Gajus - Fotolia

What is a business resilience plan and why do you need one?

Just like business continuity has become indispensable, having an IT resilience plan in place is crucial to keeping your business up and running today.

There are a lot of buzzwords in IT, and at first glance, resilience might seem like another one. What does it mean for an organization to be resilient? It's a pretty general term, and a tempting one for vendors to drop without clarifying exactly what it means. Over the past couple of years, however, that definition has narrowed, and the purpose of a business resilience plan has become clearer.

When it comes to IT, business resilience means that an organization can adapt when disruptions occur and maintain business operations while keeping staff, data and company reputation safe. Easy, right?

While the concept may sound similar to business continuity, the two are not the same thing. Instead, they should be considered complementary: Without the ability to maintain continuity, an organization has no hope of achieving resilience. The goal of IT resilience is not only keeping the business running, but returning to its original state after the disruption has ended.

In case you're still not sure what a business resilience plan entails, or why it's important, we've compiled five basic questions you might have about the topic.

Why are we talking about this now?

Business resilience has seen a resurgence over the last couple of years. Industry analysts have been pointing out the increased importance of getting resilience initiatives going. Developments in DR technology have helped the business resilience plan, and intense recovery requirements have driven the need for one.

Acceptable amounts of downtime and data loss are at an all-time low, and recovery features that were once considered "nice to have" are now mandatory. With the emphasis of IT resilience on maintaining business processes and making a complete recovery as soon as possible, it's no wonder that it's becoming more prominent.

Recent IT statistics have also indicated that resiliency is at a low within the industry, and many organizations are hoping to make a change.

What is the state of the business resilience market?

Security should play a key role in your plan and can help you prepare for the worst against potential cyberattacks before and during a disruption.

Part of the reason resilience is garnering so much attention is because more vendors are looking to nail down what it actually means and offer a way to achieve it. Zerto has particularly been at the forefront, with its IT Resilience Platform. Other DR vendors emphasizing business resilience include Unitrends, VMware, Druva, Cohesity and CloudEndure.

There are a number of changes that have taken place recently in the business resilience market. Cloud-based DR and resilience offerings have grown, with more organizations incorporating the cloud into their DR planning. End-to-end software offerings are more common, as vendors package important resilience elements such as business impact analyses, risk assessments, DR testing and emergency notification systems.

Thanks to the prominence of ransomware, cybersecurity has become an important part of a business continuity plan, with some traditional DR vendors adding it to their products and services.

What should be included in a business resilience plan?

When creating your resilience strategy, you're going to want to include some basic elements and some that you might not initially consider. As we mentioned before, business continuity is an important part of business resilience, so be sure to have a solid business continuity policy in place. Whether you prefer traditional DR or cloud options, having a disaster recovery plan is vital to returning your business to its original state after a disaster.

Security should play a key role in your plan and can help you prepare for the worst against potential cyberattacks before and during a disruption.

Another part of your organization that needs resilience is the company's reputation. When it comes to your organization's public image, social media can be your best friend or your worst enemy. Along with aiding communication in times of disaster, social media can serve as the outlet for the company to handle updates to the public. However, if your organization has a strong social media presence, you have to ensure that it is covered in your business resilience plan and your organization has a policy in place to prevent it from negatively affecting your company's public image. While you may be able to recover data, loss of a good reputation can be just as harmful.

Why aren't more organizations focused on resilience?

Since it should be pretty clear by now that having a business resilience plan in place is important, you're probably wondering why businesses might be lagging behind. Despite the possibility of data loss and wide variety of potential disasters, factors such as cost, time and required training might prevent organizations from investing in disaster recovery and resilience.

Many companies don't hop aboard the resilience train until after an incident, which may not leave them in a good place financially to fund business resilience initiatives. Confidence in business resiliency appears to be at a low, and while companies may have plans in place to begin working on resilience, you never know when disaster will strike. If possible, establishing business resilience should be a priority.

What are some resources for business resilience planning?

Now that you're on board for IT resilience, you might be wondering where to begin. Along with looking for resources to help strengthen your business continuity, disaster recovery and security efforts, there are some standards worth a look that can serve as guidelines for business resilience.

The International Organization for Standardization publishes a series of standards for business continuity and resilience, including ISO 22316:2017, Security and resilience -- Organizational resilience -- Principles and attributes. Released in 2017, this standard provides guidance to enhance resilience for any size or type of public or private organization and is not specific to any industry or vertical market.

Additional reference standards for business resilience can include ISO 27001 (information security) and ISO 31000 (risk management).

Dig Deeper on Disaster recovery planning and management