Protect Critical Data with Disaster Recovery & Business Continuity Planning

Posted: October 20, 2016

Protect Critical Data with Disaster RecoveryIt only takes the click of a mouse or the push of a button to turn on a television, radio or computer to hear about the crazy weather we have in our country. From wildfires in California to tornados in the heartland to hurricanes in the East and flooding everywhere. Add to that the ever present threat of terrorism in our country and it makes you wonder if you should even leave the house!

Let’s face it, disasters are going to happen. They can be as inconvenient as losing power in a building to the loss of life and property. However, even in the midst of these disasters, businesses must continue to contribute to the economic health of our nation.

Following the aftermath of 9/11, many businesses in New York found out the hard way just how important it is to have disaster recovery and business continuity plans in place. In fact, many of those business that didn’t have these plans had to shut their doors and go out of business business.

Soon after the tragic event, there began to be a paradigm shift. Businesses began to evaluate their own plans for how they could survive a disaster, breach, or other interruption in business. The concept of disaster recovery and business continuity moved out of the information technology departments and into the boardroom. So, as a business owner, what are you to do?

First, you may want to know more specifically what a Disaster Recovery Plan (DRP) is. A DRP is a documented process or set of procedures utilized to recover and protect business assets and information in the event of a disaster. The DRP is normally documented in written form and details the steps an organization is to follow in the event of a disaster.

You may now want to know the difference between a DRP and a Business Continuity Plan (BCP). These terms are often used interchangeably. However, there is a difference. A DRP is a subset of an overall business continuity plan. A DRP tends to be more reactive after a disaster, while a BCP is more proactive. A DRP is usually enacted when something goes wrong. The DRP focuses on getting things back in service after the disaster has stopped everything. A BCP focuses on redundant systems and processes that keep things running so there is not a major halt to the business. Businesses should consider both plans as tools to help the business be continuously successful.

Unfortunately, many companies still don’t have a DRP or BCP. While simple in concept, the preparations must be thought out and planned well. Testing your plan regularly is key to ensuring you’re more prepared when a disaster strikes. The plans should be revised from lessons learned in testing or actual disasters and as new industry developments come out. Further, testing your plan regularly is key to ensuring you are actually prepared when a disaster strikes.

So how do you get started on a DRP or BCP? CompliancePoint can assist in helping your organization with the development of a DRP or BCP. We have great expertise in this area and would be happy to assist your organization with this planning. If you have any questions or need assistance with data security, please feel free to reach out to us at

David Grow

Author: David Grow

David Grow is the Manager of Compliance Services at CompliancePoint and has over 25 years of expertise in information security and technology. David advises U.S. and international clients on areas of data protection, compliance, security frameworks, risk assessments, PCI DSS, ISO 27,000 and process management. He has earned his Certified Information Systems Security Professional (CISSP) certification from the International Information System Security Certification Consortium (ISC), a PCI Qualified Security Assessor (PCI QSA) certification from the PCI Security Standards Council, is a certified PCI Professional (PCIP), and received a B.S. in Marketing from Excelsior College.

Leave a Reply

Your email address will not be published. Required fields are marked *

Reduce risk, maintain a compliant posture, and protect info