What do businesses need to know when making plans for disaster recovery and business continuity? We explain the difference between the terms.
In many respects, making the distinction between disaster recovery and business continuity is something of a contrivance. The two are intrinsically linked.
As technology becomes an increasingly important part of day-to-day operations – even second-to-second operations for some businesses – the two disciplines of disaster recovery and business continuity are overlapping more than ever.
However, let’s consider what each of the terms mean.
Disaster recovery is an IT term. It is all about managing critical business data and information so it can be recovered and reinstated following a disaster.
As such, it represents one critical element of business continuity.
Business continuity is a wider term which refers to the planning and processes required to get the business functioning commercially following a disaster.
Given that so many critical operational processes are today so reliant on systems and data, it is easy to see why the two terms of disaster recovery and business continuity increasingly overlap.
Of course, this means that the associated planning and activities increasingly overlap too: which has led to a growing trend to combine disaster recovery and business continuity into a single term; BCDR.
The benefit this combined term brings is a renewed emphasis on the need for IT (which is traditionally responsible for disaster recovery planning and resourcing) and the business (which must lead business continuity planning) to work together.
Effective BCDR strategies and implementation require close collaboration between the business and IT. The business brings the understanding of what it would take to resume operations in the wake of a disaster, and IT brings the technology understanding to specify what systems are required to support that.
Given this, both disaster recovery and business continuity planning must begin with the business.
First, business continuity planning must assess the potential risks – from the impact of a rogue employee or computer virus, through workmen cutting through the communications cable into the building, to major events such as a fire or terrorist attack.
It is up to the business to define what would be required in order to resume commercial operations in the wake of each of the threat scenarios. In terms of business continuity, this will not be limited to just data and systems – it must consider other aspects such as premises, people and physical assets such as desks and telephones; indeed, everything that is required to get things up and running again.
While the business can make arrangements for secondary locations, staffing decisions and equipment sourcing, IT will take ownership for planning how to recover data and restore systems in the event of a disaster. In this way, IT’s disaster recovery plans support the overall business continuity plan.
Each of the information systems (and their data) in use will have a recovery point objective (RPO) and a return to operation (RTO) objective that the business must define.
• Recovery Point Objective (RPO) is the measurement of how far back you are prepared to lose data.
• Return to Operation (RTO) is the measurement of how long it takes to get things up and running again from the point disaster recovery is invoked.
Each system and data set used by the business may have a different RPO and RTO.
In our 24/7, just-in-time, next-day-delivery, rising-expectations world, organisational tolerance for downtime is constantly shrinking. This means RPOs and RTOs are shrinking commensurately – placing ever-greater pressure on both disaster recovery and business continuity planners and operational leaders.
We’ll look at how to respond to this challenge and ensure the success of your disaster recovery and business continuity plans in a subsequent blog.
For further advice about business continuity and/or disaster recovery planning, contact us today on 0808 164 4142.