Business Continuity Strategy
Part 2: BCS - Recovery Strategies
Notes for BCM Institute's Course Participants: This is the template for completing the "Part 2: BCS - Recovery Strategies"
CBF 6: Information Systems & Records Management
Information Systems & Records Management plays a pivotal role in ensuring the operational
resilience of Bandtree.
As a government-linked company under Darussalam Assets, Bandtree's reliance on timely, secure, and accurate information systems and recordkeeping is critical to the continuity of its core property management functions.
In the face of a disruption—whether caused by a cyber incident, system failure, or physical disaster—the ability to recover essential systems, data, and documentation swiftly and efficiently is vital.
Purpose of Chapter
This chapter examines the development and selection of suitable recovery strategies for each Critical Business Function (CBF) and its associated sub-processes (Sub-CBF).
Drawing on established best practices and aligned with BCM standards, such as ISO 22301, and guidance from BCM Institute guidance notes, this outlines how organisations can determine, document, and justify recovery approaches that are both practical and cost-effective.
Emphasis is placed on ensuring strategies are not only technically viable but also logistically executable during a crisis or disaster scenario.
This is a comprehensive table for CBF-6 Information Systems & Records Management, incorporating RTO, recovery strategies, locations, details, and justifications based on BCM Institute’s guidance note:
Table 2-1: [BCS] [T2] Recovery Strategies for CBF-6 Information Systems & Records Management
|
Sub-CBF |
Sub-CBF Code |
RTO |
Recovery Strategy |
Recovery Location |
|
ICT Infrastructure Management |
6.1 |
4 hrs |
Redundant Infrastructure |
Secondary Data Centre |
|
Property Systems Application Support |
6.2 |
8 hrs |
Application Virtualization |
Cloud-Based Hosting |
|
Records Retention & Archiving |
6.3 |
48 hrs |
Cloud Backup + Offsite Archiving |
Hybrid Cloud & Offsite Storage |
|
Data Backup & Recovery |
6.4 |
4 hrs |
Daily Incremental + Weekly Full Backup |
Secondary Data Centre |
|
Cybersecurity & Access Control |
6.5 |
4 hrs |
Layered Cybersecurity Architecture |
Onsite & Cloud |
|
System Development & Enhancement |
6.6 |
72 hrs |
Code Repository & DevOps Tools |
Cloud Dev Environment |
|
ICT Vendor Management |
6.7 |
24 hrs |
Pre-contracted SLA-Based Recovery |
Vendor Sites & Remote |
|
User Training & Support |
6.8 |
48 hrs |
Online Knowledge Base + Virtual Helpdesk |
Cloud Service Desk |
|
Compliance & IT Governance |
6.9 |
24 hrs |
Policy Repository & Audit Trail Backup |
Cloud Storage |
|
Physical Records Handling |
6.10 |
72 hrs |
Alternate Document Access & Transport |
Offsite Archive Vendor |
Table 2-2: [BCS] [T2] Recovery Strategies for CBF‑6 Information Systems & Records Management
|
Sub -CBF |
Sub- CBF Code |
Details of Recovery Strategy |
Justification for Selected Recovery Strategy |
|
ICT Infrastructure Management |
6.1 |
Utilise existing co-located data centre with failover servers, network, and power supply. |
Ensures minimal downtime and supports critical systems for internal operations and client portals. |
|
Property Systems Application Support |
6.2 |
Cloud-hosted applications (e.g., asset management, lease administration) can be accessed from any location. |
Ensures business continuity with minimal local dependency; enhances scalability and flexibility. |
|
Records Retention & Archiving |
6.3 |
Combination of digital records in secure cloud and hard copies archived at an off-site vendor location. |
Meets legal & compliance requirements while balancing cost and recovery speed. |
|
Data Backup & Recovery |
6.4 |
Automated backup routines, real-time monitoring, and encrypted data replication to off-site storage. |
Ensures data integrity and rapid recovery of essential records and systems. |
|
Cybersecurity & Access Control |
6.5 |
Implement firewalls, intrusion detection systems, endpoint protection, multi-factor authentication (MFA), and role-based access control (RBAC). |
Protects systems from unauthorised access and ensures data confidentiality and integrity. |
|
System Development & Enhancement |
6.6 |
Version-controlled repositories (e.g., Git), integrated CI/CD tools to support rapid deployment and rollback. |
Maintains continuity of development efforts and quick redeployment of enhancements or patches. |
|
ICT Vendor Management |
6.7 |
Engage with vendors who have committed recovery Service Level Agreements (SLAs) and clear incident response protocols. |
Ensures timely support and system recovery from third-party service providers. |
|
User Training & Support |
6.8 |
Staff can access FAQs, guides, and contact IT remotely for troubleshooting during a disruption. |
Supports workforce productivity and reduces system misuse during critical periods. |
|
Compliance & IT Governance |
6.9 |
Maintain up-to-date IT policies, compliance records, and audit logs in secure, cloud-based systems. |
Facilitates quick restoration of compliance posture and enables regulatory reporting after incidents. |
|
Physical Records Handling |
6.10 |
Use of off-site document storage with rapid retrieval and digitisation service in case of physical office inaccessibility. |
Reduces reliance on physical access, supports continued reference to critical documents, and maintains legal compliance. |
* RTO values are illustrative; actual RTOs should be based on Business Impact Analysis (Column 17/18 per BCM Institute's guidance notes).
Explanation of Table Design
- Recovery Time Objective (RTO): Maximum allowed downtime derived from BIA findings for each sub-function
- Recovery Strategies: Options (resume, degraded services, manual, outsource, suspend) as outlined in Part 2 – selected based on criticality, urgency, and feasibility
- Recovery Location: Could be alternate office, home, vendor site, or on-site – aligned with each sub-CBF’s needs and recovery strategy guidance
- Details of Recovery Strategy: Specifies staffing, systems, manual workarounds, and backup resources needed.
- Justification: Based on criteria from Part 1 mitigation (cost, support, readiness, urgency, risk reduction)
Summing Up ...
The recovery strategies established for CBF-6 reflect a comprehensive, layered, and pragmatic approach to business continuity.
From ICT infrastructure redundancy to cybersecurity protocols, cloud backups, and user support mechanisms, each component has been carefully tailored to meet the unique operational requirements of Bandtree, ensuring minimal disruption to its services.
By implementing these recovery strategies, Bandtree strengthens its overall resilience posture, enhances data protection, and ensures compliance with relevant governance standards.
These measures not only support the continuity of information and records management during a crisis but also contribute significantly to the broader organisational ability to recover, respond, and thrive in the face of adversity.
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
![Register [BL-B-3]*](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/19a8306f-6b76-45ff-8585-95111f393aeb.png?width=200&height=56&name=19a8306f-6b76-45ff-8585-95111f393aeb.png)
![FAQ [BL-B-3]](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/9b7f5669-8ad6-450b-a98f-5f5d49ebfc8e.png?width=150&height=150&name=9b7f5669-8ad6-450b-a98f-5f5d49ebfc8e.png)
![Email to Sales Team [BCM Institute]](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/83ae9ad3-affc-416e-8f51-64218d6d98f2.png?width=100&height=100&name=83ae9ad3-affc-416e-8f51-64218d6d98f2.png)
