Continuity planning works to provide procedures to be used when a catastrophic event occurs that affects the security and/or integrity of information. Information security efforts must thwart data threats of all types, including intentional, accidental and natural. Critical data may be loss due to attack, inadvertent deletion, hardware failure, and a myriad of other ways.
Many security risks exist outside the organization. Such risks must be considered in the development of a business continuity plan (BCP). The largest, most obvious risks are natural disasters such as earthquakes, floods, hurricanes and fire. Such events can create overwhelming circumstances and are usually unavoidable and uncontrollable. BCP’s must include off-site data backups for this reason. If a single server, or the entire building were to be destroyed, the data must be kept in off-site in a secure location.
Other external risks include power service failure, telecom service failure and physical security threats. While these events may not be considered catastrophic, they should be considered in a BCP and rapid recovering or secondary services must be considered. Some examples may include uninterruptible power supply (UPS) systems or redundant WAN services.
Other non-natural events have recently come to the forefront. Acts of terrorism (directly causing physical damage) and non-physical threats such as viruses, must also be considered.