No longer is a good insurance policy and an IT disaster recovery plan considered sufficient business continuity planning. While insurance will help cover some of your financial risks, and disaster recovery plans may help you get your data back, neither will ensure the continued operation of your business. Increasingly, having business continuity plans in place to address foreseeable risks is viewed as a "best practice." Some companies are even highlighting their business continuity strategies as part of their marketing campaigns. What’s more, not only do your clients expect you to be prepared for disaster, but so do federal regulators and stock exchanges.
It’s a common misconception that disaster recovery plans ensure business continuity, and that business continuity alone will manage a crisis. Disaster recovery plans usually only protect technology infrastructure. And while protecting your data is certainly important, it’s only part of the answer. Effective business continuity planning must address your entire operation and value chain to ensure that you stay in business.
Multiple independent plans will fail in times of disaster. Even in non-disaster times, companies have difficulty communicating across functional, business unit, and geographic lines. Each area of responsibility may have tactical plans in place to address what they consider foreseeable risks. But if these plans aren’t interconnected, they may depend on the availablility of resources already in use by another plan. Only an integrated crisis management plan can coordinate the priorities and missions of all the various interests.
Business Impact Analysis