v3.1.11

Business Continuity and Disaster Recovery

This version is:

This is the latest version Published 9 months ago 31 May 2023
Business Continuity and Disaster Recovery are processes that all firms should have but should never…

Other pages in this section

Business Continuity and Disaster Recovery are processes that all firms should have but should never want to use. In the event of either being required, if a firm does not have them it could be catastrophic for the firm. There can be confusion between the two, but they are quite easy to distinguish:

Business Continuity

What would you do if your premises became unavailable?

Every company should have a Business Continuity Plan* (BCP), so if there is a disruptive incident personnel are aware of the situation and their responsibilities. A BCP should contain pre-determined policies to minimise disruption and maintain continuity of service.

The BCP may identify a designated alternative site, critical roles, critical systems and access requirements, and a communication strategy for staff, external suppliers and other stakeholders.

The designated site should be constantly available, not too close to the usual work place, and have adequate facilities for individuals to perform their roles. Security of information is a consideration, particularly where shared accommodation is being used.

Instead of a designated alternative site, it may be appropriate for a remote working arrangement, provided the business can function effectively.

The communication strategy can include call cascades, text messages or a simple call recording. Once staff are aware of the incident, individuals should know what action to take: go to the designated site because their role is critical or work from home.

This plan should be tested at least annually, to ensure the communications work, all delegates arrive at the alternative site, all systems can be accessed and all other tasks that are deemed vital can be performed.

Disaster Recovery

Additional to the BCP, a business should have a Disaster Recovery Plan (DRP)*. This could be part of the BCP or stand-alone. The Disaster Recovery Plan should explain how the business will minimise impact in the event that critical systems are unavailable due to a malicious attack, deliberate denial of service (DDOS) or other reason.

Like the BCP, the DRP should be tested regularly.

*Examples of BCP or Disaster Recovery Plans, are available online and there are many to choose from.

Useful Links