The importance of business continuity and disaster recovery plan

One of the measures addressed by theNIS2 Directive is that of business continuity, which means being able to maintain critical functions during a major incident. Organisations must plan for how they intend to continue to provide essential services after a cyberattack and in this blog, we’ll explore how a disaster recovery plan can help to ensure business continuity.

What is business continuity?

Business continuity means your organisation is able to operate at an acceptable level despite an incident that interrupts your business activities. That could be anything from security breaches to natural disasters, or simply a power outage that can result in loss or damage to communications, servers, computers, operating systems, applications, and data, and see your business operations come to a grinding halt—with serious consequences.

One in two organisations has felt a long-term impact on business continuity1.

What is a disaster recovery plan?

The NIS2 Directive requires businesses to be able to maintain operations in the event of an incident, which can be achieved by having a disaster recovery plan and backup system in place. A disaster recovery plan details the steps to be taken in order to recover from an incident quickly, effectively and with minimal downtime and it’s crucial that this plan covers all the bases.


Putting together a disaster recovery plan

The key steps in creating a comprehensive disaster recovery plan are:

  • Gain an overview of your IT environment’s applications and services
  • Learn how these applications work, whether they are interdependent and if so, how they interlink with each other, and which applications are particularly important.
  • Carry out a Business Impact Assessment (BIA) to identify the potential impact of disruption on your organisation.

A BIA assesses the operational and financial consequences of the business disruption, which could include anything from a loss in revenue and profit, slower sales, unforeseen costs, and irrecoverable data. On the basis of the information gathered, recovery strategies are developed. Every application and service requires its own BIA to help you determine how to restore each of them.

Prompt incident recovery

To get back up and running quickly, critical data should be backed up, your application/system’s RPO and RTO defined and backup locations tested. The Recovery Point Objective (RPO) measures how recent your backup data must be in order to be able to resume normal operations while the Recovery Time Objective (RTO) determines how long you have to wait for the recovery process to complete. For example, the RPO of Veeam backup solutions is just five minutes meaning your data are backed up every five minutes, so if something goes wrong, the data recovered will be maximum five minutes old.


Backup and data protection

Veeam’s Microsoft 365 backup solutions eliminate the risk of losing access to and control of your Office 365 data, including Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams, so your data are always protected and accessible.

  • Protect Office 365 data from accidental deletion and security risks
  • Recover quickly with industry-leading capabilities and flexibility
  • Meet compliance requirements with fast search capabilities


80% of detected vulnerabilities are related to Microsoft 365 data2

Veeam Data Platform is an end-to-end data recovery platform that provides high-performance, immutable backups. It optimises moving or copying backups between different storage types and ensures data reduction with intelligent migration of backup data.

  • Detect and identify cyberthreats
  • Respond faster to and recover from ransomware
  • Secure and compliant protection for your data


Veeam Data Cloud provides resilient data protection and data recovery for multi-cloud data—all via cloud-native backup and storage services. It is a BaaS solution that bundles backup software, infrastructure and storage allowing you to streamline your backup processes and keep costs low and predictable.

Four key steps to take during an incident

Should the worst come to the worst, these are the steps to take:

  • Identify and report
    Find out where the incident came from and report it. Veeam’s Data Platform tools offer monitoring and analysis features to allow you to quickly identify risks and resolve potential problems quickly before they become an issue.
  • Application recovery
    Get started with application recovery, documenting the steps you take as you go. Veeam solutions allow you to restore data to a predetermined location and bulk recovery is also possible if you restore multiple Microsoft 365 users in one fell swoop. Restore as much or as little as you need thanks to granular recovery—from an entire Microsoft 365 organisation or an individual user, folder or file. 
  • Test the applications
    Test the applications as they are restored to make sure they are working correctly. With Veeam, you can leverage recovery orchestration that automatically performs testing and creates documentation. 
  • Notify application owners
    Notify all application owners and stakeholders of your progress. If an incident has occurred and you have followed all these steps, don’t forget to do a post-analysis to help prevent similar incidents in the future.

Summary – Be prepared for the unexpected.

Business continuity and disaster recovery planning are essential to an organisation’s success. The NIS2 Directive requires organisations and businesses to comply with strict cybersecurity measures, including having a business continuity and disaster recovery plan. By taking the necessary steps to prepare for possible incidents, you can minimise downtime and quickly and effectively recover from a crisis. Need help creating a disaster recovery plan? Do you have other cybersecurity projects? Get in touch with our team. We are ready to advise you on all things NIS2 compliance

Powered by

Veeam logo