In talking to colleagues, there appears to be some confusion as to the differences between Backup/Recovery, Disaster Recovery and Business Continuity.
- Backup/Recovery pertains to the saving and restoration of data.
- Disaster Recovery pertains to a plan for the restoration of operations after a physical disaster such as a fire.
- Business Continuity pertains to a plan to keep business operations working during and after a disruptive event.
This article goes into more detail of the differences and elements of each of these functions. There are links to sites going into more detail on each of these subjects at the end of the article.
Recently I was asked by a colleague if I had written an article on the difference between Backup/Recovery, Disaster Recovery and Business Continuity. This article is the response to that question.
I have written extensively on Backup and Recovery in the two reference pages How are you going to backup your data (Part 1) and How are you going to backup your data? (Part 2). Backup and Recovery is solely tied to data. You backup your files and/or your disk drives and recover your files and/or entire file structures from your backed up media. Backup and Recovery are really just one (or more) of the steps in a Disaster Recovery plan or a Business Continuity plan.
What are you going to do if your location gets hit with a tornado or you have something as minor a pipe-link right on your server? Having a Disaster Recovery Plan answers that question. A Disaster Recovery Plan is more focused on physical events than data events. Dell in their “The Difference between Disaster Recover and Business Continuity” whitepaper defines Disaster Recovery as “Disaster recovery (DR) refers to having the ability to restore the data and applications that run your business should your data center, servers, or other infrastructure get damaged or destroyed.”
When you look for information on a Disaster Recovery Plan on the Internet, two things become evident; there are consistent steps in every plan and most documents for building such a plan are designed for larger organizations. But even in a small organization, a committee should be put together to develop this plan. This committee should include:
- The owner/manager of the business.
- The “key” employee/employees. This is typically the office manager and or production manager.
- The IT Professional. This is typically someone that is outside the organization that supports the IT infrastructure.
What should your Disaster Recovery Plan include?
- An inventory of hardware, software and services.
- This should be a priority driven list – what is the most important system (hardware/software/service) that is needed to operate. What is the second most important and so on.
- Procedures for the recovery of data.
- Documentation of backup and recovery procedures.
- Who is responsible for what steps?
- How fast can those steps be performed?
- Create a communication plan.
- How are the responsible people going to communicate to the others involved in the event?
- If the normal operation site is compromised, a plan for off-site operations.
Probably the most important part of a Disaster Recovery Plan is that the plan is tested on a periodic basis.
A Business Continuity Plan deals more with what I call “Logical Events” rather than just physical events. The University of Central Florida defines the subject as follows:
“Business continuity outlines exactly how a business will proceed during and following a disaster. It may provide contingency plans, outlining how the business will continue to operate even if it has to move to an alternate location. Business continuity planning may also take into account smaller interruptions or minor disasters, such as extended power outages.”
We all having been dealing with a perfect example of when a Business Continuity Plan is important over the disruption caused by the recent pandemic. Companies all over the world had to figure out what actions to take to respond to a total shutdown of business for an extended period of time. Those companies with plans, whether written or not, fared better than those who had no plan.
It is important to note that a Business Continuity Plan does just deal with a single event. A Business Continuity Plan should be more of a process for handing multiple events over a longer period of time. Going back to the example of the recent pandemic, once businesses were allowed to return to “normal” operations, a new normal had developed. Remote working, whether from employee homes or small remote offices, became the replacement of large offices. The globalization of business showed its problem side with all the supply chain issues tied to transportation and supplier shutdowns. A Business Continuity Plan made prior to the pandemic would probably not foreseen these issues, but it may have had steps from the Disaster Recovery Plan that could have been formalized or expanded to handle employees working remotely. An alternate supplier or material plan may have helped address the supply issues.
Developing a Business Continuity Plan is a complex task since it is dealing with complex issues. There are no basic steps to follow like a Disaster Recovery Plan, but the developers of the plan include those that helped develop the Disaster Recovery Plan. As with the Disaster Recovery Plan, outside help from vendors should be utilized in developing plans for the areas that they supply your business. Of course, testing the suppositions of the plan are as necessary as the creation of the plan.
The final comment on a Business Continuity Plan is that it needs to be a living plan. That is to say, you can’t write it once and then put it away. You need to review and update on a regular basis.
The issues covered in this article run from simple to complex. Here are some other articles you can read on the subjects in this article.
Introduction to Business Continuity
Business Continuity Institute
Business Continuity Plan
Standard on Disaster/Emergency Management and Business Continuity/Continuity of Operations Programs
Business Continuity Planning – BCP
Chapter 7 – Business Continuity and Risk Management
North Carolina Government Data Analytics Center
8 ingredients of an effective disaster recovery plan
7 Things Every Disaster Recovery Plan Should Include
Riverside Technologies, Inc. (RTI)
Business Continuity Plan: A Complete Guide
10 things you should cover in your business continuity plan