Blog

The Difference Between Business Continuity and Disaster Recovery

Hello,

My name is Roseanne.

In this presentation, I want to cover some of the basics of why companies need to take disaster planning very seriously, and to give you an idea of the difference between Business Continuity and Disaster Recovery. These are 2 very important concepts, and knowing the difference between the 2 can help you plan more effectively for a potential disaster.

Business continuity and disaster recovery are amongst the most unpleasant tasks of business planning, but they also offer some of the highest paybacks.

Unfortunately, many IT professionals and business executives seem to perceive business continuity and disaster recovery planning as a type of black hole which endlessly consumes time and resources in order to prepare for an event that will probably never happen.

And by the time that the true value of these processes become apparent, it’s probably already too late to act.

Too often, when asked how they prepare for an emergency, companies will say that they back up their data every day. Sadly, this is not enough.

For example:

  • It’s not uncommon for companies to back up their systems and lock the backup tapes inside of a fire-retardant safe. Fires are amongst the most common catastrophic disasters to affect businesses. But although these safes are fireproof, they won’t stop the backup tapes from melting. In order to be effective, backups MUST be taken to an off-site location.
  • Many authoritative sources have reported that 80% of companies that suffer critical data loss will close their within 2 years.
    In addition to data protection, there are a number legal, public relations, organizational and safety considerations which must be taken into account.
  • In the chaos of an emergency, the “Broken Window” effect might come into play. Normally ethical employees might see an absence of authority and leadership as an opportunity for fraud or theft. This was seen in the LA riots of 1992.
  • If HR is unable to maintain payroll functionality in a disaster, this may cause severe inconvenience to employees who were relying on that money to make emergency purchases such as food, hotel rooms or transportation.
  • After an emergency, your company might be forced to demonstrate to a Judge that it had employed proper disaster planning best-practices in order to minimize the damage to employees, customers and stakeholders. Failure to show that you were adequately prepared can result in severe legal penalties.

As you can see, this is a company-wide problem. Preparing for disaster can be very complex, and requires a more and strategic approach.

Although IT is usually in charge of implementing the business continuity and disaster recovery plans, the actual planning process should not be placed solely on the shoulders of the IT department. Without proper insight into the business processes of each department, it will be impossible for IT – or anyone else in the company – to adequately prepare and budget for a disaster.

While it’s said that business continuity and disaster recovery planning should primarily be the responsibility of the IT department, the reasons for this aren’t quite obvious. One of the biggest mistakes is to assume that – because IT is in charge of disaster planning – that business continuity and disaster recovery should be strictly approached from a technological point of view.

But as I’ve illustrated previously, disaster planning is a business problem that affects everyone in the company. From the CEO to the front-line working staff.

Since every piece of information that flows through the company will eventually pass through the IT department, IT personnel are in the unique position of having deep insight and understanding of the daily operations of each departments… as well as constant communications with key decision makers within those departments.

This unique position is the REAL reason why IT should be tasked with disaster planning. But despite this, a plan must be developed and implemented with top down support across all organizational departments. Without this insight and cross-departmental participation, it will be impossible to put together a proper plan.

So what do we mean when we say disaster recovery and business continuity?

Although the 2 terms seem very similar and have a lot of overlap, they are actually quite different. Your company needs to know the difference between the 2, and create a detailed plan for each.

The disaster recovery plan stipulates how a company will prepare for a disaster, what the company’s response will be in the event of a disaster, and what steps it will take to ensure that operations be restored.
This plan must include many possible scenarios since the causes of disaster can vary greatly. These can include things such as:

  • Deliberate criminal activity
  • Natural disaster such as fire
  • A stolen laptop
  • Power outages
  • A fire
  • A terrorist attack

There are hundreds of possible disaster scenarios, and they vary based on culture, geography and industry.
It’s also important that the disaster recovery plan be distributed across the organization so that everyone knows their role within the plan. When a real disaster occurs, things can get very hazy. So everybody must know their own roles within the disaster recovery process, and also know how to take over the roles of teammates who are unable to perform their duties.

The business continuity plan is a fairly new methodology that stipulates what steps a company must take to minimize the effects of service interruption. Back when companies were primarily paper-driven and information processing was done using batch processing, companies could tolerate a few days of downtime.

But as technology became faster and cheaper, companies began computerizing more of their critical business activities. Companies needed to have systems in place that would minimize the impact of unplanned downtime.

The first major event to demonstrate the importance of business continuity planning was the Y2K crisis. Since then, it’s been a standard function of corporate IT planning.

One typical example of business continuity would be the electric generators used by hospitals to ensure that patients can still be cared for in the event of a power outage.

Although the ideal IT continuity solution would be to have all of the company servers replicated to an off-site location, this is often unnecessary and prohibitively expensive. Another alternative would be to triage different business processes, and assign resources only to the most critical IT systems. This requires insight into the business priorities of other departments.

For example: Many companies will argue that the email servers are business critical. But what will the scope be in an emergency?

  • Do employees only need to send and receive emails?
  • Do employees only need access to email archives?
  • Will employees need access to shared schedules and contact lists during this downtime?
  • Will employees be sending or receiving attachments during this downtime?
  • How many locations within the organization will require email access?
  • Will email access be provided for employees across the enterprise, or only for certain key people?

As scope grows, so does the complexity and cost of maintaining high availability for these systems.

  • If the credit card system at a supermarket goes offline, they could lose a lot of money. But the cost of such an incident is rarely enough to justify the purchase of a second credit card system. A more cost-effective solution would be to process credit cards manually using a roller-imprinter until the main systems come back online.
  • Within recent years, many companies have started using cloud-based applications because of their resiliency, and ability to continue operating in the event that the primary company datacenter should go offline.

And that’s the major difference in a nutshell.

Disaster recovery describes all of the steps involved in planning and adapting to potential disaster, with a roadmap which will restore operations while minimizing the long-term negative impact on the company.

Business continuity ensures that all of the most essential business functions will remain available after a disaster… until the disaster recovery process can be completed. This will minimize the short-term negative impact of the event on the company, its employees and its customers.

I hope that this presentation was helpful to you.

If your company would like help with its disaster recovery or business continuity, make sure to visit Storagepipe Solutions on the web at Storagepipe.com.

They offer a wide range of cost-effective, cloud-based business continuity and disaster recovery solutions for organizations of all sizes.

Leave a Reply