In order to define processes for an organization to develop and deploy a Business Continuity and Disaster recovery plan, we have to consider many factors and evaluate how this process and procedure can help organization to quickly recover back and continue with the Business with minimal disruption. BC & DR plan are done in phases, starting with planning for Business Continuity à Planning for disaster recovery à In event of Disaster à Implement Disaster Recovery-à followed by Business Continuity Implementation to bring business to normalcy à and at the final stage revise the plan and updating both BC & DR plan accordingly.
As BC & DR requires organization to continuously perform any risk analysis, vulnerability assessments and evaluating their impact on the business. Based on these study and their impact on business, it could have able to clearly documented and categories risk as High, Moderate and low and develop mitigation strategies , identifying tools and resources to mitigate such risks.
There are seven progressive steps of contingency planning processes to develop and maintain a viable contingency planning program for BC & DR as defined in “Contingency Planning Guide for Federal Information Systems”. These steps are designed to be integrated into each stage of the SDLC cycle. These steps are
- Develop the contingency planning policy statement.
- Conduct the business impact Analysis (BIA).
- Identify Preventive Control.
- Create Contingency strategies.
- Develop an information system contingency plan.
- Ensure plan testing, training and exercise.
- Ensure plan maintenance.