Full Text

The list of potential disasters or events that trigger the implementation of a company's business continuity and disaster recovery plan (BC/DRP) is long and varied. Natural disasters, inadvertent disasters (e.g., software problems, power failure), and deliberate actions (e.g., hackers, terrorists, bomb scares, labor unrest) can all disrupt operations. The ultimate consequence of such an event is loss: loss of revenues, of reputation, of information, of access to facilities, and of personnel. Statistics have shown that about 75% of businesses without a continuity plan will fail within three years after a disaster strikes ("Business continuity," 2014).

The impact of deliberate hostile actions, accidents, or disasters on an organization should be of great concern to management. Consumers care that their needs are a priority; hence, organizations must plan to satisfy consumers' needs safely under dissimilar sets of circumstances. Organizations must plan to continue to operate critical workflow functions despite adversity and loss of support systems. Good BC/DRPs are living documents that unambiguously detail scenario-based contingencies for responding, resuming, recovering, and restoring operations.

BC/DR planning affects an organization advantageously-its plans, people, processes, policies, procedures, and projects, as well as the support systems. It encompasses risk assessment and management, education and training, testing and awareness, emergency operations, business continuity processes and reviews (including service levels), insurance issues, communications (both internally and externally), information technology (IT) and supply chain management infrastructure, employee relations, legal matters, and maintenance (Maslen, 1996; Lam, 2002). In most cases, processes that are easily recovered are ultimately better designed.

Disaster recovery is often viewed as the technical aspect of business continuity and involves resumption and restoration of operations (Molinari, 2014). IT disaster recovery involving the restoration of technical systems following a disruption is relatively mature. On the other hand, business continuity management involving planning for the continuation of the entire operation, not just IT, is relatively new or nonexistent for most businesses, particularly small and mediumsized enterprises. Only high-risk, high-impact, highly regulated vertical industries have fully embraced such management. Although business continuity is of growing concern to senior management, the BC/DR planning process does not cover many parts of large organizations.

This paper addresses a business-oriented perspective to operational continuity. It does not make the business case for business continuity management, the financial assessment of a...