<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en-GB">
	<id>https://knowledgebase.pirho.net/index.php?action=history&amp;feed=atom&amp;title=Business_Continuity_%26_Disaster_Recovery</id>
	<title>Business Continuity &amp; Disaster Recovery - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://knowledgebase.pirho.net/index.php?action=history&amp;feed=atom&amp;title=Business_Continuity_%26_Disaster_Recovery"/>
	<link rel="alternate" type="text/html" href="https://knowledgebase.pirho.net/index.php?title=Business_Continuity_%26_Disaster_Recovery&amp;action=history"/>
	<updated>2026-07-11T14:06:35Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.43.0</generator>
	<entry>
		<id>https://knowledgebase.pirho.net/index.php?title=Business_Continuity_%26_Disaster_Recovery&amp;diff=431&amp;oldid=prev</id>
		<title>Dex: Created page with &quot;&#039;&#039;&#039;Summary:&#039;&#039;&#039;  Business Continuity (BC) and Disaster Recovery (DR) are often discussed together, but they solve different problems.  Business Continuity focuses on keeping critical business functions operating during disruption, while Disaster Recovery focuses on restoring systems, applications, and data after a failure has occurred.  A successful organisation does not eliminate risk. Instead, it understands its risks, prepares for likely failure scenarios, and develops...&quot;</title>
		<link rel="alternate" type="text/html" href="https://knowledgebase.pirho.net/index.php?title=Business_Continuity_%26_Disaster_Recovery&amp;diff=431&amp;oldid=prev"/>
		<updated>2026-07-06T06:57:25Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot;&amp;#039;&amp;#039;&amp;#039;Summary:&amp;#039;&amp;#039;&amp;#039;  Business Continuity (BC) and Disaster Recovery (DR) are often discussed together, but they solve different problems.  Business Continuity focuses on keeping critical business functions operating during disruption, while Disaster Recovery focuses on restoring systems, applications, and data after a failure has occurred.  A successful organisation does not eliminate risk. Instead, it understands its risks, prepares for likely failure scenarios, and develops...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;&amp;#039;&amp;#039;&amp;#039;Summary:&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
&lt;br /&gt;
Business Continuity (BC) and Disaster Recovery (DR) are often discussed together, but they solve different problems.&lt;br /&gt;
&lt;br /&gt;
Business Continuity focuses on keeping critical business functions operating during disruption, while Disaster Recovery focuses on restoring systems, applications, and data after a failure has occurred.&lt;br /&gt;
&lt;br /&gt;
A successful organisation does not eliminate risk. Instead, it understands its risks, prepares for likely failure scenarios, and develops practical procedures that allow the business to continue operating when incidents occur.&lt;br /&gt;
&lt;br /&gt;
== Context ==&lt;br /&gt;
&lt;br /&gt;
Every organisation experiences disruption.&lt;br /&gt;
&lt;br /&gt;
The cause may be technical, environmental, operational, or human:&lt;br /&gt;
&lt;br /&gt;
* Hardware failure&lt;br /&gt;
* Software defects&lt;br /&gt;
* Cyber attacks&lt;br /&gt;
* Power outages&lt;br /&gt;
* Internet connectivity failures&lt;br /&gt;
* Flooding&lt;br /&gt;
* Fire&lt;br /&gt;
* Human error&lt;br /&gt;
* Supplier failure&lt;br /&gt;
&lt;br /&gt;
The question is not whether disruption will occur, but whether the organisation can continue operating when it does.&lt;br /&gt;
&lt;br /&gt;
Business Continuity and Disaster Recovery provide the framework for answering that question.&lt;br /&gt;
&lt;br /&gt;
=== Common Misconceptions ===&lt;br /&gt;
&lt;br /&gt;
* Backups are not a Disaster Recovery strategy.&lt;br /&gt;
* Disaster Recovery is not Business Continuity.&lt;br /&gt;
* Cloud services do not automatically eliminate business continuity risks.&lt;br /&gt;
* Redundancy does not replace planning.&lt;br /&gt;
* Technology alone cannot solve continuity challenges.&lt;br /&gt;
&lt;br /&gt;
=== Why It Matters ===&lt;br /&gt;
&lt;br /&gt;
The impact of service disruption extends far beyond IT systems.&lt;br /&gt;
&lt;br /&gt;
Potential consequences include:&lt;br /&gt;
&lt;br /&gt;
* Lost revenue&lt;br /&gt;
* Decreased productivity&lt;br /&gt;
* Regulatory consequences&lt;br /&gt;
* Reputational damage&lt;br /&gt;
* Loss of customer confidence&lt;br /&gt;
* Contractual penalties&lt;br /&gt;
&lt;br /&gt;
The longer an outage continues, the more expensive it becomes.&lt;br /&gt;
&lt;br /&gt;
== Core Concepts ==&lt;br /&gt;
&lt;br /&gt;
=== Business Continuity ===&lt;br /&gt;
&lt;br /&gt;
Business Continuity focuses on maintaining business operations during disruption.&lt;br /&gt;
&lt;br /&gt;
Typical questions include:&lt;br /&gt;
&lt;br /&gt;
* Can staff continue working?&lt;br /&gt;
* Can customers still receive services?&lt;br /&gt;
* Can orders still be processed?&lt;br /&gt;
* Can communication continue?&lt;br /&gt;
&lt;br /&gt;
Business Continuity planning often involves:&lt;br /&gt;
&lt;br /&gt;
* Alternative work locations&lt;br /&gt;
* Manual fallback procedures&lt;br /&gt;
* Communication plans&lt;br /&gt;
* Alternative suppliers&lt;br /&gt;
* Emergency operating procedures&lt;br /&gt;
&lt;br /&gt;
The objective is to ensure the business remains functional.&lt;br /&gt;
&lt;br /&gt;
=== Disaster Recovery ===&lt;br /&gt;
&lt;br /&gt;
Disaster Recovery focuses on restoring technology services.&lt;br /&gt;
&lt;br /&gt;
Typical questions include:&lt;br /&gt;
&lt;br /&gt;
* How quickly can systems be restored?&lt;br /&gt;
* How much data loss is acceptable?&lt;br /&gt;
* Which systems must be recovered first?&lt;br /&gt;
* What dependencies exist?&lt;br /&gt;
&lt;br /&gt;
Disaster Recovery planning commonly includes:&lt;br /&gt;
&lt;br /&gt;
* Backup strategies&lt;br /&gt;
* Replication technologies&lt;br /&gt;
* Recovery procedures&lt;br /&gt;
* Recovery testing&lt;br /&gt;
* Infrastructure replacement plans&lt;br /&gt;
&lt;br /&gt;
The objective is to restore technical services within acceptable timescales.&lt;br /&gt;
&lt;br /&gt;
=== Recovery Time Objective (RTO) ===&lt;br /&gt;
&lt;br /&gt;
RTO defines the maximum acceptable duration of service outage.&lt;br /&gt;
&lt;br /&gt;
For example:&lt;br /&gt;
&lt;br /&gt;
* Email system: 8 hours&lt;br /&gt;
* Customer portal: 1 hour&lt;br /&gt;
* Public website: 24 hours&lt;br /&gt;
&lt;br /&gt;
The lower the RTO, the greater the complexity and cost of the solution.&lt;br /&gt;
&lt;br /&gt;
=== Recovery Point Objective (RPO) ===&lt;br /&gt;
&lt;br /&gt;
RPO defines the maximum acceptable amount of data loss.&lt;br /&gt;
&lt;br /&gt;
Examples:&lt;br /&gt;
&lt;br /&gt;
* 24-hour RPO = potentially lose one day&amp;#039;s data&lt;br /&gt;
* 1-hour RPO = potentially lose one hour&amp;#039;s data&lt;br /&gt;
* Near-zero RPO = continuous replication&lt;br /&gt;
&lt;br /&gt;
Like RTO, lower RPOs generally increase implementation costs.&lt;br /&gt;
&lt;br /&gt;
== Reference Architectures ==&lt;br /&gt;
&lt;br /&gt;
=== Small Organisation ===&lt;br /&gt;
&lt;br /&gt;
A typical small business recovery model might consist of:&lt;br /&gt;
&lt;br /&gt;
* On-premises servers&lt;br /&gt;
* Local backups&lt;br /&gt;
* Cloud backup repository&lt;br /&gt;
* Basic recovery documentation&lt;br /&gt;
&lt;br /&gt;
Benefits:&lt;br /&gt;
&lt;br /&gt;
* Low cost&lt;br /&gt;
* Simple management&lt;br /&gt;
&lt;br /&gt;
Limitations:&lt;br /&gt;
&lt;br /&gt;
* Longer recovery times&lt;br /&gt;
* Greater operational dependency on individuals&lt;br /&gt;
&lt;br /&gt;
=== Enterprise Organisation ===&lt;br /&gt;
&lt;br /&gt;
Enterprise environments typically introduce:&lt;br /&gt;
&lt;br /&gt;
* Geographic redundancy&lt;br /&gt;
* Multiple data centres&lt;br /&gt;
* Clustered infrastructure&lt;br /&gt;
* Replicated storage&lt;br /&gt;
* Automated failover systems&lt;br /&gt;
&lt;br /&gt;
Benefits:&lt;br /&gt;
&lt;br /&gt;
* Reduced downtime&lt;br /&gt;
* Greater resilience&lt;br /&gt;
&lt;br /&gt;
Limitations:&lt;br /&gt;
&lt;br /&gt;
* Increased complexity&lt;br /&gt;
* Higher implementation and operational costs&lt;br /&gt;
&lt;br /&gt;
=== Hybrid Approach ===&lt;br /&gt;
&lt;br /&gt;
Many organisations operate between these extremes.&lt;br /&gt;
&lt;br /&gt;
Common examples include:&lt;br /&gt;
&lt;br /&gt;
* Microsoft 365 with on-premises line-of-business applications&lt;br /&gt;
* Cloud-hosted infrastructure with local file services&lt;br /&gt;
* Hybrid Active Directory deployments&lt;br /&gt;
&lt;br /&gt;
Hybrid models often provide an effective balance between cost, flexibility, and resilience.&lt;br /&gt;
&lt;br /&gt;
== Operational Lifecycle ==&lt;br /&gt;
&lt;br /&gt;
=== Build ===&lt;br /&gt;
&lt;br /&gt;
During the design phase:&lt;br /&gt;
&lt;br /&gt;
* Identify critical services&lt;br /&gt;
* Determine dependencies&lt;br /&gt;
* Define RTO and RPO requirements&lt;br /&gt;
* Assess risk exposure&lt;br /&gt;
&lt;br /&gt;
=== Run ===&lt;br /&gt;
&lt;br /&gt;
During normal operations:&lt;br /&gt;
&lt;br /&gt;
* Monitor systems&lt;br /&gt;
* Verify backups&lt;br /&gt;
* Review changes&lt;br /&gt;
* Maintain documentation&lt;br /&gt;
&lt;br /&gt;
=== Maintain ===&lt;br /&gt;
&lt;br /&gt;
Continuity plans must evolve alongside the environment.&lt;br /&gt;
&lt;br /&gt;
Review should occur when:&lt;br /&gt;
&lt;br /&gt;
* New systems are introduced&lt;br /&gt;
* Infrastructure changes significantly&lt;br /&gt;
* Business processes change&lt;br /&gt;
* Suppliers change&lt;br /&gt;
&lt;br /&gt;
=== Retire ===&lt;br /&gt;
&lt;br /&gt;
Decommissioning systems should include:&lt;br /&gt;
&lt;br /&gt;
* Data archival requirements&lt;br /&gt;
* Regulatory retention obligations&lt;br /&gt;
* Recovery plan updates&lt;br /&gt;
* Documentation updates&lt;br /&gt;
&lt;br /&gt;
== Practical Application ==&lt;br /&gt;
&lt;br /&gt;
=== Identifying Critical Services ===&lt;br /&gt;
&lt;br /&gt;
Not all systems are equal.&lt;br /&gt;
&lt;br /&gt;
A common mistake is assuming every service is mission critical.&lt;br /&gt;
&lt;br /&gt;
Instead, classify systems according to business impact.&lt;br /&gt;
&lt;br /&gt;
Example:&lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot;&lt;br /&gt;
! System&lt;br /&gt;
! Priority&lt;br /&gt;
! Business Impact&lt;br /&gt;
|-&lt;br /&gt;
| ERP System&lt;br /&gt;
| Critical&lt;br /&gt;
| Financial operation stops&lt;br /&gt;
|-&lt;br /&gt;
| Email&lt;br /&gt;
| High&lt;br /&gt;
| Significant disruption&lt;br /&gt;
|-&lt;br /&gt;
| Intranet&lt;br /&gt;
| Medium&lt;br /&gt;
| Operational inconvenience&lt;br /&gt;
|-&lt;br /&gt;
| Archive Server&lt;br /&gt;
| Low&lt;br /&gt;
| Minimal immediate impact&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
Recovery efforts should prioritise critical systems first.&lt;br /&gt;
&lt;br /&gt;
=== Mapping Dependencies ===&lt;br /&gt;
&lt;br /&gt;
Many recovery failures occur because dependencies were not identified.&lt;br /&gt;
&lt;br /&gt;
For example:&lt;br /&gt;
&lt;br /&gt;
Customer Portal&lt;br /&gt;
    |&lt;br /&gt;
    +-- SQL Database&lt;br /&gt;
    |&lt;br /&gt;
    +-- Active Directory&lt;br /&gt;
    |&lt;br /&gt;
    +-- DNS&lt;br /&gt;
    |&lt;br /&gt;
    +-- Internet Connectivity&lt;br /&gt;
    |&lt;br /&gt;
    +-- SSL Certificates&lt;br /&gt;
&lt;br /&gt;
Recovering the portal without restoring its dependencies achieves nothing.&lt;br /&gt;
&lt;br /&gt;
== Common Pitfalls ==&lt;br /&gt;
&lt;br /&gt;
=== Backups Are Never Tested ===&lt;br /&gt;
&lt;br /&gt;
A backup is merely a theory until restoration has been successfully demonstrated.&lt;br /&gt;
&lt;br /&gt;
Regular restore testing should be mandatory.&lt;br /&gt;
&lt;br /&gt;
=== Documentation Exists Only in Production ===&lt;br /&gt;
&lt;br /&gt;
Recovery procedures stored on failed systems are of little value.&lt;br /&gt;
&lt;br /&gt;
Critical documentation should exist in multiple accessible locations.&lt;br /&gt;
&lt;br /&gt;
=== Key Knowledge Resides with One Person ===&lt;br /&gt;
&lt;br /&gt;
Many organisations possess undocumented systems understood by only one administrator.&lt;br /&gt;
&lt;br /&gt;
This represents a significant business risk.&lt;br /&gt;
&lt;br /&gt;
=== Recovery Plans Are Never Practised ===&lt;br /&gt;
&lt;br /&gt;
The first execution of a DR plan should never occur during a real disaster.&lt;br /&gt;
&lt;br /&gt;
Testing frequently exposes assumptions, dependencies, and documentation gaps.&lt;br /&gt;
&lt;br /&gt;
== Security Implications ==&lt;br /&gt;
&lt;br /&gt;
Business Continuity and Cyber Security are closely related.&lt;br /&gt;
&lt;br /&gt;
Attackers increasingly target:&lt;br /&gt;
&lt;br /&gt;
* Backup systems&lt;br /&gt;
* Replication systems&lt;br /&gt;
* Identity services&lt;br /&gt;
* Recovery infrastructure&lt;br /&gt;
&lt;br /&gt;
Key recommendations include:&lt;br /&gt;
&lt;br /&gt;
* Immutable backups&lt;br /&gt;
* Offline backup copies&lt;br /&gt;
* Multi-factor authentication&lt;br /&gt;
* Privileged access controls&lt;br /&gt;
* Separate recovery credentials&lt;br /&gt;
&lt;br /&gt;
Recovery systems should be considered critical security assets.&lt;br /&gt;
&lt;br /&gt;
== Troubleshooting &amp;amp; Diagnostics ==&lt;br /&gt;
&lt;br /&gt;
When assessing resilience, ask:&lt;br /&gt;
&lt;br /&gt;
=== Backup Health ===&lt;br /&gt;
&lt;br /&gt;
* Are backups completing successfully?&lt;br /&gt;
* Are failures monitored?&lt;br /&gt;
* Are restore tests performed?&lt;br /&gt;
&lt;br /&gt;
=== Infrastructure Resilience ===&lt;br /&gt;
&lt;br /&gt;
* Are there single points of failure?&lt;br /&gt;
* Is failover tested?&lt;br /&gt;
* Is monitoring effective?&lt;br /&gt;
&lt;br /&gt;
=== Operational Readiness ===&lt;br /&gt;
&lt;br /&gt;
* Is documentation current?&lt;br /&gt;
* Are responsibilities assigned?&lt;br /&gt;
* Are contact lists accurate?&lt;br /&gt;
&lt;br /&gt;
=== Recovery Capability ===&lt;br /&gt;
&lt;br /&gt;
* Has recovery been rehearsed?&lt;br /&gt;
* Are recovery times measured?&lt;br /&gt;
* Can critical services actually meet RTO targets?&lt;br /&gt;
&lt;br /&gt;
== Design &amp;amp; Architecture Considerations ==&lt;br /&gt;
&lt;br /&gt;
=== Scalability ===&lt;br /&gt;
&lt;br /&gt;
Recovery solutions should grow alongside the business.&lt;br /&gt;
&lt;br /&gt;
=== Security ===&lt;br /&gt;
&lt;br /&gt;
Protect recovery infrastructure as carefully as production systems.&lt;br /&gt;
&lt;br /&gt;
=== Maintainability ===&lt;br /&gt;
&lt;br /&gt;
Complex recovery solutions often fail because they become difficult to support.&lt;br /&gt;
&lt;br /&gt;
Prefer solutions that operations teams understand and can maintain confidently.&lt;br /&gt;
&lt;br /&gt;
=== Backwards Compatibility ===&lt;br /&gt;
&lt;br /&gt;
Legacy systems frequently outlive expectations.&lt;br /&gt;
&lt;br /&gt;
Recovery planning should account for unsupported applications and historical dependencies.&lt;br /&gt;
&lt;br /&gt;
== Lessons from the Real World ==&lt;br /&gt;
&lt;br /&gt;
Most major outages are not caused by dramatic disasters.&lt;br /&gt;
&lt;br /&gt;
They are usually caused by ordinary events:&lt;br /&gt;
&lt;br /&gt;
* Failed storage&lt;br /&gt;
* Expired certificates&lt;br /&gt;
* Configuration mistakes&lt;br /&gt;
* Software updates&lt;br /&gt;
* Human error&lt;br /&gt;
* Supplier outages&lt;br /&gt;
&lt;br /&gt;
The most resilient organisations are not those that never fail.&lt;br /&gt;
&lt;br /&gt;
They are the organisations that expect failure, prepare for it, and recover methodically.&lt;br /&gt;
&lt;br /&gt;
A continuity plan should never aim to create the illusion that disruption is impossible.&lt;br /&gt;
&lt;br /&gt;
Its purpose is to ensure that disruption becomes manageable.&lt;br /&gt;
&lt;br /&gt;
== Related Topics ==&lt;br /&gt;
&lt;br /&gt;
* [[Risk Management]]&lt;br /&gt;
* [[High Availability]]&lt;br /&gt;
* [[Backup Strategies]]&lt;br /&gt;
* [[Infrastructure Architecture]]&lt;br /&gt;
* [[Capacity Planning]]&lt;br /&gt;
* [[Cyber Security Fundamentals]]&lt;br /&gt;
* [[Cloud Migration Strategy]]&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
* ISO 22301 Business Continuity Management&lt;br /&gt;
* ISO 27001 Information Security Management&lt;br /&gt;
* NIST Cybersecurity Framework&lt;br /&gt;
* NIST SP 800-34 Contingency Planning Guide&lt;br /&gt;
* Vendor backup and recovery documentation&lt;/div&gt;</summary>
		<author><name>Dex</name></author>
	</entry>
</feed>