Creating a Disaster Recovery and Business Continuity Management plan

As I write this, NHS England is literally being held to ransom by cyber-attackers, and the speed at which their digital team has identified the issue and responded to the problem suggests that the policies and procedures that they have practised time and time again are paying dividends in providing a prompt and meaningful response to the attack.

Disaster Recovery and Business Continuity Management (DR/BCM) is a major component of any security and brand-damage limitation policy that should exist within an organisation, but how do you write one and how complicated does it need to be?

The good news is that having a policy such as this is relatively straight forward to achieve. As with everything we do, we would suggest a “Minimum Viable Product” approach to creating the policy — start with a statement of the situations that the document covers, write a short list of the actions to be taken in the event of that occurring (including responsible roles for the required functions, systems that might be affected, and other relevant information), and make sure that your entire company can find and read it very quickly in the event of an incident.

Depending on your organisation there may be many scenarios that play out on a daily basis that could lead to your organisation or brand being compromised, so we’d like to suggest the two following incidents as examples that cover most of the major events.

In any incident situation, we’d recommend that you have a press-trained individual if you need to issue statements to the media.

Scenario 1: Virus/Ransomeware infection

Departments involved: IT Operations/Desktop Support
Steps taken to remedy: 
* Physically remove infected devices from network by disconnecting network cables/turning off WiFi Access Points/turning off the device completely
* Isolate and inspect and disk-drives from infected devices in a secure area, using a secondary machine running an alternative operating system and disconnected from any networks.
* Once pathogen and vulnerability is identified, ensure that all other systems are patched to protect against the issue.
* Format the disk (or, to ensure even less chance of re-infection, buy a new disk)
* Bring the now clean system back into service

Scenario 2: Power Failure in customer help-desk

Departments Involved: Customer Support/Facilities Management
Steps taken to remedy:
* Use an alternative means of internet access (a mobile phone with a data plan will work) to let your customers know that you are experiencing issues with the power and are unable to work on their tickets
* Ring the regional power supplier and try to find out how long they expect the outage to last
* Keep customers up to date via Social Media and other means of the situation so that you are in command of the message (this is where the press-trained individual comes in!)
* Once power has been restored, ensure that there are greater numbers of operatives on the help-desk than usual if possible to handle any surge in calls/tickets being raised

We’d highly recommend that you keep paper copies of these documents as well as the digital original, so that if you do have a power-cut, you still have access to your documents.

Finally, we’d like to recommend that you keep a list printed out and in a visible place in the office of all the major numbers that might be required in the event of an incident. This could include the local power provider, any alarm companies you might use, contact details for senior personnel in the organisation in case an incident needs to be escalated, any local companies that might be involved in repairing damage to the premises, or even caterers who will deliver food at short notice if your teams are working long hours to resolve an issue.

If you would like some help in planning your Disaster Recovery and Business Continuity Management procedures, please get in touch and we’ll be only too happy to help. We’ve got over 16 years experience of helping organisations plan and implement DR/BCM from small companies to large enterprise in almost every business sector.