Disaster Recovery Journal

First, an important clarification: There is a difference between the “program” and the “plan.” The program is the context in which an organization addresses the topic of BC/DR. It is a set of practices and responsibilities that provide the structure for management, governance, and sustainability to accomplish the goals. Programs also contain documents such as the mission and vision statements, organizational roles and responsibilities, standards for updates and exercises, reporting requirements and reporting processes, etc. Plans, in contrast, are documented sets of action-oriented tasks and procedures to be followed when a disruptive event occurs or is imminent. Plans are the guidelines you need when “stuff hits the fan.” That said, let us briefly look at some of the common elements of successful business continuity or IT disaster recovery programs:

Sponsored – A continuity program requires sponsorship – support, involvement, and funding – from the executive management team. Frankly, writing a memo or committing to the auditors (or the board) is not enough. Senior leaders must be involved in implementing and maintaining the program, as appropriate to their respective roles, and the program must have the necessary funds to satisfy the mission and vision statements.

Assigned – Recovery plan development, maintenance, and exercises are the responsibility of the manager of the unit the plan covers. The BC/DR professional is assigned ownership of the program, but the unit manager is the owner of the plan. Organizations with successful programs hold managers accountable. BC/DR responsibilities are included in job descriptions and performance evaluations. Reporting processes are truthful about which departments are doing what is expected of them, and those reports are published up the chain of command.

Prioritized – Continuity planning is impact driven. Standards for plan content, updates, and exercises should be prioritized relative to the degree of impact a business interruption may have on business operations, finances, and/or regulatory compliance. No organization can afford to dedicate unlimited resources to BC/DR activities. Successful programs have standards that focus more attention on those areas of the organization that pose the greater risk. For example: financial institutions that have higher-quality programs require more BC/DR attention from groups like wire transfer, deposits, and loans than from the internal training department because the outage impact has a greater impact on the company.

Ongoing – The continuity program is a continuous process requiring regular review, planning, and updating commensurate with the degree of change within a facility, business unit, or system. Impacts upon continuity planning must be considered when modifications occur to a facility, business unit, or system. Long gone are the days of filling one or more large three-ring binders with documentation of what you would do in a disaster and putting them on the shelf until either the auditor asks for them or a year (or two) has passed. BC/DR programs are intended to protect the business … and the business changes over time. What companies do and how they do it changes. Successful programs are reviewed and modified as the business environment changes. Such changes include alterations to the office space and location, operational workflow, and the IT services used to support the business. It is recommended that programs be reviewed at least annually.

Additional elements common among successful BC/DR programs include a focus on customers’ needs, risk mitigation, communications, building partnerships and more. But unless a program achieves the fundamentals of being sponsored, accountable, prioritized and continuous, its ultimate purpose – to keep the business running – will be much more difficult to achieve.

Peter R. Laz, MBCP, is a senior consultant with Forsythe Solutions Group and has more than 20 years experience designing and implementing disaster recovery, business continuity, and incident management programs. He is a member of the DRJ Editorial Advisory Board, Board of Director of PPBI, and program director of the New York Capital Region Chapter ACP. He can be reached at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .