key communication capabilities like cellular and Wi-Fi networks, so it’s wise to have communication fallback procedures you can rely on.

4. Rehearse and revise your plan

For each threat you’ve prepared for, you’ll need to constantly practice and refine BCDR plans until they are operating smoothly. Rehearse as realistic a scenario as you can without putting anyone at actual risk so team members can build confidence and discover how they are likely to perform in the event of an interruption to business continuity.

Like BCPs, DRPs identify key roles and responsibilities and must be constantly tested and refined to be effective. Here is a widely used four-step process for creating DRPs.

1. Run a business impact analysis

Like your BCP, your DRP begins with a careful assessment of each threat your company could face and what its implications could be. Consider the damage each potential threat could cause and the likelihood of it interrupting your daily business operations. Additional considerations could include loss of revenue, downtime, cost of reputational repair (public relations) and loss of customers and investors due to bad press.

2. Inventory your assets

Effective DRPs require you to know exactly what your enterprise owns. Regularly perform these inventories so you can easily identify hardware, software, IT infrastructure and anything else your organization relies on for critical business functions. You can use the following labels to categorize each asset and prioritize its protection—critical, important and unimportant.

Critical: Label assets critical if you depend on them for your normal business operations.
Important: Give this label to anything you use at least once a day and, if disrupted, would impact your critical operations (but not shut them down entirely).
Unimportant: These are the assets your business owns but uses infrequently enough to make them unessential for normal operations.

Like in your BCP, you’ll need to describe responsibilities and ensure your team members have what they need to perform them. Here are some widely used roles and responsibilities to consider:

Incident reporter: Someone who maintains contact information for relevant parties and communicates with business leaders and stakeholders when disruptive events occur.
DRP supervisor: Someone who ensures team members perform the tasks they’ve been assigned during an incident.
Asset manager: Someone whose job it is to secure and protect critical assets when a disaster strikes.

4. Rehearse your plan

Just like with your BCP, you’ll need to constantly practice and update your DRP for it to be effective. Practice regularly and update your documents according to any meaningful changes that need to be made. For example, if your company acquires a new asset after your DRP has been formed, you’ll need to incorporate it into your plan going forward or it won’t be protected when disaster strikes.

Whether you need a business continuity plan (BCP), a disaster recovery plan (DRP), or both working together or separately, it can help to look at how other businesses have put plans in place to boost their preparedness. Here are a few examples of plans that have helped businesses with both BC and DR preparation.

Crisis management plan: A good crisis management plan could be part of either business continuity or disaster recovery planning. Crisis management plans are detailed documents that outline how you’ll manage a specific threat. They provide detailed instructions on how an organization will respond to a specific kind of crisis, such as a power outage, cybercrime or natural disaster; specifically, how they’ll deal with the hour-by-hour and minute-by-minute pressures while the event is unfolding. Many of the steps, roles and responsibilities required in business continuity and disaster recovery planning are relevant to good crisis management plans.
Communications plan: Communications plans (or comms plans) equally apply to business continuity and disaster recovery efforts. They outline how your organization will specifically address PR concerns during an unplanned incident. To build a good comms plan, business leaders typically coordinate with communications specialists to formulate their communications plans. Some have specific plans in place for disasters that are deemed both likely and severe , so they know exactly how they’ll respond.
Network recovery plan: Network recovery plans help organizations recover interruptions of network services, including internet access, cellular data, local area networks (LANs) and wide area networks (WANs). Network recovery plans are typically broad in scope since they focus on a basic and essential need—communication—and should be considered more on the side of business continuity than disaster recovery. Given the importance of many networked services to business operations, network recovery plans focus on the steps needed to restore services quickly and effectively after an interruption.
Data center recovery plan: A data center recovery plan is more likely to be included in a BCP than a DRP because of its focus on data security and threats to IT infrastructure. Some common threats to data backup include overstretched personnel, cyberattacks, power outages and difficulty following compliance requirements.
Virtualized recovery plan: Like a data center plan, a virtualized recovery plan is more likely to be part of a BCP than a DRP because of a BCP’s focus on IT and data resources. Virtualized recovery plans rely on virtual machine (VM) instances that can swing into operation within a couple of minutes of an interruption. Virtual machines are representations/emulations of physical computers that provide critical application recovery through high availability (HA), or the ability of a system to operate continuously without failing.

Even a minor interruption can put your business at risk. IBM has a wide range of contingency plans and disaster recovery solutions to help prepare your business to face a variety of threats including cloud backup and disaster recovery capabilities and security and resiliency services.

Protect data and speed recovery with IBM business continuity planning solutions

Get your DRP / BCP on the cloud for the price of Latte
Live Chat Support

Business Continuity

Business Continuity refers to the set of steps taken to resume operations with minimum possible delay following an incident such as an accident or a natural calamity that can slow down or even disrupt the proper functioning of a business unit. It is a broad domain with an area of study that overlaps those of many related subjects such as quality management, risk management, change management, governance, information security and compliance, amongst others. Business continuity ensures that an organization transits the repercussions of a catastrophe such as epidemics, earthquakes, outages, terrorist or cyber attacks, theft, sabotages and so on, seamlessly, and with minimal friction.

A business continuity plan can be broadly broken down into the following phases:

Implementation

Maintenance.

This is the first step towards a business continuity plan where an organization creates a blueprint of what needs to be done when disaster strikes.

In this phase, the various activities of a business unit are identified. These activities are then classified as critical and non critical activities.

Critical activities are those that need to be constantly up and running at all times. A business unit’s critical activities and functions can be further classified and ranked based on the extent to which business would suffer if they were to be disrupted.
Non critical activities , although important in their own right, are those set of functions that are relatively less significant to an organization when compared to critical functions.

Next, potential threats to all the critical and non critical business functions are identified. These potential threats are then classified in terms of the probability and extent to which it could affect a business activity.

After establishing a comprehensive list of critical and non critical business activities, their potential threats and mapping the two to each other, the organization now formulates the requirements for restoring these activities with minimum delay. This includes identifying the human resources, hardware, software, technology, assets, utilities and other third party services necessary to restore normalcy. Relevant training procedures are also structured to provide employee staff and personnel the necessary knowledge transfer that equips them to handle emergency situations.

Different business continuity approaches are considered and compared for cost effectiveness, complexity and adaptability. The optimum design solution takes into consideration the pain points of all the departments and stakeholders within a business unit and provides a flexible and easy to implement recovery solution at a competitive price.

During this stage, the business continuity plan goes through numerous iterations to identify gaps in the recovery solution design that has been implemented. Business continuity testing can be broadly classified into tabletop, medium and complex exercises.

Tabletop exercises occur in a limited environment and concentrate on few or specific business functions.
Medium level exercises focus on multiple business functions and involve various departments within a business unit.
Complex exercises try to simulate a real world testing scenario and last for prolonged periods of time.

After the implementation and testing phases, a business continuity plan is constantly monitored in real time. IT infrastructure is kept current with regular updates and enhancements. Employee staff and personnel are also periodically trained in new and improved methodologies that are being implemented across industries. Maintenance is a crucial phase as it ensures that a corporation’s business continuity plan does not become obsolete due to neglect.

Business continuity is a highly essential security measure in today’s corporate ecosystem. Besides providing numerous monetary benefits, it also guarantees the safety and well being of an organization’s assets and human resources.

Attrition and business continuity
Business Continuity Plan
Business Continuity & Disaster Recovery Teams
Business Continuity Management Life cycle – Part 1
Business Continuity Management Life Cycle – Part 2
Threat Assessment
Risk Assessment
Impact and Risk Assessment
ISO 24762:2008
Social Media in Emergency Management
Social Media in Emergency Management – Case Study 1 – Haiti Earthquake
Social Media in Emergency Management – Case Study 2 – Christchurch Earthquake
Social Media in Emergency Management – Case Study 3 – Hurricane Sandy
Free Disaster Recovery Plan (DRP) Whitepaper
Free Business Continuity Plan (BCP) Template
View a Cloud based Disaster Recovery Solution

Name (required)

Title/Designation (required)

Company (required)

Email (required)

Phone/Mobile (required)

City (required)

State (required)

Country (required)

Please prove you are human by selecting the Key .

Emergency Management

Business Continuity

Aiming to be a more resilient campus.

Business continuity planning is a university-wide initiative to ensure that Case Western Reserve University will be prepared to resume operations with efficiency in the event of a crisis. Business continuity, a critical component in establishing a resilient university, is the capacity to resume business functions, academic instruction and research activities shortly following a disruptive event. These disruptions could come in the form of natural or manmade catastrophes, large or small.

In the event of a crisis situation, CWRU’s Emergency Management program will direct response efforts, prioritizing the safety and welfare of the campus community. While order is being restored to operational levels across campus, IT will activate their Disaster Recovery plan. Disaster Recovery planning hones in on IT procedures to ensure that vital IT function is unimpeded and essential telecommunications, applications and systems continue to be accessible for the campus community.

Meanwhile, the intention of the Business Continuity Plan is to focus on carrying on operations to support the mission of the university– scholarship, research and service – despite crises of varying magnitude.

Who is Responsible?
Vision, Mission, Values

Business Impact Analysis

Planning considerations, engaging the entire campus.

Business continuity planning will require the participation and support of all CWRU administrative, academic and research-oriented business units. These business units and academic colleges will be engaged in the plan development process by mapping out critical processes and prioritizing resumption and recovery activities in the aftermath of a crisis event.

In collaboration with the university’s Business Continuity manager, departments will identify resources needed to carry on operations essential to the university’s mission.

Business units or departments will nominate a continuity coordinator who will engage both with the department and the business continuity manager. The coordinator will be a liaison to educate colleagues and provide updates on the university business continuity program. Additionally, the coordinator's chief function will be to manage the process of compiling the plan components as they are determined by the business unit.

Promote organizational resilience at Case Western Reserve University with comprehensive planning, preparedness and collaboration.

Through the systematic development of a Business Continuity Plan, Case Western Reserve University’s plan will safeguard the continuity of research and scholarship for our university community’s critical operations within a reasonable period of time.

Restore essential university operations while keeping safety and security paramount.
Foster a collaborative and consultative relationship with departments and business units in the plan creation process to ensure a realistic and functional plan.
Maintain integrity and transparency when drafting the plan to meet the diverse needs of the university community.
Learn from and share best practices of any one department, business unit or college with others, in order to build a more thorough, congruent Business Continuity Plan.
Treat the plan as a living document – it will grow and evolve over time with testing and process refinement

Completing a Business Impact Analysis (BIA) is a fundamental planning exercise for all departments as they begin to think about business continuity. The intention of the BIA is to identify all processes that pass through your area, prioritize those processes that are critical to supporting the university’s mission, and determine all resources needed to ensure process completion. That includes employees, vendors, supplies, equipment, systems, applications.

When completing a BIA, assume the worst case scenario of a university outage for an extended period of time at peak time of year. This outage could entail loss of personnel and could impact a single or multiple campus facilities. The circumstances and university response may differ depending on when the crisis occurs during the academic year.

For an introduction on the purpose of the BIA, and training on how to complete it, please contact the Business Continuity Manager at [email protected]. You will schedule a time to address your business unit and help with identifying critical processes, resources, impacts and any potential gaps.

Once your BIA has been completed, the Business Continuity Manager will continue to be the contact for your department’s business continuity representative(s) and will provide ongoing support and oversight of the plan development process.

Developing a Business Continuity Plan is an interdisciplinary exercise. Collaboration across and within departments will be critical to building a sustainable, meaningful and robust plan. Rather than simply engaging in your own business area, reach out to other dependent and partner organizations. Here are some questions to consider in this process:

What critical services does your department provide?
What work can be done in the event of a loss of a building? How about with the loss of personnel? How about in the event of loss of network connectivity?
Are any employees cross-trained to manage multiple functions, if needed?
Does your department have any manual or back-up processes in the event of a technical failure?
Have all employees been trained in these backup processes?
Does your department have an updated contact list? Is it available offline?
What special equipment, access or system requirements does your department need to function? This includes laptops, desktops, work space, network access, laboratory equipment, machinery.
Identify upstream and downstream dependencies.

Understanding Dependencies

Upstream: The failure of another process, system, unit or equipment that would have a negative impact on your department’s function.

Downstream: The failure of your department’s process, system, unit, or equipment that would have a negative impact on another department’s function.

Key Terms	Definition
Asset	Anything that has value to the university. This could include physical assets, such as plant and equipment, as well as intellectual property, human resources, goodwill and even reputation.
Backlog	An accumulation of work tasks that remains incomplete as the result of a system or application being unavailable for a period of time. Account for the backlog of work when assessing resources (i.e. time, staff and materials) necessary in resuming business operations.
Backup	A process by which both electronic and paper data is duplicated in some form so as to be available and usable if the original data is lost, destroyed or corrupted.
Business Continuity (BC)	The strategic capability of our university to plan for and respond to unplanned outages and business disruptions, in order to continue delivering our university mission at acceptable levels.
Business Continuity Manager	University employee responsible for CWRU Business Continuity program, who works with departments to create plans to keep CWRU functioning after a disruptive event.
Business Continuity Plan (BCP)	A dynamic collection of documented procedures and operational guidelines developed by individual business units. These plans are maintained in the event of a business disruption. The intent of the plan is to enable the university to respond in such a manner that critical business functions would resume with minimal constraints.
Business function	Work or processes performed to achieve specific requirements of the university. Examples would be purchasing supplies, processing invoices, managing cash, interviewing prospective employees, conducting research, providing training, etc.
Business Impact Analysis (BIA)	The process of identifying business functions and the impact a business disruption could have on both the function itself and the university at large.
Business unit	A department or unit within the university.
Campus Incident Management Team (CIMT)	At Case Western Reserve University, the CIMT’s role is to provide strategic guidance to support on-scene incident management activities, coordinate decision making and resource allocation among cooperating departments and external partners, establish the priorities among incidents, and harmonize university policies.
Compliance	Upholding the highest ethical and professional standards of conduct, intending to operate in full accordance with all applicable laws and policies. Reference the university Compliance Program for specific details.
Contact list	List of all critical contacts, such as campus contacts, employees, critical vendors.
Continuity of Operations Plan (COOP)	While very similar to a Business Continuity Plan, a COOP is used mainly in the context of government or military agencies.
Crisis	An aberration or event that threatens the university operations, its students, staff, and visitors.
Critical	A term to describe the importance of an operational process or resource that must be made available at the earliest possible opportunity after an incident or business disruption.
Critical activities	Activities which must be performed in order to deliver key services and products to enable the university to meet its most important and time-sensitive objectives.
Critical business function	A business function that is vital to the university; without it the university will either dysfunction or lose the capability to effectively achieve its critical objectives.
Dependency	The reliance, directly or indirectly, of one activity or process upon another. Dependencies could be with either internal or external parties.
Disaster	A serious or sudden event, such as an accident or natural catastrophe that causes great damage, injury or loss and disrupts the university’s ability to carry on its critical business functions.
Disaster Recovery (DR)	The ability of the university to provide critical Information Technology (IT) and telecommunications capabilities and services, after a disruption caused by emergency, incident or disaster.
Disruption	An event that interrupts any normal business functions, operations or processes. Disruptions may be anticipated (i.e. hurricane, political unrest, planned outage) or unanticipated (such as terror attack, technology failure, earthquake)
Document	Any medium containing information – paper or electronic.
Downtime	A period of time when something is not in operation, or has been shut down, either planned or unexpectedly.
Emergency	An emergency is a serious, unexpected, and often dangerous situation requiring immediate action and response.
Emergency Management (EM)	Efforts by Case Western Reserve University and the Office of Emergency Management team to prepare for, protect against, mitigate the effects of and recover from natural or man-made disasters or acts of terrorism. The Office of EM works in collaboration with police, campus security, environmental health and safety, university communications and other campus management centers.
Emergency Operations Center (EOC)	The central command and control facility responsible for carrying out the principles of emergency management. The staff at the EOC, the Operations, and Policy Groups, is responsible for making operational decisions, gathering, analyzing data, making decisions protecting life and property, disseminating decisions and information to all concerned agencies and individuals.
Emergency Operations Group	This group is comprised of key leadership from department or business units that have a direct role in emergency response activity on campus. Their responsibilities include liaise with on-scene incident command; mobilize, coordinate and direct campus emergency response resources; support emergency procurement of supplies and equipment etc. Reference the CWRU Emergency Response Framework for more information.
Emergency Response Framework (ERF)	At Case Western Reserve University, a reference document detailing how the university’s core decision makers will respond to a crisis of any magnitude. The framework identifies principals, personnel, roles, resources, structure and partners that provide for an integrated, flexible, efficient university response.
Essential services	Infrastructure services without which a building or area would be considered disabled and unable to provide normal operating services; includes utilities (electricity, water, gas, steam, telecommunications), and may also include standby power systems or environmental control systems.
Event	Occurrence or change of a particular set of circumstances. See “Incident”
Exercise	Rehearsal of the roles of team members and staff, testing the recovery or continuity of an organization’s systems (i.e. technology, telephony, administration) to demonstrate business continuity competence and capability.
Facility	Any infrastructure or plant and related systems that have a specific function or service on campus.
Financial impact	Expenses undertaken following a business interruption or disaster which cannot be offset by income, and directly affects the university’s financial position.
First responder	A member of an emergency service who is first on the scene at a disruptive incident.
Hazard	A danger or risk leading to an unwanted incident, which may result in harm to individuals, assets, systems or organization, the environment or community.
Hot site	A facility equipped with fully synchronized technical requirements including IT, telecom and infrastructure, which can be used to provide rapid recovery and resumption of operations.
Incident	An event that has the capacity to lead to a loss of business or disruption to an organization’s normal operations, services or functions, and if mishandled, could escalate to an emergency, crisis or disaster.
Incident Command System (ICS)	A standardized, on-scene, all-hazards incident management approach, operating within a common organizational structure. It is designed to aid in the management of resources during incidents.
Organization	A group of people and facilities with an arrangement of responsibilities, authorities and relationships (i.e. company, university, firm, enterprise, institution, etc.) An organization can be public, private or non-profit.
Phone tree	A pre-determined, tiered telecommunication chain that enables a list of persons to be notified of an incident. Phone trees (or call trees) can only be successful if employee contact information is up-to-date and multiple contact options are provided.
Policy Group	The CWRU Policy Group is made of senior leadership personnel with authority to make broad-based policy decisions for the entire university during a crisis. Responsibilities of the Policy Group mirror those of the Office of the President and senior leadership including: setting broad, strategic goals for the entire campus incident management team; making decisions about closures and associated timelines; continuing of academic operations and decisions regarding instruction; liaising with and addressing concerns of the Board of Trustees. Reference the CWRU Emergency Response Framework for more information.
Process	A series of interrelated actions taken to reach an identified goal.
Record	A collection of documented information, regardless of characteristics, media, physical form, or the manner it is recorded or stored. Generally speaking, records provide evidence of activities (whereas documents provide evidence of intentions).
Recovery point objective (RPO)	The ability of your systems to recover data in the event of failure and the maximum tolerable period of time in which data might be lost. Determining the RPO allows administrators to determine the minimum frequency for which data back-ups would be required.
Recovery strategies	The methodology employed by the university to restore critical operations and systems to their normal status following a disaster. Recovery strategies could include:
Recovery time objective (RTO)	The maximum time allowed between an outage and resumption of normal operations.
Sub-process	One or more tasks that accomplish a significant portion of a process.

Frequently Asked Questions

Why Business Continuity Planning?

In the event of any disruption on campus or in Cleveland, CWRU’s administrative, academic and research operations will be momentarily paused until the emergency situation has been addressed. The Emergency Response Framework has been designed to focus on the mitigation of immediate safety hazards.

Any prolonged disruption could have a dual impact on the University. Primarily, student instruction might be impeded and research initiatives may stall while order and safety is assured on the campus. The secondary impact, however, is a more subtle, long-term concern; the University might experience student attrition and the loss of faculty to other institutions. CWRU’s response to and recovery from a disruptive event could also color its reputation and public image. Therefore, an organized, efficient course of action to restore operations will be of utmost importance.

While restoration efforts to bring CWRU to a normal state may occur in stages, based upon the type of incident, the University will prioritize the resumption of core academics and major research projects.

What is the difference between Emergency Management and Business Continuity?

Emergency management at CWRU is focused on planning for and coordinating the response to mitigate and recover from a natural or man-made disaster situation. The safety and welfare of the campus community -- students, faculty, staff and visitors – are paramount, and emergency responders are responsible for addressing immediate life safety concerns.

Meanwhile, business continuity is CWRU’s capability of carrying on essential university academic, research and administrative operations. In essence, business continuity bridges emergency response and normal operations.

How does Disaster Recovery differ from Business Continuity?

Disaster Recovery focuses on the continuation of information technology services and systems. This includes critical applications and telecommunications. CWRU’s Information Technology Services (ITS) has developed a stand-alone Disaster Recovery Plan that is not included in CWRU’s business continuity program. The two plans are designed to work in alignment, rather than one supersede another.

What are the components of a Business Continuity Plan?

A Business Continuity Plan for your academic college, department or business unit will account for details related to the following:

Contact numbers
Contact list (or location of list), phone tree
Departmental Chain of Command
Recovery time frames
Primary responsible staff
Workstation requirements – computers, phones, printers, etc.
Special equipment
Special forms required
Data recovery information
Critical Vendor Contact Information

How are critical or essential business functions defined?

Business functions are defined as work or processes performed to achieve specific requirements of the University. Examples would be purchasing supplies, processing invoices, managing cash, interviewing prospective employees, conducting research, providing training, etc.

Critical or essential business functions are defined as a business functions that is vital to the University – without it, the University will either dysfunction or lose the capability to effectively achieve its critical objectives.

What are some guidelines for identifying critical business functions?

The interruption of critical business functions may have a serious impact on your college, department, business unit or the University at large. Some of your critical business functions may be temporarily halted as your department recovers from the disruptive event; if this is the case, identify the time frame in which the function must be back on schedule.

The extended suspension of a critical business function (or shared services) could have a ripple effect on affiliate departments, so consult your business partners when drafting your plan. Consider the impact that deferring any of your critical business functions might have on others.

Critical business functions:

Support the primary mission statement
Support other agencies’ mission critical function
Must be recovered quickly
Have a high dollar impact on the University
Have a high business impact
Have widespread public ramifications or implications
Have legal or compliance requirements / liabilities

Who is responsible for business continuity planning?

Business continuity planning is a campus-wide initiative and will engage all CWRU administrative, academic and research-oriented departments and business units. This encompasses all colleges and schools, departments, and other units that conduct teaching, research or public service. Any other units that provide essential support or infrastructure to these units should also develop business continuity plans. Meanwhile, the University administrative leadership will develop an over-arching strategy to provide general guidance as to how they will deploy the Business Continuity program at time of incident.

What is a Business Impact Analysis (BIA)?

A BIA is a tool to help your department understand the effect of an interruption on your regular operations and critical business functions. This is a departmental exercise where employees outline processes and prioritize them based on urgency to fulfilling the department’s mission.

Should we appoint a department business continuity coordinator?

Yes, preferably a staff or faculty member who has access to senior level management. This will be a part-time responsibility for the coordinator, but their role will be part facilitator, part project manager. The BC coordinator in your department or division will administer the plan inputs and any updates, with support from the CWRU Business Continuity Manager.

Who should be part of the planning process?

In essence, all levels of the department, school or business unit will be involved in the planning process. The dialogue around business continuity should circulate among upper and middle managers, associate and assistant deans, key functional managers, building coordinators and other support staff. Planning groups should be relatively small in size and interdisciplinary in order to cover process dependencies.

How long will it take to craft a Business Continuity Plan?

The time frame to complete a plan will depend on the individual department and the essential business processes they perform. However, the process in total need not take more than one quarter of the year. Longer time frames do not necessarily produce better plans. Since departments and business units will be provided with plan templates, completing the Business Impact Analysis will likely be the most time consuming portion of the planning process, while writing the plan itself will be the shortest.

How can we craft a plan to handle unknown circumstances?

The CWRU Business Continuity Program adopts an all-hazards approach; most disruptive events (weather-related catastrophes, human disasters, pandemic, etc.) will impact the University’s ability to function in similar ways. Essentially, they will temporarily impede normal operations and access to resources regularly utilized, including:

Facilities and space (classrooms, offices, labs)
Infrastructure (power, sewer, water, network connectivity and VOIP)
People (staff and faculty)
Equipment (computers, special machinery/devices)
Funds (income stream)

Planning strategy should focus on:

Identifying critical resources
Safeguarding these resources against loss – backing up data, systems, safe storage of research materials and proprietary data
Actions that could help mitigate the impact of losses
Replacing resources quickly (backup supplies, contracts with same or alternate vendors)
Performing essential business functions without traditional resources (working from home, distance learning technology, cross-trained employees, sharing facilities with unaffected areas)
Providing information to the impacted community with information and updates, post-disaster

What assumptions can we make about what the campus will do to support us after a business disruption?

Here are some reasonable assumptions:

Access to buildings: If campus officials have any reason to suspect that a building is hazardous to enter, the building will not be open or accessible. You may be unable to access your office, lab, classroom or residential building for an extended period of time until all hazards have been removed.
Locating temporary space: Any advanced arrangements that you can make within your own divisions to share office or lab space would be to your benefit. In the event that your space has been damaged or is inaccessible, CWRU leadership will make every effort to secure temporary, alternate locations for your work to continue. If the circumstances result in a campus-wide closure, reassignment and temporary workspace planning will be evaluated accordingly.
Computing infrastructure: The University Technology [U]Tech Disaster Recovery Plan focuses on the restoration of critical centrally-supported IT applications. Resumption of network connectivity will be of highest priority after any disruption. Within your own units, we strongly encourage that you take steps to back up your data and develop plans on recovering your individual servers and applications.
Communications protocol: Communications with the campus community -- students, faculty, staff and the public – will be managed by University Marketing and Communications to ensure consistency and clarity of messaging. As functionality is restored to your specific area, internal communications will be handled by your departmental leadership. Develop a communications strategy for your department or division, including updated contact lists and phone trees.
Employee welfare: Personnel-related issues may arise during a disaster or disruptive event regarding payroll, temporary leave, benefits, temporary reassignments, work-from-home, layoffs, family issues, etc. As Human Resources (HR) cannot develop universal policies to cover any and all extenuating circumstances, HR will be available to provide guidance to assist departments in these complex areas. Should your department have any specific concerns for HR, seek counsel in advance of any disaster.

All Courses, One Price. Unlimited Access and Many Benefits.

April accelerate sale 2024 : 67% savings on subscription. offer ends soon april accelerate sale 2024 : 67% savings on subscription. offer ends soon 00 hrs : 00 min : 00 sec, 7 days free trial.

for Enterprise Subscriptions

$25 /user (Minimum 10 users)

$199 /user (Minimum 3 users)

You have Not Selected the Monthly or Annual Plan

#1 Global Platform for Continuing Education

13,000+ Hrs of Latest Content
600+ Expert Speakers & Presenters
100+ Qualification Approved
Live Webinars, On-Demand Videos
Virtual Events, Ebooks, Podcasts, Short Videos
Professional Certificate Courses
Mobile Application

Create your Free Account | Get Unlimited Access only @$199/Year ( View Details )

Trusted by 250,000+ Professionals for Continuing Education

Create Your Account 1/2

Already have an account? Log In

Payment Details 2/2

Your Promo code is Applied and 20% off on your all purchases

We never share your Personal details with anyone

You can not select previous month and year.

Didn’t received verification email? Resend Email

We've sent a verification code to your email. Please check your inbox, and don't forget to peek into your spam folder, just in case.

Welcome aboard! Your email is now verified. Simply click 'Subscribe' to start your myCPE journey.

We never share your Payment details with anyone

To Continue using Trial, please verify your email address

You can cancel anytime during your trial period.

Want to Create New Account? Sign Up

Complete Access to 12,000+ Hours of Content

Live Webinars & Conferences (8000+ Hours)
On Demand Courses (4000+ Hours)
MultiCredit Courses (4000+ Hours)
Ethics Courses (500+ Hours)
Qualification Specific Packages (3000+ Hours)
Certification & Training Programs (1500+ Hours)
Credit Tracker and Certificate Vault

Mobile App Access

$199 $499 $299

Flat $300 Off

$359 Save 9%

Flat $639 Off

$499 Save 16%

Flat $998 Off

Trusted by 250,000+ Professionals

"Steven was knowledgeable and thorough…”

Steven was knowledgeable and thorough in his information about the product and what is offered. He was empathetic to my situation. He went above and beyond answering all of my many questions. Excellent service!

Crystal lovejoy

"great customer service”.

Great service and very patient as I asked several questions. Steven answered all my questions and helped me make the right decision in my subscription purchase. Thank you.

"It is what it advertised to be”

It is what it advertised to be. Professional quality training and CPE tracking and certificates; systems knows AZ CPA CPE requirements and categories. I've needed help on several occasions and the assistance was quick and effective; however, there were some problems with data entry. The assistance sometimes asks for input, but when I try to type it is dissallowed for some reason. On several occasions I had to close the popup to get it out of my way.

Brian Carey

"great customer service”.

Great customer service. Classes are pertinent. Great value

Account Information

Payment Details

Guaranteed safe & secure checkout

Credits Processed

Course Reviews Verify

Available on

Start your Subscription Back

$199 / 12 Months

$199 /User

Flat $300 Off

$359 /User Save 9%

Flat $640 Off

$499 /User Save 16%

Flat $1000 Off

Subscribe now at $199 / 12 months.

User Information

Get 60% Off

Get 64% off, get 67% off.

$25 $35 / User

Get 25% Off

Your Total: $597

[email protected]

$597 for 3 Seats

Verification Code

Share code you received on your registed email

Topic of Interest

Select the topics of your interest to receive Webinars/Virtual Events/E-Books/Podcasts of your interest.

Tax Planning

Tax Updates

Business Tax

Individual Tax

Human Resources

Financial Planning

Business Management

Financial Reporting

IRS Representation

Real Estate

Risk Management (Auditing)

Internal Control

Internal Audit

Fraud & Forensics

Cyber Security

Fraud Investigation

Personal Development

Management Accounting

Business Law

Personal Finance

Employment Law

Behavioral Finance

Data Analytics

Wealth Planning

Business valuation

A & A (Govt)

International Tax

Artificial Intelligence

Risk Management (Finance)

Yellow Book

Capital Budgeting

Single Audit

Construction Audit

Project management

Oil & Gas Industry

Philanthropy

Money Laundering

Social Security

Trust & Estate

Selected Topics

Important: course deactivation alert.

Below mentioned Courses will be deactivated soon due to outdated content. Complete the course within the next 7 days to receive credits. After Expiry date, the course will be unavailable for credit. For assistance or inquiries, please contact our support team at [email protected] .

Course Name

Disaster recovery and business continuity planning in oil and gas industry 1.5 credits, denise cicchella.

Published on

August, 2024

Subject Area

Select your learning mode

Access the course at your convenience
Take the assessment test
Get your certificate
Answer the polling questions

Recommended

Learning Objective

Discuss the oil and gas industry's key components and best disaster recovery practices (DR).
Develop effective business continuity (BC) strategies to ensure ongoing operations during crises.
Learn to create robust crisis communication plans for situations where traditional phone services are unavailable.
Analyze past oil and gas disasters to identify effective response strategies and lessons learned.
Foster a culture of preparedness by implementing best practices in crisis management and business continuity planning.

Course Overview

Disaster recovery (DR) and business continuity (BC) are paramount in the oil and gas industry, where operational disruptions can have significant consequences. DR involves restoring critical systems and infrastructure post-disaster, whether from natural calamities like hurricanes or technological failures. On the other hand, BC ensures ongoing operations during crises, safeguarding personnel, assets, and compliance amidst disruptions. This course delves into strategies and frameworks tailored to mitigate risks and sustain operations in this complex sector.

The ability to recover swiftly from disasters is crucial in the dynamic oil and gas sector. This session outlines proven DR methodologies and BC strategies that underpin resilient operations. Participants will explore case studies of past disasters to assess response effectiveness, emphasizing lessons learned and best practices in crisis management.

Major Topics:

Disaster Recovery (DR) in Oil and Gas
Business Continuity (BC) Strategies
Crisis Communication in Disrupted Environments
Case Studies: Lessons from Past Oil and Gas Disasters
Dos and Don'ts of Crisis Management Planning

Join Denise Cicchella to cultivate a culture of preparedness within your organization. Gain insights into crisis communication strategies in scenarios where traditional communication channels fail. Discover dos and don'ts in crisis management planning to effectively navigate unforeseen challenges. By the end of this course, you'll be equipped with actionable tools to enhance your organization's disaster resilience and business continuity capabilities.

Dive into the world of CPA CPE Courses with MY-CPE. Our online courses are here to help you complete your CPA CPE credits seamlessly. We cover a wide range of topics delivered by professional subject matter experts. Forget the traditional way of learning with flexible scheduling and learn at your own pace. Join us and start your journey toward professional growth today!

View more Real Estate CE Courses for your continuing professional education.
View more Insurance CPE Courses for your continuing professional education.
View more Business Valuation CPE Courses for your continuing education.
View more ESG Reporting CPE Courses for your continuing professional education.

On Demand Credits

1.5 CPE Credit of Auditing for Certified Public Accountants (CPA-US)
1.5 General Credit of Auditing for Accountant/Bookkeeper/Tax Professionals
1.5 CPD Credit of Auditing for CPA in Canada
1.5 CPE Credit for Certified Internal Auditors (CIA)
1.5 CPE Credit for Certified Fraud Examiner (CFE)
1.5 CPE Credit of Enterprise risk management for Certified Management Accountants (CMA)
1.5 CPE Credit for Certification in Risk Management Assurance (CRMA)
1.5 CPD Credit for Certified Financial Forensics (CFF)
1.5 CPE Credit for Certified Government Financial Manager (CGFM)
1.5 CPE Credit for Certified Government Auditing Professional (CGAP)
1.5 CPE Credit for Internal Audit Practitioner (IAP)
1.5 CPD Credit for Association of Chartered Certified Accountants (ACCA)
1.5 CPD Credit for Chartered Accountant - ICAEW
1.5 CPE Credit for Qualification in Internal Audit Leadership (QIAL)
1.5 CPE Credit of Auditing for Iowa Licensed Public Accountant (IA-LPA)
1.5 CPE Credit of Auditing for Maine Licensed Public Accountant (ME-LPA)
1.5 CPE Credit of Auditing for Delaware Licensed Public Accountant (DE-LPA)
1.5 CPD Credit for CPA - Ireland
1.5 CPD Credit for Chartered Accountants - Scotland
1.5 CPD Credit for Chartered Accountants - Ireland (CAI)

Live Webinar Credits

1.5 CPE Credit for Certified Management Accountants (CMA)

Additional Information

Course Level

Instructional Method

QAS Self Study

Group internet based.

Pre-requisites

Advance Preparation

NASBA APPROVED

MY-CPE LLC, 1600 Highway 6 south, suite 250, sugar land, TX, 77478

MY-CPE LLC (Sponsor Id#: 143597) is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors.

About Instructor

Founder & CEO, Auspicium

Denise Cicchella is a seasoned expert in audit and compliance, boasting over two decades of experience in the industry. As a Certified Internal Auditor (CIA) and Certified Fraud Examiner (CFE), she has a distinguished track record of enhancing organizational integrity and efficiency through meticulous financial oversight and strategic risk management. Denise’s expertise spans various sectors, including healthcare, manufacturing, and finance, where she has consistently demonstrated her ability to uncover and mitigate fraud, optimize internal controls, and drive compliance initiatives.

Denise is a published author and has written four books on internal audit and project management. They are:

Construction Audit Guide: Overview, Monitoring and Auditing
Effective Auditing for Corporates
Essentials of Construction Management and
Construction Audit Building a Solid Foundation.

On Demand FAQs

What is self study (qas).

Self Study QAS (Quality Assurance Service) is a NASBA and other regulatory bodies approved program designed for Professionals to complete their Continuing Professional Education credits through self-paced, interactive courses that meet the highest standards of quality and compliance. We are approved by NASBA, IRS, CFP Board, HRCI, SHRM, Payroll Org, FP Canada, and 25+ other regulatory bodies.

How do I earn CPE credits through self-study?

To earn CPE credits, you must complete the self-study course, pass the required assessments, and submit the necessary documentation. Credits are awarded based on the completion of course hours and successfully passing the assessments.

Are the self-study courses approved by NASBA and other regulatory bodies?

Yes, all our self-study courses are approved by NASBA, IRS, CFP Board, HRCI, SHRM, Payroll Org, FP Canada, and 25+ other regulatory bodies, ensuring they meet the rigorous standards for quality and educational content set by these organizations.

What are the requirements to maintain compliance with self-study courses?

To maintain compliance, you must follow the guidelines set by NASBA and other regulatory bodies, which include completing the course within the specified timeframe, passing the assessments, and keeping accurate records of your learning activities.

How can I access my course completion certificates?

After successfully completing a self-study course and passing the assessments, you can access and download your course completion certificates from your account dashboard on our platform. These certificates are recognized by NASBA, IRS, CFP Board, HRCI, SHRM, Payroll Org, FP Canada, and 25+ other regulatory bodies for compliance and reporting purposes.

How are credits reported to governing bodies?

We issue instant credit certificates, ensuring they are valid for presentation to governing bodies. Typically, we report IRS, CTEC, CFP, IDFP, IWI, VBOA Ethics credits within 7 days – the fastest in the industry.

Live Webinar FAQs

What is a live webinar group internet-based credit.

A Live Webinar Group Internet-Based Credit is an interactive, real-time online seminar where professionals can earn Continuing Education credits by participating in live sessions led by experts in various fields. These sessions meet the standards set by NASBA, IRS, CFP Board, HRCI, SHRM, Payroll Org, FP Canada, and 25+ other regulatory bodies.

How do I earn credits through live webinars?

To earn credits, you must attend the entire live webinar, actively participate in any polls or questions, and complete any required evaluations or assessments. Credits are awarded based on your attendance and participation in the live session.

Are the live webinars approved by NASBA and other regulatory bodies?

Yes, all our live webinars are approved by NASBA, IRS, CFP Board, HRCI, SHRM, Payroll Org, FP Canada, and 25+ other regulatory bodies, ensuring they meet the high standards for quality, interactivity, and educational content set by these organizations.

What are the requirements to maintain compliance with live webinar courses?

To maintain compliance, you must adhere to the guidelines set by NASBA and other regulatory bodies, which include attending the full duration of the webinar, participating in interactive elements, and completing any post-webinar evaluations or assessments.

How can I access my webinar completion certificates?

After successfully attending a live webinar and fulfilling all participation requirements, you can access and download your completion certificates from your account dashboard on our platform. These certificates are recognized by NASBA, IRS, CFP Board, HRCI, SHRM, Payroll Org, FP Canada, and 25+ other regulatory bodies for compliance and reporting purposes.

Ratings and Review

Most Relevant

Joanne Rawlinson, CPA in Canada

This is one of my favorite presenters. The information is relevant and interesting.

Preston Davenport, CPA (US)

Very informative.

Multiple Credits

Earn continuing education credits with flexibility. Choose from live webinars, on-demand courses, e-books, or podcasts to fit your learning style and schedule.

Certifications & Reporting

Credit Tracker

Track and manage your compliance across all 50 states and over 100 designations. Our Credit Tracker keeps your CPE credits and compliance requirements always up-to-date.

Certificate Vault

Certificate Vault to upload, manage, and access certificates earned from various sources and an integrated credit tracker, allowing users to monitor and manage their credits conveniently for compliance.

Compliance Reminders

Stay current with our automated reminder system. Receive timely alerts for your CPE requirements, ensuring you never miss a deadline.

The myCPE Mobile App allows you to learn on the go, providing access to educational content on Android and Apple iOS devices. You can learn anytime and anywhere, making it convenient for busy schedules.

Live Support

Our support team is available via live chat, email, and phone from 9 AM to 5 PM ET. We're here to help with any questions or issues, ensuring you have a seamless experience.

Exclusive mobile app for our unlimited access subscribers

Recommended Webinars

Live Webinars

Dr. Robert Minniti

Comprehensive Identity Theft - 2024 Update

Sep 09, 09:00 AM ET

Ross Maynard
1.5 Credits

Sustainability Disclosure Standards: IFRS S1 and S2

Sep 09, 10:00 AM ET

Jennifer Louis, CPA (US)

The Basics of Derivative and Hedge Accounting

Registration Completed

Something Went Wrong!! Please Try Again.

Please update your profile to claim your continuing education credits..

Thank you for subscribing 7 Days Free Trial.

Please upgrade your browser to use MY-CPE

Experience MY-CPE at its best! Upgrade your browser for a more interactive, user-friendly interface, and stay ahead in your professional development journey.

Can't upgrade? Download Latest Version from below

Google chrome.

Version 115+

Microsoft Edge

Mozila firefox, apple safari.

Version 16.5+

How did you find out about us?

We were looking so hard for you now that you are finally here, So would you tell us how you found out about us?

Google Search
Friend’s Referral
Social Media

Thanks for your support

What is your primary purpose to use mycpe.

For Continuing Education Credits
For Updates
For Learning Purpose
All of the above

Thank you for submitting your inquiry! We will contact you soon.

Our Promise

Honest pricing, clear value.

Honest pricing without fake sales or discounts.
Prices set at $199 from 2021, maintaining stability despite inflation.
We help you save 70% or more money compared to competitors.
Our objective is to make continuing education affordable and accessible.
Delivering over 3 million credits annually.
Ensuring quality and consistency in all courses and materials.

Something Just Gone Wrong.

IMAGES

(PDF) Disaster Recovery Plan For Business Continuity: Case Study Of
Business continuity disaster recovery plan examples
Business Continuity & Disaster Recovery 101
Business Continuity and Disaster Recovery Plan Template
Guide to business continuity and disaster recovery
What is a disaster recovery plan (DRP)?

VIDEO

What is the Difference Between Business Continuity and IT Disaster Recovery?
Disaster Recovery vs. Business Continuity: Ensuring Application and Workforce Resilience
How Often Should You Update Your Business Continuity Plan?
Business Continuity & Disaster Recovery
Business Continuity / Disaster Recovery Strategies
Implementing Business Continuity Software Will Not Save Your Program

COMMENTS

Disaster Recovery Plan for Business Continuity: Case Study in a ...
That is why this study concluded that, it is important to make sure that all the production and business operation systems are properly backed up with an appropriate technology for easy and quick recovery for business continuity in case of any disruption may occur.
(PDF) Disaster Recovery Plan For Business Continuity: Case Study Of
Business continuity and disaster recovery are critical components used to ensure that the systems essential to the operation of organization are available when needed. ... 2016 Disaster Recovery Plan For Business Continuity : Case Study in a Business Sector Author: Jacob Joseph Kassema INFORMATION TECHNOLOGY DISASTER RECOVERY (ITDR) An ...
7 Real-Life Business Continuity Plan Examples to Learn From
Business Continuity & Disaster Recovery Systems: Outline the systems and procedures that should be used to maintain continuity or recover from an outage. ... Business continuity plan case study. In February 2023, a ransomware attack struck Karmak - a prominent technology solutions provider for the trucking industry. However, the company acted ...
Case Studies
While a Disaster Recovery plan is focused on recovery restoration of the IT infrastructure, the Business Continuity Plan also includes in scope the non-IT related aspects that are related to the recovery/continuity process. The case studies presented in this segment are typical examples of Disaster Recovery and Business Continuity through using ...
Disaster Recovery Plan for Business Continuity: Case Study in a
DRP Technologies IT DR Technologies varies and are of different, depending on the nature of the services, size of the data, and means of access, now days cloud computing is the most reliable business continuity plan as a Disaster Recovery Plan of an organization, and it is at the high level from Disaster Recovery Software and Hardware, the ...
PDF Case Study of Business Continuity Plan and Disaster Recovery Plan for
1.1 Objectives. This research aims to establish business continuity and disaster recovery plan to control risks and recover as quickly as possible from any crisis or serve as a foundation for future research on business continuity, disaster recovery, and risk management. 2. Literature Review.
What Is Business Continuity Disaster Recovery (BCDR)?
What Is Business Continuity Disaster Recovery (BCDR)?
What is business continuity and disaster recovery (BCDR)?
BCDR definition. A business continuity and disaster recovery plan is a combination of business processes and data solutions that work together to ensure an organization's business operations can continue with minimal impact in the event of an emergency. Business downtime can be caused by events like: Natural disasters.
Evaluation of Business Continuity Management
To provide suggestions on how the Company's Business Continuity Management-practices can be updated to improve future disaster recovery. Method The study followed a combined explanatory and descriptive approach. A theoretical framework was developed and applied in a multiple case study to create an increased understanding of the research area.
Business Continuity and Disaster Recovery Planning, a Case Study at XYZ
This research aims to help initiate the development of business continuity and disaster recovery plan in a medium-sized enterprise, called XYZ, as a case study. To obtain information needed on ...
Disaster Recovery and Business Continuity Plans
In the 1970s, organizations started preparing Disaster Recovery (DR) plans, which were mainly focused on natural disasters. In the 1980s and onwards, the focus shifted to a more holistic view, named Business Continuity (BC). While disaster recovery narrowly focused on how to bring systems back online after a disaster, business continuity aimed ...
Business recovery from disaster: A research update for practitioners
Business Continuity Planning (BCP) is well established as a key plank in an organisation's risk management process. ... Efficacy of insurance for organisational disaster recovery: Case study of ...
PDF CASE STUDY: Small Organization Business Continuity Plan Creation
Business Continuity Planning (BCP) is a rigorous and well-informed organizational methodology ... The company that will be the focus of this case study is Blue Viceroy Health Data. It provides a ... disaster recovery and business continuity. IT has its data backup, but that is no substitute for a fully implemented BCP. Therefore, he makes it a ...
Real-life business continuity failures: 4 examples to study
The National Health Service (NHS) is one of the largest employers in the U.K. Downtime costs significant money and endangers public healthcare, making the Aug. 4, 2022, ransomware attack on the NHS a prime example of a disastrous business continuity failure. The attack, which targeted a major software provider for the NHS, took several months ...
Disaster Recovery Plan for Business Continuity: Case Study in a
Disaster Recovery Plan for Business Continuity: Case Study in a Business Sector Information Technology Disaster Recovery (ITDR) "An ITDR provides a structured approach for responding to unplanned incidents that threaten an IT infrastructure, which includes hardware, software, networks, processes and people. ... now days cloud computing is the ...
Case study: Implementing business continuity in the upstream and
Case study introduction. This case study addresses a recent business continuity and disaster recovery planning implementation in one of the largest petrochemical companies in the Middle East, located within an industrial city that contains over 15 similarly large companies (refineries, fertiliser producers, steel manufacturing, etc.).
PDF BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING
this plan. [9] As mentioned above, business continuity and disaster planning are closely related. CSO magazine tells us that these plans need to include how employees will communicate, where they go during a disaster and how they will keep doing their jobs. CSO provides a list of the essential elements a business continuity and disaster ...
Business Continuity vs. Disaster Recovery
Business continuity plan (BCP): A BCP is a detailed plan that outlines the steps an organization will take to return to normal business functions in the event of a disaster. Where other types of plans might focus on one specific aspect of recovery and interruption prevention (such as a natural disaster or cyberattack), BCPs take a broad ...
Business Continuity Plan (BCP)
Business Continuity. Business Continuity refers to the set of steps taken to resume operations with minimum possible delay following an incident such as an accident or a natural calamity that can slow down or even disrupt the proper functioning of a business unit. It is a broad domain with an area of study that overlaps those of many related ...
Disaster Recovery
Were thus identified business needs to ensure Disaster Recovery and especially business continuity in case of disaster. The description of the project and its deliverables were developed based on the requirements gathering process, the analysis of the existing infrastructure and future needs of the same, risk analysis and external experts in ...
Business Continuity
Disaster Recovery planning hones in on IT procedures to ensure that vital IT function is unimpeded and essential telecommunications, applications and systems continue to be accessible for the campus community. Meanwhile, the intention of the Business Continuity Plan is to focus on carrying on operations to support the mission of the university ...
Business continuity as self-efficacy: Augmenting existing business
Botha Jacques, Von Solms Rossouw. 2004. "A Cyclic Approach to Business Continuity Planning." Information Management & Computer Security 12 (4): 328-337. ... "The Impact of Disasters on Small Business Disaster Planning: A Case Study." Disasters 31 (4): ... Business Continuity, and Disaster Recovery at Penn Medicine, the Health System ...
Disaster Recovery and Business Continuity Planning in Oil and Gas
Participants will explore case studies of past disasters to assess response effectiveness, emphasizing lessons learned and best practices in crisis management. Major Topics: Disaster Recovery (DR) in Oil and Gas; Business Continuity (BC) Strategies; Crisis Communication in Disrupted Environments; Case Studies: Lessons from Past Oil and Gas ...

Disaster Recovery Plan for Business Continuity: Case Study in a Business Sector

Jacob Joseph Kassema

Jacob Joseph Kassema (Contact Author)

Do you have a job opening that you would like to promote on SSRN?

Organizations & Markets: Policies & Processes eJournal

7 Real-Life Business Continuity Plan Examples You’ll Want to Read

Business Continuity Examples & Failures

2) The city of Atlanta is hobbled by ransomware

3) Fire torches office of managed services provider (MSP)

4) Computer virus infects UK hospital network

5) Electric company responds to unstable WAN connection

6) German telecom giant rapidly restores service after fire

7) Internet marketing firm goes mobile in the face of Hurricane Harvey

Examples of business continuity failures

Examples of threats to your business continuity

Business continuity technology

Examples of business continuity plan

Business continuity plan case study

Frequently Asked Questions

2. What are examples of business continuity plans?

3. What is a real-life example of business continuity?

Avert disaster with the technology your business needs

Join 23,000+ readers in the Data Protection Forum

Do you know what makes Datto Encryption So Secure?

2023 Guide to Datto SaaS Protection for M365 and Google Workspace

Where’s My Data? 411 on Datto Locations around the Globe

Guide to Datto SIRIS Models for BCDR

5 Datto Competitors to Compare (Plus Some Free Alternatives)

What is business continuity and disaster recovery (BCDR)?

BCDR definition

The difference between business continuity (BC) and disaster recovery (DR)

Why BCDR is important

What does a BCDR plan do?

Solutions to support your BCDR strategy

What are some common challenges businesses face when implementing BCDR plans?

How often should BCDR plans be reviewed and updated?

What is the difference between hot, warm, and cold sites in BCDR planning?

Related Blog Posts

Recommended

Evaluation of Business Continuity Management - A case study of disaster recovery during the Covid-19 pandemic

Summary, in English

Disaster Recovery and Business Continuity Plans

What is a Business Continuity Plan?

7 Chapters of a Business Continuity Plan

Business Continuity vs. Disaster Recovery Plan

Business Continuity Plan in Action: Hour by Hour

Ensuring Business Continuity for Your Data with Cloudian

Get Started With Cloudian Today

Request a Demo

Download a Free Trial

Real-life business continuity failures: 4 examples to study

FAA system failure causes U.S. ground stop

Microsoft Azure/Office outage halts users internationally

Fire damages OVHcloud's data center -- and reputation

Ransomware compromises NHS Foundation Trust

Dig Deeper on Disaster recovery planning and management

OVHcloud debuts ‘comprehensive’ carbon calculator for customers

OVHcloud opens India datacentre

FAA outage highlights importance of high availability

Top 10 cloud stories of 2022

Disaster Recovery Plan for Business Continuity: Case Study in a Business Sector

Related Papers

RELATED PAPERS

RELATED TOPICS

1. Run a business impact analysis

2. Create potential responses

3. Assign roles and responsibilities

4. Rehearse and revise your plan

1. Run a business impact analysis

2. Inventory your assets

4. Rehearse your plan

Implementation

Business Continuity

Business Impact Analysis

Understanding Dependencies

Frequently Asked Questions

All Courses, One Price. Unlimited Access and Many Benefits.

#1 Global Platform for Continuing Education

Create Your Account 1/2

Didn’t received verification email? Resend Email