First principle of business continuity planning: how much of your work—currently in process and accumulated working knowledge—can you afford to do over?
The most likely answer is, "Not very much." According to a study by North American Emergency Management, "...following a major disaster 60% of businesses do not reopen their doors." Even comparatively minor downtime and disruption can impair businesses' financial health and ability to serve clients. A study by systems vendor StorageTek found that "80% of downtime is caused by hardware failure or operational errors caused by people," while only 5% is caused by disasters such as fire, flood, earthquake and so on.

However, disruptions such as earthquakes or acts of terrorism, while having a very low likelihood of occurrence, have catastrophic consequences—such as the total loss of all of a business' systems, records, premises and perhaps even key personnel. Other disruptions, such as local power failures or accidental erasure/overwriting of important files, may be more likely to occur but less catastrophic in their consequences. The keys to successful business continuity planning, therefore, are to:

> identify all potential sources of disruption

> categorize each according to its likelihood of occurrence and extent of its consequences

> allocate recovery resources in proportion to a weighted combination of the odds of occurrence and the threat level posed.

Viewed this way, business continuity planning is a superset of what we usually think of as "security."
JL

> Page 1, Business continuity planning
> Page 2, Computus interruptus
> Page 3, Backing up is hard to do
> Page 4, The road to recovery