Business Continuity vs Disaster Recovery

The following article covers the basics of why organizations need to take disaster planning very seriously and explains the difference between business continuity and disaster recovery. These are two very important concepts, and knowing the difference between the two can help you plan more effectively for a potential disaster.

Business continuity and disaster recovery are some of the most undesirable tasks relating to business planning yet are crucial to an organization’s wellbeing. Unfortunately, many IT professionals and business executives perceive business continuity and disaster recovery planning as a type of black hole that endlessly consumes time and resources to prepare for an event that probably will never happen, and by the time the true value of these processes become apparent, it’s too late to act. When asked how they prepare for an emergency, organizations often say they back up their data every day. Sadly, this is not enough.

For example, it’s not uncommon for companies to back up their systems and lock the backup tapes inside a fire retarded safe. Fires are amongst the most common catastrophic disasters to affect businesses. Although these safes are fire proof, they won’t stop the backup tapes from melting. In order to be effective, backups must be stored at an off-site location. Many authoritative sources have reported that 80% of companies that suffer critical data loss will close their doors within two years.

In addition to data protection, there are a number of legal, public relations, organizational, and safety considerations that must be taken into account. In the case of an emergency, the chaos often leads the the broken window effect. Unethical employees might see the absence of authority and leadership as an opportunity for fraud or theft. If HR is unable to maintain payroll functionality during a disaster, severe inconveniences could happen to employees that rely on that money to make emergency purchases, such as food, hotel rooms, or transportation.

After an emergency, your organization may be forced to demonstrate to a judge that it had employed disaster planning best practices to minimize damages to employees, customers, and stakeholders. Failure to show adequate preparation can result in severe legal penalties.

As you can see, this is a company wide problem. Preparing for a disaster can be complex and requires a strategic approach.

Although IT is usually in charge of implementing the business continuity and disaster recovery plans, the actual planning process should not be placed solely on the shoulders of the IT department. Without proper insight into the business processes of each department, it’s impossible for IT or anyone else in the company to adequately prepare and budget for a disaster. While it’s said that business continuity and disaster recovery planning should primarily be the responsibility of the IT department, the reasons for this aren’t quite obvious. One of the biggest mistakes organizations often commit is to assume business continuity and disaster recovery should be strictly approached from a technological point of view since it’s managed by IT, but as mentioned previously, disaster planning is a business problem that affects everyone in the company, from the CEO to the front-line working staff.

Since every piece of information that flows through the company will eventually pass through the IT department, IT personnel are in the unique position of having deep insight and understanding of the daily operations of each department, as well as constant communications with key decision makers within those departments. This unique position is the real reason why IT is tasked with disaster planning. Regardless, a plan should be developed and implemented with the support across the entire organization. Without this insight and cross-departmental participation, it’s impossible to put together a proper plan.

So what’s the difference between business continuity and disaster recovery? They both seem very similar and have a lot of overlap, yet they’re quite different. Your organization should know the difference between the two and create a detailed plan for each.

The disaster recovery plan explains how a company will prepare for a disaster, what the company’s response will be in the event of a disaster, and what steps it will take to ensure that operations be restored. This plan must include many scenarios since the causes of disasters vary greatly. This includes deliberate criminal activity, natural disasters, a stolen laptop, power outages, a terrorist attack, etc. There are hundreds of possible disaster scenarios that vary based on culture, geography, and industry. It’s also important the disaster recovery plan be distributed across the organization so everyone knows their role within the plan. When a real disaster occurs, things can get hazy, so everyone must know their own roles within the disaster recovery process, and also know how to take over the roles of teammates who are unable to perform their duties.

The business continuity plan is a fairly new methodology that lays out what steps an organization must take to minimize the effects of service interruptions. When organizations were primarily paper driven, with information processing done through batch processing, they could tolerate a few days of downtime. As technology improved, organizations started computerizing business activities. Organizations required systems that would minimize the impact of unplanned downtime. One of the first events that proved the importance of business continuity planning was the Y2K crisis. Since then, business continuity has been a standard practice of corporate IT planning. A typical example of business continuity would be the electric generators used by hospitals to ensure patients can still be cared for during a power outage. Although the ideal continuity solution would be to have all company servers replicated to a off-site location, this is often unnecessary and prohibitively expensive.

Another alternative would be to triage different business processes and assign resources only to the most critical IT systems. This requires insight to business priorities of other departments. For example, many companies argue that email servers are business critical. But what is the scope in case of an emergency? Do employees only need to send and receive emails? Do employees only need access to email archives? Will employees need access to shared schedules and contact lists during downtime? Will employees be sending and receiving attachments during downtime? How many locations within the organization will require email access? Will email access be provided to employees across the enterprise or only to key individuals?

As scope grows, so does the complexity and cost of maintaining high availability for these systems. If the credit card system at a supermarket goes offline, they can lose a lot of money. But the cost of such an incident rarely justifies the cost of purchasing of a second credit card processing system. A more cost effective solution would be to process credit cards manually with a roller imprinter until the main systems come back online. Within recent years, many companies have started using cloud based applications because of their resiliency and ability to operate when the company’s primary data center goes offline.

That’s the major difference between the two in a nutshell. Disaster recovery describes the steps involved in planning and adapting to potential disasters with a roadmap that restores operations while minimizing the long-term negative impact. Business continuity planning ensures all of the most essential business functions remain available after a disaster until the disaster recovery process can be completed. This will minimize the short-term negative impact of the event on the company, its employees, and its customers.

If your company would like help with its disaster recovery or business continuity planning, contact RackWare.