BCDR in Real Life – Unscripted With SST Episode Ten
Page Contents
BCDR in Real Life: Planning for When Things Go Sideways
In this episode of Unscripted with SST, SST COO Beau Elston joins the team to tackle the realities of Business Continuity and Disaster Recovery (BCDR). Whether it’s ransomware, a vendor outage, or a power failure, every business needs a plan for what to do in the first hour—and beyond.
Here’s a practical look at how to make BCDR more than just a checkbox, and why it’s a key part of your operational resilience.
What BCDR Is (and What It Isn’t)
BCDR is not just about having backups. It’s about being able to keep your business running when the unexpected happens. That means knowing what systems matter most, how quickly they need to be recovered, and what steps your team should take during a disruption.
A good BCDR plan doesn’t live in a binder on a shelf. It’s reviewed, tested, and integrated into the way your business thinks about risk.
Understanding RTO and RPO in Plain English
Two of the most important terms in BCDR are RTO (Recovery Time Objective) and RPO (Recovery Point Objective). Simply put:
-
RTO is how long you can afford to be down before it seriously hurts your business.
-
RPO is how much data you can afford to lose between backups.
Different systems have different thresholds. Your BCDR plan should reflect those differences, not treat everything the same.
The Rule of Fives for Backup Strategy
SST recommends a practical approach called the “Rule of Fives”:
-
Keep 5 days of daily backups
-
Keep 5 weeks of weekly backups
-
Keep 5 months of monthly backups
-
And 5 years of annual backups
This cadence creates a rolling retention strategy that balances storage costs with restore flexibility, especially in cases where corruption or compromise may have gone unnoticed for weeks.
Testing Is Not Optional
Creating a plan is only step one. If you don’t test it, you don’t really have a plan.
Testing confirms that your backups actually work, that your team knows the steps to follow, and that recovery times are realistic. It also helps uncover hidden gaps—like missing credentials, vendor dependencies, or poor documentation.
Even small-scale tabletop exercises can reveal major insights.
People and Processes Matter More Than Products
BCDR isn’t just a technology function. It’s a business-wide responsibility.
Processes must be clear. Roles must be defined. Your staff needs to know who does what, when, and how. Tools support this effort, but people and planning make it successful. As Beau points out, even the best backup solution can fail if no one knows how to use it.
You Don’t Rise to the Occasion—You Fall to Your Level of Preparation
When things go wrong, there’s no time to build a plan from scratch. Your team will fall back on whatever preparation exists. If that preparation is weak or outdated, the response will be slow and painful.
A mature BCDR strategy ensures that your business can recover quickly, maintain customer trust, and avoid costly downtime.
Ready to Build Confidence Into Your Recovery Plan?
If your BCDR strategy hasn’t been reviewed or tested in over a year, now is the time to act. Ransomware, outages, and human error aren’t going away—but you can control how your business responds.
Let SST help you take the guesswork out of business continuity. From runbook development to recovery testing, we’ll help you build a plan that actually works when it counts.
Let’s make sure you’re ready before the next crisis hits.
