What's the difference between Business Continuity and Disaster Recovery?
We get asked that question a lot. What's the difference between Business Continuity and Disaster Recovery? And what's 'resilience' for that matter?
It's an interesting question, and there are specific industry and expert definitions. But, confusingly, they are often used interchangeably. In a broader business context, this is unhelpful.
According to the BCI & DRJ, the definition of "Business Continuity" is:
"The strategic and tactical capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level.
The capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident."
And the definition of "Disaster Recovery" is:
"The process, policies and procedures related to preparing for recovery or continuation of technology infrastructure, systems and applications which are vital to an organization after a disaster or outage.
The strategies and plans for recovering and restoring the organizations technological infra-structure and capabilities after a serious interruption."
In a nutshell, "Business Continuity" is your organisation's ability to deliver its products and services.
"Disaster Recovery" is specific to technology and how you 'recover' from an incident.
Databarracks often use "IT Disaster Recovery" to make this distinction clearer. An "IT Disaster Recovery Plan" can be one of several procedures that sit within a Business Continuity plan.
Some real-life examples of Business Continuity vs Disaster Recovery:
Key ingredients in a Business Continuity Plan
Suppliers – ensuring your key raw materials are delivered - even if there's a problem with your primary supplier
Building and work environment – Alternative resources to continue working, and/or giving staff remote access to systems if they can't get to the office
People – ensuring there is always enough staff to continue business operations
Key ingredients in a Disaster Recovery Plan
Strategies for failing-over to replica systems following a fire in the primary server room
Processes for recovering data from backups after a malware infection
So what is IT resilience?
Continuity doesn't just mean recovering from incidents. In fact, there is an argument that the term "Disaster Recovery" is harmful because it focuses on the (rare) disasters.
A lot of what we do in IT is ensuring uptime and resilience rather than "Disaster Recovery". Some examples of creating IT resilience in practice:
Load balancing (improving performance and reliability by ensuring there isn't one point of failure)
Cyber prevention tools e.g. anti-virus, anti-spam etc.
A Business Continuity Plan is the foundation for keeping every aspect of your business operational. Should trouble arise, Business Continuity measures keep the wheels turning. Disaster Recovery is a key aspect within that plan, recovering your IT systems following an incident. These measures all improve your business' resilience.