Business Continuity and Disaster Recovery

RSM can help you prepare for and survive major disruptions.

Fire. Flood. Hurricane. Tornado. Cyberattack. Pandemic.

These and other disasters can force your organization to shut down for days, weeks or months. An effective business continuity and disaster recovery plan, however, can help you mitigate physical and financial damage, and get you back on your feet quickly.

We can help you identify and remediate gaps in your current plan, build a plan from scratch, test your policies and procedures, train your employees and keep your plan current as your organization changes over time. In short, we can help you avoid the mistakes that organizations make when developing business continuity and disaster recovery plans.

Our approach is based upon years of helping organizations both prepare for unforeseen disruptions and demonstrate this readiness to business partners.

Our approach comprises of five steps:

RSMs Business Continuity Planning Methodology

  1. Program initiation. We review existing policies and charters, roles and responsibilities, documents, plan management, and executive support and prioritization. Most organizations have something they can use as a starting point to develop a more robust plan.
  2. Requirements definition. We assess threats and mitigation efforts; analyze business impact drivers, recovery time objectives and recovery point objectives; and conduct a technical impact analysis, including system dependencies.
  3. Strategy determination. Here we conduct a gap analysis to align business recovery requirements with current capabilities and develop solution options to remediate defined gaps.
  4. Plan development, implementation and documentation. In this phase, we develop technology recovery plans (e.g., application, infrastructure, documents, and recovery sequence and prioritization documents), business continuity plans, incident and crisis management plans, and failback considerations.
  5. Program management and testing. The final step focuses on developing recurring, sustainable processes for ensuring that documented plans and processes remain current and align with business objectives. Services include recovery exercises (development of on-site and online training for management and staff, and program governance procedures.


The RSM five-phase methodology is specifically designed to maximize our ability to serve our clients’ diverse business continuity planning (BCP) needs. This model allows us to leverage existing recovery-related processes and documentation in order to help our clients expand their recovery capabilities. We are able to effectively support all aspects of your BCP plan.

BCP is a living process that must be updated to reflect technological and organizational changes. An outdated plan that sits in a binder on a shelf is of little use in an emergency—and could actually do more harm than good if it doesn’t accurately reflect current recovery processes or organizational structures.

A critical question to ask

Do your disaster recovery IT capabilities align with the recovery requirements that your business units have identified? For example, if your production department needs to be up and running 24 hours after an event occurs to avoid significant penalties under a major contract, your IT team must be able to deliver on this requirement.


RSM has helped many organizations develop or enhance business continuity and disaster recovery plans. We are familiar with leading practices and guidelines and have worked with clients in both regulated and unregulated industries to prepare for unexpected events by thorough planning, testing and training. Our practice leaders participate as active members of our engagement teams in order to leverage their industry experience to our clients’ benefit.

We welcome the opportunity to learn about your specific needs and define an approach that aligns best to your organizational objectives and risk appetite. 

Please contact us today so that we might begin a conversation.


Fabrizio Bulgarelli – Partner RSM - Head of Risk Advisory Service (RAS) and IT Services