Give your organisation the best chance of surviving a disaster

Ensure the right plans and processes are tested and in place for when the unexpected occurs.

CSIRP vs BCP vs DR

Another set of acronyms, more often than not, rolled together and if you have one, you have them all, right?

Well no! No well-managed organisation is immune to the risk of any potential business interruption that occur from time to time – these may be caused by acts of nature, simple human error and even malicious attack. Depending on the severity of the interruption, the assets and areas affected, then any one of these three plans may need to be enacted.

Let’s address these three plans:

  • A Disaster Recovery (DR) Plan
  • An Incident Response Plan (IR Plan)
  • A Business Continuity Plan (BCP)

These titles are more often than not used interchangeably and, while they do share some overlaps in functionality, they are not the same. What is important to understand is why each one is developed and then when to apply the correct one in line with which situation. Establishing and activating the right plan at the right time, can make all the difference in how your organisation responds to an incident, and your ability to recover from an event – of any kind.

Disaster Recovery

Disaster Recovery is a key component of most organisation’s business processes and is generally developed by senior leadership with large amounts of critical input provided by the IT and IS teams.  There is a strong emphasis on technology assets and the redundancy of operation and these plans are usually invoked then there has been a loss of infrastructure, or where data is impacted.

Procedures on how to recover in the event of a disaster whether that is systems down, corrupted information from previous backups and archives, through to power restores during electrical interruptions. Often it’s about spinning up, or utilising high-availability and automatic failover technology and configurations – all of which need to be clearly documented, reviewed and updated on a regular basis.  We would  recommend at least annually, or sooner, where there is a change to any element of your DR environment.

Incident Response Plans (IRP)

Incident Response Plans are often also called Cyber Security Incident Response Plans (CSIRP), whereby with the prevalence and increasing threats from cyber attack becoming more frequent and increasingly sophisticated and intelligent, it is the responsibility of the organisation to develop a comprehensive solution to combat them in a proactive way. That said, sometimes proactivity is not enough to always prevent an attack and when it hits, the blind panic and the damage can be daunting. For these situations, when technology and human awareness has failed, your Incident Response Plan is most likely to be the plan that you will invoke as the most effective programme to handle an incident.

Just like the Disaster Recovery Plan, the Incident Response Plan should be established with senior leadership but drawn on the influence and direction from information security, forensics and of course, cyber security team members. It’s important for inclusion, because determining the source, vector and target of attack on your internal systems is paramount to identifying the right and correct course of actions to take after an incident has occurred.

It is also worth highlighting here, that incidents can be observed and reported on by anyone in your organisation. An incident being any situation, occurrence or anomaly, that may have an adverse impact on the security or confidentiality of your assets, protected information or business processes, whereas disaster recovery operations and incident response procedures must be enforced by the crisis management team or your incident response team.

Business Continuity Plan

A Business Continuity Plan (BCP) is more often than not the ruler of all plans whereby key facets of your Disaster Recovery and your Incident Response Plans can be found or referenced.

Your BCP is designed to issue guidance on key components, objectives and processes around continued operations during a business interruption. It is mostly used as a blanket response plan for most types of events that could occur, which is not the correct course of action.

Your BCP requires extensive analysis against business objectives and details acceptable and unacceptable levels of tolerance to meet these objectives. Important aspects include conducting Business Impact Analysis. The BCP should be developed by key executive teams and almost always requires their consent and authorisation to activate, with strict adherence to the procedures established within it, to ensure that the most cost-effective continuance of operations are maintained, no matter which facet of the organisation and all should be included within your BCP.  Aspects included, but not limited to, include business units, partners, stakeholders, vendors and any element that adds value to your operations. These can be broken into smaller Operational Response Plans and may be developed differently. There is no magic blend for creating effective plans as you review your resources, assets and pre-requisites.

It goes beyond the technical however. It is also important to understand your organisational budget restraints, skills within your teams and the technology capabilities as a means to help you balance the requirements and guide the planning development process. Understanding the knowledge and awareness to react accordingly when using the appropriate response plan is just as important as the creation of the plan itself. If it isn’t built for your organisation, it won’t work!

Learning to be objective is important, as the plan must reflect your abilities, resources and requirements. Over extending based on a nice to have, will not be effective when the plans are called upon.

By failing to prepare, you are preparing to fail

To recap, having one plan is okay and if you do, make sure that you map the key aspects from the others into your plan – but any one plan, in isolation will not support your organisation, nor it’s users when a breach occurs. Select the right plan for the right situation and ensure your people know the difference, which and when to use and finally, that these plans are reviewed, tested, revised and become a living part of your organisation.

If you would like support around any aspect of your business continuity or any other element of your organisations risk and compliance or security strategy, please contact the Phoenix Risk and Compliance Team on 01904 562200, or email [email protected]enixs.co.uk