Business Continuity and Disaster Recovery Plans

By Jeff Wilk and Tim Buckler

Disaster Recovery Plans - ants on green leaves

Review Your Business Resiliency Strategy

While today’s businesses need to be ready to handle any sized disaster 100% of the time, it may only take one event to completely disrupt your business, or worse. Not even the most well-managed organization is exempt from the potential risks associated with even the smallest degree of business interruption. Undertaking a thorough review of your current business resiliency strategy is a must.

A comprehensive, strategic plan includes three components:

  1. Business Continuity Plan
  2. Disaster Recovery Plan
  3. Incidence Response Plan

While these terms are often used interchangeably and focus on the basic needs of keeping a business running in the case of a business disruption, they are not the same. Each one of these is different in its definition and development, has different situations which activates them, and focuses on unique aspects of action.

Software Demo Watch the on-demand demo of Oyster Solutions to learn how the comprehensive platform can help manage your compliance, supervision, and reporting obligations.  

Business Continuity – Significant business disruptions that prevent employees from coming to the office or prevent them performing their duties. For example, a fire destroys an office building.

Disaster Recovery – Disasters that cause network infrastructure or data to become corrupted or unavailable. For example, a power surge knocks out a server.

Incidence Response – Network or security incidents that can result in unauthorized access, data compromise or data egress. For example, a phishing attack.

We often see clients with business continuity or disaster recovery plans that have only the most basic of components, and that are not customized to meet their specific needs. Oyster Consulting has extensive experience working with firms on their business resiliency. Our experts will collaborate with your team to establish the right overall plans customized to your business and provide guidance on how to activate that plan at the right time. Together, these can make all the difference with your firm’s ability to recover from a disruptive event at anytime, anywhere. 

Our process can take you through exercises including, but not limited to:

  • Current risk identification
  • Business impact analysis
  • 3rd party exposure
  • Key position and function identification
  • Geographic footprint considerations
  • Work from home policies and connectivity requirements
  • Adherence to regulatory mandates
  • Data protections
  • Recovery site, recovery time and recovery point identification
  • Response scripts, mock event testing and tabletop exercises
  • Internal and external communication template creation
  • Employee education

Oyster’s industry professionals have first-hand experience as firm leaders in business resilience strategy, development, and implementation. This includes incident/event management, technology infrastructure resilience and recovery, and operations management. Oyster understands how to help identify and prioritize critical activities and deliver testing plans to mitigate the impacts of business disruptions. Our solutions are practical and tailored to your firm’s business model.

About The Authors
Photo of Jeff Wilk

Jeffrey Wilk

Jeff Wilk started his career as an Advisor and has a strong track record of executive success in strategic planning and execution, business assessment, transformation and growth. Jeff was directly accountable for several mergers/acquisitions, product and digital platform transformations, patent-pending products, and operating model RFPs and overhauls, including delivering the industry’s first “Robo” platform.

More About Jeffrey

Photo of Tim Buckler

Tim Buckler

Tim Buckler has spent 10 years in the financial services industry, with a focus on project management, cybersecurity, data analysis, and compliance. Tim’s experience includes project management support for clearing platform conversions, cybersecurity assessments, GDPR and CCPA assessments, performing 12b-1 Mutual Fund fees analysis for regulatory initiatives, and ownership changes for custodial IRA held annuities.

More About Tim

Related Content

female exec with laptop represents CCO at broker dealer or RIA

Blog

Chief Compliance Officers: How Your CCO Saves the Day (and Your Firm)

In the complex world of broker-dealers and Registered Investment Advisors (RIAs), the role of the Chief Compliance Officer (CCO) is crucial to maintaining the integrity and success of the firm. The CCO’s responsibilities are broad, ranging from implementing compliance programs and training to collaborating with other management to foster a culture of compliance. It is […]

Learn More
young woman taking a test representing FINRA firm element continuing education

Blog

FINRA Firm Element Continuing Education

Financial Industry Regulatory Authority (FINRA) recently posted its 2025 catalog of Firm Element training for broker-dealers. In light of FINRA’s updates to its continuing education requirements, this is a good opportunity to review your firm’s CE requirements and training schedule.  Annual Continuing Education Requirements Every registered person is required to complete the Regulatory Element and […]

Learn More
Sound nullifying grid represents FINRA Rule 3240 Updates to broker-dealer lending

Blog

Rule 3240 Updated

Overview of FINRA Rule 3240 In 2003, the Financial Industry Regulatory Authority (FINRA) adopted Rule 3240 which put restrictions on whether and when registered individuals could borrow from or lend to customers. The rule generally prohibited such arrangements but allowed them in certain prescribed circumstances so long as the broker-dealer had policies and procedures allowing […]

Learn More
Get In Touch Scroll Up