Often the terms Disaster Recovery Planning and Business Continuity Planning are used interchangeably. However, they are quite different and you need both to ensure your business can survive a disaster.

Business Continuity Plan

A Business Continuity Plan (BCP) is a plan that ensures people, processes and tools can be effective during a disaster or an extended period of disruption. With events like the earthquake in Christchurch, NZ, we at Digital Journey know disasters can be real and will materially affect businesses that are not prepared.

In the event of a disaster, you will need to consider how to manage staff as well as how you will access resources and data, so your BCP would generally cover most or all of your critical business processes and operations, enabling you to identify risks and outline mitigation plans to reduce the negative impact on your services.

Depending on your organisation a BCP could include everything from technology viruses to terrorist attacks. For a small company your BCP could be a 1-2 page document, consisting of; a list of potential threats, the primary tasks to keep the organisation running, location of staff personal contact information, data backup locations and recovery processes. For a hospital however, it may be 50 pages and it's creation could involve many people.

An important component of your BCP is the Disaster Recovery Plan.

Disaster Recovery Plan

The Disaster Recovery Plan is generally focused on the technology and infrastructure that supports your organisation's operations. In disaster recovery planning you would generally look at what technology applications and services are 'mission critical'.

The two most important factors associated with disaster recovery planning are the recovery point objective (RPO) and the recovery time objective (RTO).

The RPO is the point in time to which are recovering your data. For example, are you ok with losing all data created in the last month? The last week? The last 24 hours?

The RTO is the maximum time you will tolerate an IT system, network or application to be unavailable. For example, can your organisation function without email for an hour? A day? A week?

Once you have decided the RPOs and RTOs for critical IT services and applications you should then check that your backup regime reflects that. This is often a key incentive for organisations to consider storing information, or using applications in the Cloud as it can support you working anywhere that an Internet connection is available.

Don't forget to test your Disaster Recovery Plan to make sure you can be back up and running with the services you require and within the timeframes you expect.

Where do I start?

For a guide to how to prepare your organisation take a look at 'Shut Happens SME business disaster recovery guidance - it's a pragmatic overview of the 'bare essentials'. 

Also, read this interesting article in CIO about 4 tech trends in Disaster Recovery which looks at how inexpensive online technologies are making maintaining business continuity easier.

Finally, for a great resource including templates and example plans check out the Queensland Government's guides on Business Continuity Planning and Disaster Recovery Planning.