Call us on 03450 21 21 51

What is the difference between a disaster recovery plan and a business continuity plan?
The SRM Blog

What is the difference between a disaster recovery plan and a business continuity plan?

Ian Armstrong

Written by Ian Armstrong

30th June 2020

Share this article

Both a disaster recovery plan and a business continuity plan are critical elements of good security. But how do they differ?

One of the most common queries we receive from businesses looking to gain a better understanding of information security is, “What is the difference between a Disaster Recover plan and a Business Continuity plan.” Both are important to an organisation’s overall resilience, but there are several key factors that separate them from each other.

Let’s take a closer look at these two terms in order to clarify what makes them unique.

The short answer

Business continuity involves creating a coherent and comprehensive plan of action. A business continuity plan (BCP) aims to provide a roadmap for an organisation that ensures it can continue to operate effectively, even in the midst of a crisis. The remit of a BCP stretches beyond data security and incorporates an entire range of potential challenges that could be faced by a company, including fire, flood, theft or even a pandemic.

Disaster recovery is a subset of your business continuity plan and focuses more specifically on resuming normal operations after a catastrophic failure relating to data, hardware, software, connectivity, networking or the location within which these reside. Disaster Recovery is very much the last resort when such a failure has occurred and irreparable damage has been caused. A disaster recovery plan also needs to outline the logistical considerations for maintaining business as usual – such as finding alternative working locations, restoring communications, managing priority members of staff and handling the potential loss of data.


Business Continuity plans cover a wider scope

Business continuity looks at the overall picture of how your business copes with daily technical challenges and threats across the organisation’s estate. It’s about putting the necessary procedures and processes in place in order to ensure that normal operations can continue.

This can be the different between survival and shutdown, and requires a thorough analysis of current business processes. You’ll need to assess the benefits of processes versus their costs, asking how you could run a limited operation in times of crisis. Would you focus only on active customers? How would your supply chain be impacted?

Even if a disaster never occurs, having a business continuity plan in place is simply good business management. It requires you to gain a strong grasp of your existing resources and get up close and personal with how your business runs. It also requires a clear understanding of which aspects of a business should be deemed critical and which are relative luxuries.


Disaster recovery plans deal with specific ‘what ifs’

Rather than seeing DR as a completely different ballgame, it’s best to view it as a subspace of total business continuity planning. Specifically, disaster recovery plans look at how you would get systems up and running again following a disaster.

A lack of a written plan for disaster recovery can increase the damage caused by a catastrophic failure exponentially. Ask yourself key questions and make sure you have the answers. How long can systems be inactive for? How would you restore critical applications? Where would these be restored to? How long would it take you to restore systems from backups? What systems can your business not do without? What is the priority recovery order of systems and functions?

Look at who is responsible for disaster recovery in your business. If the current answer is no one, it’s important to task an individual, team or outsourced organisation with your company’s security protection.


The bottom line: your business needs both

Business continuity planning requires strategy. It deals in the continuity of services during downtime. Meanwhile, a disaster recovery plan aims to restore data and applications as quickly as possible when disaster strikes.

In order to survive a data breach, your business needs both, and both plans need to explore a range of circumstances, factors and possible outcomes.

This is why seeking support is a good idea. With experts in recovery and disaster on hand, SRM are always ready to support your business before, during an after an incident occurs.

Get in touch with SRM today by clicking here, or give us a call on 03450 21 21 51.


Back to top