Business Continuity Planning and Disaster Recovery Planning
A disaster recovery plan -- sometimes referred to as a business continuity plan or business process contingency plan -- describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions.
"The plan is not complete until you test it, and when you're done, you need to test it, and when you're all finished -- test it."
Until the plan is tested, it can't be considered usable.
Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.
Disaster recovery is becoming an increasingly important aspect of enterprise computing. As devices, systems and networks become ever more complex, there are simply more things that can go wrong.
As a consequence, recovery plans have also become more complex. Appropriate plans vary greatly from one enterprise to another, depending on variables such as the type of business, the processes involved and the level of security needed. Disaster recovery planning may be developed within an organization or purchased as a software application or a service. It is not unusual for an enterprise to spend 25% of its information technology budget on disaster recovery.
Is there any difference between Disaster Recovery and Business Continuity Planning?
"Disaster Recovery" is the process by which you resume business after a disruptive event. The event might be something huge-like an earthquake or the terrorist attacks or something small, like malfunctioning software caused by a computer virus.
"Business Continuity Planning" suggests a more comprehensive approach to making sure you can stay in business. Often, the two terms are married under the acronym BC/DR. At any rate, DR and/or BC determines how a entity will keep functioning after a disruptive event until its normal facilities are restored.
Note: More questions are available via the UGA InfoSec Frequently Asked Questions section.
