Prepare for Emergencies with Business Continuity and Disaster Recovery Plans

business continuity management and disaster recovery planning

How a company responds during an emergency or other unexpected event can drastically impact how quickly it can resume operations and its prospects for future success. Planning ahead and having systems in place for such events can be just as important as the actual response once an event occurs.

To prepare, companies should have both business continuity plans and disaster recovery plans in place. While business continuity and disaster recovery plans are two separate types of plans, they should complement each other as there are many similar concerns for each.

Below, we outline how these plans differ and steps your company can take to design effective plans should an emergency arise:

  • What Is a Business Continuity Plan?
  • What Is a Disaster Recovery Plan?
  • How Does Disaster Recovering Planning Differ from Business Continuity Planning?
  • What Types of Events Should Be Included in a Disaster Recovery Plan?

What Are the Benefits of Planning Ahead?

How Do You Test a Disaster Recovery Plan?

A business continuity plan is a predefined approach and procedure for how a business will continue to run when coping with an emergency.

A disaster recovery plan is a predefined approach and procedure for restoring the business to full functionality, following a system failure or compromise, while keeping the impact to a minimum.

While a business continuity plan focuses on defining how business operations should function under abnormal circumstances during a disaster or emergency, a disaster recovery plan focuses on getting applications and systems back to normal.

Business emergencies can include events that are intentionally or accidentally caused by humans as well as natural disasters.

Potential disasters and threats can include the following:

 Regardless of the origin, business disasters may cause:

Business continuity planning and disaster recovering planning both provide several benefits to your organization, especially when they’re drafted in tandem, including:

People and Property Protection

Having emergency plans in place can help safeguard life and property of the company and its employees. The Occupational Safety and Health Administration (OSHA) even requires companies with more than 10 employees to write these plans in compliance with its Regulation 1910.38 Emergency Action Plans .

Morale Boost

When employees know plans are in place, they may feel safer. This can help boost morale and potentially increase business value perception to buyers who recognize the responsibility and preparedness of the company.

Improved Decision-Making

Planning ahead allows for systemic, structured, and timely implementation of your plan and helps you make decisions based on the best available information, should an emergency occur.

It also provides room to be dynamic and responsive to change. Flexibility can allow you to take human and cultural factors into account, such as supporting workers with medical needs or managing teams that operate across geographic regions, and allows the company to be transparent and inclusive with its plans.

Even if you haven’t faced an emergency, planning for one can help facilitate continual improvement of the organization and become an integral part of all organizational processes.

Risk Management

Managing risk for organizations includes risks posed by relationships with third parties, such as service providers or vendors. These third parties can play a significant part in the overall risk for an organization based on the types of data they have access to or handle. They can also be used to provide recovery services or high availability for systems that need to meet high levels of up time.

For companies serving highly regulated industries, such as health care, financial services, and utilities, third-party risk management often includes assessing business continuity plans and disaster recovering plans. By documenting and testing these plans, organizations are better equipped to meet the expectations of those they serve.

There are several key factors to consider when creating a business continuity plan. While employees and customer safety should be your top concern, there are also other areas of focus that are especially important.

Business continuity planning should focus on:

To prepare for those concerns, a business continuity plan should define processes and procedures for the following:

Steps to assess various risks should include the following:

Primary and secondary points of contact should be determined internally and externally. It may help to create templates or prewritten communications as well as communications schedules that can be deployed immediately in the event of an emergency. This helps put plans into action and address employee and public concerns.

Emergencies can require all hands on deck, so it’s important to identify top personnel and their responsibilities in your plan, as well as team members to serve as alternates in case the primary role player is unavailable.

Responsibilities should be defined and assigned for the following roles:

Employees will need to be notified and provided instruction in an emergency situation. Employee contact information should be up-to-date and easily accessible with departmental organizational charts as well as cell and home phone numbers and emergency contact information included.

Planning should also consider the likelihood that communications systems may be inaccessible and define alternative means of connecting with employees and team members, including any third parties supporting business continuity efforts.

What Safety and Security Measures Are Included?

First-aid kits and other resources should be inspected at least on a monthly basis. Identify local hospitals, medical treatment options, and available 911 services so the correct parties can be contacted as quickly as possible if needed.

Evacuation and Access to Property

Evacuation plans from all company buildings should be readily available, and employees can be instructed on evacuation routes through drills. Additionally, they should be provided directions to shelter and safe areas.

For those not at a company location or to plan for how to access property following an emergency, alternate routes to key facilities should also be provided in the event of damaged roads.

How Will You Access Contractors, Support Equipment, and Utility Companies?

Should you require the assistance of emergency personnel, repairs to infrastructure, or equipment, it’s important to consider how you’ll access these resources. Contractor contact information and tools and equipment requirements, as well as rentals, should be readily available.

Equipment you should consider having access to includes the following:

In addition to requesting these materials, it’s important to make sure anyone who will come in contact with the equipment has a deep knowledge of how to properly operate machinery and assess any safety concerns.

Other important vendors and contacts to have easy access to include the following:

Do You Have Proper Insurance?  

Should damage take place to your property or if people are harmed, you’ll want to make sure the proper insurance protocol is in place. You should be able to easily access the contact and claims reporting information for the following:

Insurance concerns can also extend to cars and other vehicles, so it’s important to have access to vehicle identification numbers (VINs) in case they go missing or are damaged.

The purpose of disaster recovery planning is to support critical operations by returning IT systems to full functionality. This should be prioritized based on customer needs, regulatory requirements, and the importance to your organization or the operations that the IT system supports.

You should be able to determine the availability of workaround options compared to work stoppages to do the following:

A disaster recovery plan has many of the same elements of a business continuity plan that need to be documented and defined ahead of time, but there are several key elements that are different. These elements include:

A business impact analysis is essential for determining and evaluating the effects of an interruption to critical business operations. It assesses a disaster’s impact over time and helps establish recovery strategies, priorities, and requirements based on system criticality.

Business leaders and management should be involved in determining the system recovery priorities as this analysis will be used to document the critical systems, document dependencies with other systems, and prioritize the system recovery efforts.

What Is the Importance of Communication Processes and Role Assignments?

Communication is a key process during the recovery effort so recovery teams should understand their roles and responsibilities. A disaster recovery coordinator should be established, along with a backup to this position. These persons will be responsible for coordinating, communicating, and managing staff during the recovery efforts.

An emergency response team should also be documented as these personnel will be responsible for the actual recovery of the systems. They will need to prepare the recovery site for operation, coordinate recovery steps and activities, interface with system vendors, and ensure recovery is complete once systems are restored.

Disaster preparedness is rooted in an agreed-upon backup strategy that addresses acceptable recovery time and data loss, adequate system redundancy, and sound data restoration processes. The data backup plan details the backup strategy employed to ensure that data is available in order to restore systems during emergency and nonemergency situations.

This plan outlines the backup strategy for all of the critical systems identified in the business impact analysis. The recovery and response action plan provides detailed steps on the recovery procedures that need to be performed in order to restore systems and data. The recovery steps are critical as they will help guide staff in the steps necessary to fully recover a system.

Once a plan is in place, perform tests that help verify that it can be properly executed.

Diverse testing methods must be deployed so that multiple scenarios can be addressed and tested. Suggested testing methods include the following:

Testing can be done for several purposes including the following:

We’re Here to Help

Emergency preparedness is all about planning, training, and maintaining a supportive culture. To learn more about how your business can organize business continuity and disaster recovery plans and confidently test and execute them, contact your Moss Adams professional.

Assurance, tax, and consulting offered through Moss Adams LLP. ISO/IEC 27001 services offered through Cadence Assurance LLC, a Moss Adams company. Wealth management offered through Moss Adams Wealth Advisors LLC. Services from India provided by Moss Adams (India) LLP.

Related Topics

Contact us with questions.

Tech Accelerator

What is bcdr business continuity and disaster recovery guide.

Business continuity (BC) and disaster recovery (DR) are closely related practices that support an organization's ability to remain operational after an adverse event.

Resiliency has become the watchword for organizations facing an array of threats, from natural disasters to the latest round of cyber attacks.

In this climate, business continuity and disaster recovery (BCDR) has a higher profile than ever before. Every organization, from small operations to the largest enterprises, is increasingly dependent on digital technologies to generate revenue, provide services and support customers who always expect applications and data to be available.

"Mission-critical data has no time for downtime," said Christophe Bertrand, practice director of data management and analytics at Enterprise Strategy Group (ESG), a division of TechTarget. "Even for noncritical data, people have very little tolerance."

More than two-thirds of respondents to Uptime Institute's 2021 Global Data Center Survey had some sort of outage in the past three years. And disruption isn't just an inconvenience for customers.

"[W]hen an outage occurs, about a fifth are classified as severe or serious, meaning there were big financial, reputational and other consequences," according to Uptime Institute, a Seattle-based data center standards organization.

Why is BCDR important?

The role of BCDR is to minimize the effects of outages and disruptions on business operations. BCDR practices enable an organization to get back on its feet after problems occur, reduce the risk of data loss and reputational harm, and improve operations while decreasing the chance of emergencies.

Some businesses might have a head start on BCDR. DR is an established function in many IT departments with respect to individual systems. However, BCDR is broader than IT, encompassing a range of considerations -- including crisis management, employee safety and alternative work locations.

A holistic BCDR approach requires thorough planning and preparation. BCDR professionals can help an organization create a strategy for achieving resiliency. Developing such a strategy is a complex process that involves conducting a business impact analysis (BIA) and risk analysis as well as developing BCDR plans, tests, exercises and training.

Planning documents -- the cornerstone of an effective BCDR strategy -- also help with resource management, providing information such as employee contact lists, emergency contact lists, vendor lists, instructions for performing tests, equipment lists, and technical diagrams of systems and networks.

BCDR expert and consultant Paul Kirvan noted several other reasons for the importance of BCDR planning:

An organization should strive for continual improvement, driven by the BCDR process.

BCDR layers

What is business continuity and disaster recovery?

An organization's ability to remain operational after an incident relies on both BC and DR procedures. The goal of BCDR is to limit risk and get an organization running as close to normal as possible after an unexpected interruption. These practices also reduce the risk of data loss and decrease the chance of emergencies, which helps maintain and even improve the organization's reputation.

The trend of combining business continuity and disaster recovery into a single term, BCDR, is the result of a growing recognition that business and technology executives need to collaborate closely when planning for incident responses instead of developing schemes in isolation.

What's the difference between business continuity and disaster recovery?

BC is more proactive and generally refers to the processes and procedures an organization must implement to ensure that mission-critical functions can continue during and after a disaster. This area involves more comprehensive planning geared toward long-term challenges to an organization's success.

DR is more reactive and comprises specific steps an organization must take to resume operations following an incident. Disaster recovery actions take place after the incident, and response times can range from seconds to days.

BC typically focuses on the organization, whereas DR zeroes in on the technology infrastructure. Disaster recovery is a piece of business continuity planning and concentrates on accessing data easily following a disaster. BC includes this element but also considers risk management and any other planning an organization needs to stay afloat during an event.

There are similarities between business continuity and disaster recovery. They both consider various unplanned events, from cyber attacks to human error to a natural disaster. They also have the goal of getting the business running as close to normal as possible, especially concerning mission-critical applications. In many cases, the same team is involved with both BC and DR.

What's the difference between business resilience and business continuity?

Business resilience  and  resiliency  began appearing in the BCDR vocabulary in the early 2000s. Resilience, at times, has been used interchangeably with business continuity, but the terms have different shades of meaning .

Kirvan said a resilient business can return to its previous operational state following an event that shut it down. Business continuity management, technology disaster recovery and incident response are among the disciplines that fuel an organization's resiliency.

Resilience focuses on building a business to be impervious to potential disruptions of various kinds, according to Jeff Ton, strategic IT advisor at InterVision Systems, an IT service provider with regional headquarters in San Jose, Calif., and Chesterfield, Mo. Business continuity, in contrast, involves resuming operations from an outage once it has occurred, Ton noted.

Resiliency "is more about being able to resist and withstand issues, and business continuity is about being able to continue business after something has disrupted your business," Ton said.

Using a rubber band analogy, Ton said an event might stretch an organization; but, if resiliency has been achieved, it resists and reassumes its shape. Business continuity kicks in when the rubber band snaps and the organization takes steps to address the breakage, he added.

ESG's Bertrand said business continuity revolves around the ability to fail over and maintain systems at a high level of availability, while resilience is the ability to resist disruption and prevent problems from happening in the first place.

What’s the difference between organizational resilience and operational resilience? 

The idea of resilience and its role in business continuance has also diversified into the concepts of organizational and operational resilience. 

Organizational resilience (OR) is the ability of the entire organization to guard against disruptive events. The entire organization includes all personnel in every department or business unit; the applications, infrastructure and other technologies across the enterprise; facilities, including buildings and workspaces; and the processes and policies involved in running the organization. 

In order for OR to be fully realized, every element of the organization must be protected from adverse events and demonstrate the capability to change and adapt -- even just temporarily -- to continue running the business until the disruption is alleviated and normal operations are restored. 

Operational resilience (OpR) is generally regarded as a close subset of organizational resilience, but OpR focuses on the people, processes and infrastructure of the business to respond and adapt to changing patterns. It's worth noting that this description isn't solely about BCDR but can apply to any issues or situations that affect business conditions.  

Where OR takes a more holistic view of resilience, OpR slants the view in favor of resilience issues involved in running the business day to day. There are several standards that relate to OpR, including international standard ISO 22316:2017 and British standard BS 65000:2014.  

OR and OpR require careful attention to prediction and planning so potential disruptions are identified and prepared for in advance. Disruptions that aren't considered or planned for can overcome an organization's resilience posture and cause major, long-lasting business impacts. 

Business resilience plan

The role of risk analysis, BIA and BCDR strategies

Risk analysis and BIA are critical tools for organizations facing the question of how to build a BCDR strategy.

Determining internal and external risks is important to the BCDR process. The risk analysis identifies risks and the likelihood they will occur. This risk assessment works in tandem with the BIA, which helps quantify the potential effects of disruption. Financial analysis is one aspect of a BIA, but this exercise also considers the non-financial costs of unplanned outages. In addition, the BIA identifies the mission-critical functions an organization must maintain or restore following an incident, and the resources needed to support those functions.

It's important to gain management support when pursuing a BIA, given the intensity of the process. The BIA provides a way for an organization to learn about itself and details opportunities for improvement.

An organization uses risk analysis and BIA data to determine business continuity and disaster recovery strategies and the appropriate responses. Each strategy is turned into a series of actions that will help achieve operational recovery, such as data replication, failing over to a cloud-based service , activating alternate network routes and working remotely.

Why should you use BCDR, and when should it be activated?

Motivations for an organization developing a BCDR strategy might include protecting the lives and safety of employees, ensuring the availability of services to customers and protecting revenue streams. Competitive positioning and reputational management are factors that often underlie other motivators: A business perceived as unable to protect employees or deliver services will struggle to attract workers and customers.

The regulatory and compliance environment also influences organizations in their pursuit of BCDR. The HIPAA Security Rule, for example, requires covered entities such as hospitals to provide an emergency mode operation plan, which includes "procedures to enable continuation of critical business processes for protection of the security of electronic protected health information."

The Financial Industry Regulatory Authority (FINRA), an organization that oversees broker-dealers, requires firms to "create and maintain written business continuity plans" that address emergencies or disruptions to the business. FINRA spells out its required business continuity measures in its emergency preparedness rule.

U.S. federal agencies, meanwhile, are also required to develop BCDR strategies, which in government terminology are called continuity of operations plans . The aim is to "ensure that essential government services are available in emergencies -- such as terrorist attacks, severe weather, or building-level emergencies," according to the Government Accountability Office.

Customers might also put pressure on businesses to develop adequate BCDR plans. An assessment of a organization's BCDR stance might be part of a prospective client's vetting process. Federal regulators, such as the Office of the Comptroller of the Currency, encourage banks to include resilience as part of the vendor due diligence process. Specifically, OCC Bulletin 2013-29, "Third-Party Relationships: Risk Management Guidance," states that banks should "determine whether the third party maintains disaster recovery and business continuity plans that specify the time frame to resume activities and recover data."

The "why" of BCDR potentially has many answers, and the "when" of business continuity and disaster recovery is similarly nuanced. Organizations must weigh several factors before declaring a disaster and triggering the BCDR plan. Chief among those are the expected duration of the outage, the outage's effects on the organization, the financial cost of activating the BCDR plan and the BCDR plan's potential for causing disruption. Paradoxically, the process of failing over from an organization's primary place of business to a backup facility -- and then failing back after an event -- might significantly interrupt operations, noted Paul Thomann, regional principal for cloud and data center transformation at Insight Enterprises Inc., an IT services provider based in Tempe, Ariz.

Accordingly, an organization's leadership must carefully size up when to enact the BCDR plan. Migrating to a backup facility, Thomann said, "comes with an impact to the budget." An organization, for instance, might deem a six-hour outage not significant enough to make the disaster call.

That decision, particularly in larger enterprises, is typically made by a committee rather than an individual executive, Thomann said. The committee might consist of the CEO, CFO, CIO and other C-suite executives, he added.

How to build a BCDR plan

Organizations can break down a BCDR plan into BC and DR components.

Specifically, according to BCDR consultant Kirvan, a business continuity plan ( BCP ) contains contact information, change management procedures, guidelines on how and when to use the plan, step-by-step procedures and a schedule for reviewing, testing and updating. A disaster recovery plan ( DRP ) features a summary of key action steps and contact information, the defined responsibilities of the DR team, guidelines for when to use the plan, the DR policy statement, plan goals, incident response and recovery steps, authentication tools, geographical risks and plan history. The DRP should also take staffing into account, ensuring that personnel able to execute the various steps of a DR plan are always available to enact critical recovery tasks.

Good business continuity and disaster recovery plans are clear about the varying levels of risks to the organization; provide well-defined and actionable steps for resilience and recovery; protect the organization's employees, facilities and brand; include a communications plan; and are comprehensive in detailing actions from beginning to end.

A BCDR policy is an important initial step. The policy sets the foundation for the process and typically covers the scope of the business continuity management system, which employees are responsible for it and the activities performed, such as plan development and BIA. A policy might also establish a common set of metrics, such as key performance indicators and key risk indicators. The policy aspect is often overlooked, but it's an important business continuity auditing item.

Developing the BCP and DRP typically starts by gathering BCDR team members and performing a risk analysis and BIA. The organization identifies the most critical aspects of the business, and how quickly and to what extent they must be running after an incident. After the organization writes the step-by-step procedures, the documents should be consistently tested, reviewed and updated.

Although certain aspects of the process involve select members of the organization, it's important that everyone understand the plan and is included at some point. The plan should also encompass third parties and the services they provide. A bank, for example, might rely on data that a third-party firm supplies, so the relationship should be documented in the BCDR plan. Such outside entities must be kept in the loop so they understand how the plan is going to work.

Other steps in a BCDR planning checklist include risk mitigation and an emergency communications plan. The latter details the method, or methods, an organization will use to disseminate information on an emergency to employees.

In summary, the process of building a BCDR plan will typically involve the following activities:

BCDR testing

Testing a business continuity and disaster recovery plan provides assurance that the recovery procedures put in place will work as expected to preserve business operations. The testing phase might also highlight areas for improvement, which the organization can address and incorporate into the next version of the plan.

Tests can range from simple to complex. A discussion-based tabletop exercise brings together participants to walk through the plan steps. This type of test helps employees with BCDR roles become more familiar with the response process, while letting administrators assess the effectiveness of the BCDR plan.

On the other end of the testing spectrum, a full-scale test simulation calls for participants to perform their BCDR functions rather than discussing them in a tabletop exercise. These drills might involve the use of backup systems and recovery sites.

Still, testing requires time, funding, management support and employee participation. The testing process also includes pre-test planning, training test participants and reporting on the test.

The frequency of testing varies by organization. Larger enterprises should conduct tabletop exercises at least quarterly, while smaller organizations can test less often, Insight Enterprises' Thomann said. A full BCDR test, which is more time- and resource-intensive, can be conducted annually, he added.

InterVision's Ton also recommended a quarterly testing schedule, with a DR test conducted twice a year with tabletop exercises in between those tests. Business continuity, as a separate test, can be conducted annually. Ton said he's found it more effective to separate the tests because conducting the DR test on its own is less disruptive to the organization.

Periodic testing, plan maintenance and resilience are interrelated. An organization improves its resilience when it updates its BC and DR plans and then tests them continually.

BCDR cost management

Changes in the threat landscape or new business ventures might compel an organization to expand its BCDR coverage. That change in scope could call for spending on consulting services or backup and disaster recovery technologies.

BCDR managers might need to seek new funding for the expanded BCDR plan and resilience technologies if the dollars aren't available in the current budget.

An investment proposal should be built on a business case that emphasizes the positive results the new BCDR capabilities will provide for the organization. The bid for funding should also determine whether the revised BCDR plan will affect other areas, such as cybersecurity. Other steps toward obtaining funding include vetting products and services that support the expanded requirements and preparing a procurement request with enough documentation, according to BCDR consultant Kirvan.

Ton said organizations should strike a balance between the level of investment in BCDR approaches and the anticipated financial effects of a given disaster scenario. "You don't want to come up with a solution that costs 200 times more than the disaster would have," he said.

Asking business leaders from various corporate disciplines to estimate the expected costs associated with different types of events can help organizations establish a baseline from which they can make informed BCDR investment decisions.

Standards, templates, software and services for BCDR planning

Organizations embarking on a business continuity and disaster recovery planning process have numerous resources to draw upon. Those include standards, tools ranging from templates to software products, and advisory services.

"To build a plan, you have many templates that exist and many best practices and many consultants," ESG's Bertrand said. "There's no reason not to have a strong DR plan."

BCDR standards

Government and private sector standards bodies, including the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO), have published BCDR guidelines. The standards, which cover topics from crisis management to risk assessment, provide frameworks on which businesses can build their BCDR plans.

The following is a sampling of standards:

Business continuity and disaster recovery plan templates

Templates provide preset forms that organizations can fill out to create BCDR planning documents. Some templates cover the BCDR plan as a whole or address particular aspects of the BCDR planning.

This general BCP , for example, includes provisions for natural disasters, fires, network service provider outages and floods or other water damage. A planning template can also assist SMBs, which could simplify the process, depending on organization's size and complexity.

A BCDR plan might call for a service-level agreement (SLA), which sets standards for the quality of an organization's BCDR recovery program. It can also help ensure services obtained through third parties, such as DR hot sites, perform at acceptable levels. Kirvan created a template that addresses SLAs for BCDR programs .

As noted above, conducting a BIA can help organizations with business continuity planning. This BIA report template provides a mechanism for documenting parent processes, subprocesses and the financial and operational effects in the event of an interruption.

Organizations can also benefit from scheduling BCDR activities for the ongoing care and maintenance of business continuity strategy. Activities range from scheduling a BIA to reviewing a technology disaster recovery plan.

BCDR software

Specialized BCDR software provides another tool for organizations ready to build a plan. BCDR products, sometimes referred to as business continuity software or business continuity management software, aim to help organizations build business continuity and disaster recovery plans. They typically cover a range of planning activities, such as BIA and risk assessment, and offer incident response capabilities.

Different BCDR approaches

Vendors in the market include Castellan Solutions, Continuity Logic, Dell Technologies, eBRP Solutions Network, Fusion Risk Management and SAI Global.

BCDR planning services

Another option is to outsource the organization's BCDR needs to a third-party firm that can provide risk analysis, plan development and maintenance, and training. It's incumbent upon the business to analyze its needs before selecting a BCDR firm, nailing down such information as what it wants to outsource, what services it expects of the vendor, the risks of an outsourcing agreement and how much it plans to spend.

Potential sources of planning support include accounting firms, which can perform BIAs as part of the business continuity planning process. Accounting firms should typically be able to help clients determine the cost of workload outages, but buyers should ideally select a firm with experience in business continuity or IT resource planning, according to technology writer and former CIO Brien Posey. Consulting firms can also help with BCDR planning, Posey added.

Managed service providers (MSPs) often serve as virtual CIOs for their SMB customers. In that role, MSPs can help with planning. Because their business is to manage a customer's IT assets, they are able to develop a plan for dealing with technology outages. 

BCDR MSP considerations

Supporting technologies and strategies

The technology options for executing the DR portion of a BCDR plan have expanded in recent years due to the advent of cloud computing. Traditionally, organizations built or hired out an off-site facility to handle their disaster recovery needs. Such disaster recovery sites require a duplication of in-house production systems, so they could prove out of the financial reach of many SMBs. However, cloud-based offerings such as disaster recovery as a service have made DR more accessible for smaller organizations.

Other resilience offerings include emergency notification systems, cybersecurity systems and incident response systems, which might be included in business continuity management products. Organizations might also tap work area recovery vendors that provide alternative work locations for employees.

BCDR management

The team that builds, manages and -- in the event of a disaster -- executes a BCDR plan should be cross-functional, drawing upon multiple stakeholders and pockets of expertise across the organization.

The team's leadership varies somewhat by organization. In a large enterprise, for example, the risk management officer often chairs the BCDR team with a representative from the IT department as a vice chair, InterVision's Ton said. Smaller organizations lacking a risk management department might appoint the CFO to lead the team, he noted. And, in some cases, the IT department head might direct the BCDR team.

Other members of the team typically include representatives from the organization's key business functions: finance and accounting, facilities, legal -- including in-house and outside counsel -- marketing and public relations, for example.

The task of pulling multiple stakeholders together to develop a BCDR plan -- and conducting the necessary impact and risk analyses -- can prove challenging. Project management thus becomes an important consideration. Organizations should think about appointing a project manager to shepherd the process of building a BCDR plan, Ton noted.

The BCDR team should also take on the task of ongoing business continuity management, making sure plans are up to date. Business initiatives and data center technologies change frequently, so BCDR plans will need regular maintenance to stay on point. As a first step, an organization should assess if the current plan can be updated or whether an entirely new plan is in order, according to George Crump, president of Storage Switzerland, an IT analyst firm. Organizations should conduct BCDR testing to determine the extent to which a plan needs to be overhauled.

In addition to testing, a BCDR team might also want to consider a business continuity plan audit , which assesses the effectiveness of a plan. The audit should detail the risks that could threaten the plan's success and test the controls currently in place to determine whether those risks are acceptable to the organization. An IT General Controls audit can also be used to assess risks to the infrastructure and identify areas for improvement, according to BCDR consultant Kirvan.

BC plan audit

The various roles and responsibilities of BCDR team members, from planning to testing, can be detailed in an organization's business continuity policy . Such a policy might also encompass external personnel, such as vendors and customers.

Another aspect of BCDR team building is getting individuals up to speed on BCDR best practices. To that end, BCDR team members can avail themselves of business continuity training and certification programs.

The Business Continuity Institute, a global professional organization, offers its Certificate of the Business Continuity Institute, which covers business continuity management process and practices. The institute also offers a Business Continuity Management BCI Diploma for individuals looking for additional insight into business continuity management.

The BCM Institute, meanwhile, offers its Business Continuity Certified Planner (BCCP) accreditation. The BCCP certification aims to recognize a business continuity professional's understanding of core business continuity management concepts.

Other organizations granting professional business continuity certifications include DRI International, the National Institute for Business Continuity Management and the International Consortium for Organizational Resilience. Such certification bodies usually work with an internal or external training group that prepares students to sit for exams, Kirvan noted.

Conferences also provide an opportunity to educate BCDR team members. Ton cited DRI and Disaster Recovery Journal events as helpful for people looking to learn more about business continuity.

BCDR pitfalls: Mind the gap

Change is perhaps a BCDR plan's key nemesis. As the pace of technology change accelerates, organizations are left updating IT equipment -- from storage and servers to networks and their associated devices. Some IT assets are moving to the cloud. A 5-year-old BCDR plan is unlikely to reflect -- and prove adequate to protect -- the current IT estate.

An organization's change management process can help address this issue. Change management oversees adjustments to systems, networks, infrastructure and documents. It addresses similar situations as BCDR planning and testing, so an organization might decide to include business continuity and disaster recovery in the change management process.

The change management process contains six major activities, according to Kirvan:

An organization, of course, is also subject to change. Organizations make acquisitions, divest non-core operations and create new lines of business, for example. An effective BCDR plan must be periodically updated to account for those developments. Regularly scheduled BCDR testing can expose gaps in the plan where it has failed to account for technology or business changes.

Perceptual gaps can also undercut BCDR plans. ESG's Bertrand said many organizations adopting SaaS offerings have a false sense of security regarding data protection. A third of the respondents to an ESG survey said SaaS apps, such as Microsoft 365 and Salesforce, don't need to be backed up. Bertrand said that's simply not the case. He cited the example of recovering email an organization's users have sent to the trash bin. He said Office 365, depending on the customer's subscription level, retains deleted email for a limited time.

"SaaS application resilience is being conflated with SaaS data availability," Bertrand said. "SaaS-based applications are not being properly protected today."

Organizations using such cloud-based applications should become acquainted with their vendors' data protection and recovery SLAs and make sure BCDR plans cover SaaS applications and their availability requirements. Bertrand said the percentage of people who are aware of SaaS vendors' SLAs is improving, but not everyone is up to speed. He said 58% of ESG survey respondents said they were familiar with SaaS vendors' data protection and recovery provisions.

An organization can use a BCDR checklist -- or a series of checklists -- covering plans, policies and recovery strategies to root out potential problems and flag BCDR weak points. BCDR teams should also stay abreast of the changing threat landscape to make sure their plans reflect emerging threats. Business continuity risks that organizations should monitor range from evolving cybersecurity attacks to active shooter incidents.

The future of BCDR    

BCDR planning and execution will continue to evolve with the changing nature of threats. Below are a few developments to consider.

The confluence of cybersecurity and business continuity. The role of cyber attacks, such as ransomware, in disrupting business operations appears set to continue -- if not accelerate. Cybersecurity and business continuity are typically separate and distinct functions in an organization. Kirvan, speaking on the future of business continuity, said he believes those disciplines "ought to be under the same roof."

Going back to the future with tape storage. Backup files might be encrypted in a ransomware attack. Organizations, however, can isolate the files they need for recovery from the corporate network, creating an air gap. That's where time-testing tape storage comes into play. Bertrand said tape storage is reemerging as a way for organizations to preserve a "gold copy" of their data, offline and off site. "It's coming back," he said of the backup method.

AI's influence on BCDR planning. AI and its cognitive functions might help BCDR teams make decisions on organizing their plans and might also play a role in conducting BIAs and risk assessments, according to Kirvan. AI could also support incident response, recommending actions based on the details of unfolding disaster scenarios.

Service providers play a bigger BCDR role. A large percentage of MSPs are involved in backup and disaster recovery. The MSP sector is likely to emerge as a one-stop shop for business continuity services, particularly for SMBs lacking internal expertise. MSPs, in their trusted advisor role, can advise clients on BCDR planning and make technology recommendations. Some provide their own disaster recovery as a service, while others partner with vendors that provide that tool.

Continue Reading About What is BCDR? Business continuity and disaster recovery guide

Dig Deeper on Disaster recovery planning and management

business continuity management and disaster recovery planning

Where do business continuity plans fit in a ransomware attack?


Why a HIPAA disaster recovery plan is critical


Where does security fit into a business continuity plan?


Free disaster recovery budget template to justify BCDR spending

Asigra's forthcoming SaaSBackup platform lets Asigra data protection technology protect SaaS backups. MSPs will be able to sell ...

A new SaaS backup specialist emerges from stealth to protect data in apps such as Trello, GitHub and GitLab, which CEO Rob ...

A growing number of enterprise Kubernetes users presents an opportunity for CloudCasa, currently a division of Catalogic, with ...

Pure Storage expanded its storage offerings with FlashBlade//E designed for the unstructured data market with an acquisition cost...

Data governance manages the availability, usability, integrity and security of data. Follow these best practices for governance ...

Vast Data Universal Storage brought out data services, including set performance, metadata cataloging, better security, container...

An incident response program ensures security events are addressed quickly and effectively as soon as they occur. These best ...

The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware ...

While ransomware incidents appear to be decreasing, several high-profile organizations, including Dole, Dish Network and the U.S....

Policymakers want federal data privacy legislation limiting businesses' ability to collect data on individuals and banning ...

Public, private, hybrid or consortium, each blockchain network has distinct pluses and minuses that largely drive its ideal uses ...

Get the lowdown on the major features, differentiators, strengths and weaknesses of the blockchain platforms getting the most ...

Business Continuity vs. Disaster Recovery: 5 Key Differences

People discussing disaster recovery

Fill out the form below and we’ll email you more information about UCF’s online Leadership and Management programs.

Privacy Notice

Many professionals operate under the assumption that their workplace will remain largely unchanged from one day to the next, finding comfort in rhythms and routines. Sometimes, however, events disrupt business as usual. A critical aspect of leadership is preparing for those interruptions, creating strategies and plans that can keep core business functions intact even under duress.

Two specific fields address potential business interruptions: business continuity and disaster recovery. These disciplines minimize the impact that a catastrophic event might have on a business’s ability to reliably deliver its products and services.

While both fields are important, and even similar in some aspects, they are not synonymous. There are important differences in business continuity vs. disaster recovery, and those in leadership or emergency preparedness roles can benefit from understanding the core distinctions.

One way to develop a clear understanding of business continuity vs. disaster recovery is through studying emergency management. An online program in this field can offer professionals the skills needed to successfully lead companies through different kinds of crises.

Why Business Continuity and Disaster Recovery Matter

Business continuity outlines exactly how a business will proceed during and following a disaster. It may provide contingency plans, outlining how the business will continue to operate even if it has to move to an alternate location. Business continuity planning may also take into account smaller interruptions or minor disasters, such as extended power outages.

Disaster recovery refers to the plans a business puts into place for responding to a catastrophic event, such as a natural disaster, fire, act of terror, active shooter or cybercrime. Disaster recovery involves the measures a business takes to respond to an event and return to safe, normal operation as quickly as possible.

The Importance of Advanced Planning

When businesses face disasters and don’t have the proper plans in place, the effects can be catastrophic. The most obvious effect is financial loss; the longer a business goes without delivering its products and services, the greater its financial losses. Eventually, these losses may force a business to make tough decisions, such as cutting employees. But there can also be technological consequences, including the loss of important or sensitive data.

Having business continuity and disaster recovery plans in place can help companies minimize the consequences of a catastrophic event. They can also provide peace of mind; employees and business owners alike may feel more comfortable in a work setting where there are clear policies for how to respond to disasters.

In many companies, crisis management professionals are responsible for developing and implementing these plans, evaluating and revising them as needed, and training employees to ensure they know how to follow the specified strategies.

Similarities Between Business Continuity and Disaster Recovery

Business continuity planning and disaster recovery planning often seem interdependent. While the two concepts are not the same, they overlap in some areas and work best when developed in tandem.

Differences Between Business Continuity and Disaster Recovery

A closer look at business continuity vs. disaster recovery reveals some key distinctions. Ultimately, these differences highlight the fact that businesses need to have plans of both kinds in place to be sufficiently prepared for disaster.

Leadership in Times of Crisis

Crisis management is an important skill for all business leaders. In fact, crisis management draws upon many of the other skills necessary for business success. Analytical and problem-solving skills as well as flexibility in decision making are essential for assessing potential threats and determining how to proactively address them. Communication skills, both verbal and written, are necessary for articulating a plan and training employees on how they should act in response to a crisis.

“Leadership in managing crises can minimize the damage imposed by an incident while lack of effective leadership worsens the impact,” says Naim Kapucu, Pegasus Professor and director of the School of Public Administration at the University of Central Florida (UCF) . “Organizations should have leaders with crisis management competencies to effectively manage disasters and crises based on the contingencies and environmental and organizational factors.”

Crisis management skills matter because any company can experience a catastrophe that limits its ability to function as normal, and often it will have little time to pivot and adapt. “Crises are not a good time to reorganize adequately operating organizational systems, much less try to implement wholesale organizational changes or reforms,” says Kapucu. Having a plan in place, ready to be executed, can make all the difference. The COVID-19 pandemic has brought into stark relief the uncertainty that businesses face and the extreme disruptions that can take place.

Programs such as the University of Central Florida’s online Master of Emergency and Crisis Management can help leaders fortify the knowledge, competencies, and skills they need to help their enterprises weather these times of crisis.

Crisis Management Careers

Crisis management is a key part of several careers. Each of the following positions offers a different level of leadership through tumultuous times.

Emergency Management Director

Emergency management directors develop and execute the plans that businesses follow to respond to natural disasters and other emergencies. Strong analytical, problem-solving, delegation and communication skills are essential. According to the U.S. Bureau of Labor Statistics, the annual median salary for emergency management directors in 2019 was $74,590.

Disaster Program Manager

Disaster program managers may coordinate shelters, manage triage centers or organize other services in the wake of a disaster. These professionals must be skilled in remaining calm under extreme pressure; empathy and understanding are also important. The annual median salary for this role was around $48,000, according to May 2020 PayScale data.

Geographic Systems Information Coordinator

Geographic systems information coordinators use a wide range of data sources, such as land surveys, to help anticipate and prepare for different disasters. Technical skills and data analysis competencies are vital for success in this role. PayScale reports that the annual median salary for these coordinators was around $58,000 as of May 2020.

Emergency Preparedness Manager

Emergency preparedness managers are typically responsible for making sure employees and customers are safe. They may report directly to the emergency preparedness director, whose role is more comprehensive. The annual median salary of emergency preparedness managers was around $69,000 as of May 2020, according to PayScale.

Developing a Career in Emergency Management

Business continuity and disaster recovery plans help businesses prepare for worst-case scenarios; they provide peace of mind, a sense of stability and key safeguards against major loss and disruption. The University of Central Florida’s online Master of Emergency and Crisis Management (MECM) degree program helps professionals prepare for this important work.

The MECM curriculum exposes students to key emergency management skills, including developing, testing and communicating plans. It emphasizes the financial, ethical, political and practical dimensions of disaster response. Find out more about the MECM degree program today and embark on a new career on the front lines of crisis management.

Online Leadership and Management Degrees at UCF

You May Also Enjoy

business continuity management and disaster recovery planning

BCDR: How Business Continuity and Disaster Recovery Can Improve Business Resilience

In today’s ever-evolving business landscape where there’s zero tolerance for downtime, a simple human error, a cyberattack or natural disaster could bring your business to a standstill. Having a comprehensive business continuity and disaster recovery (BCDR) response plan is key to business resilience and for the survival of your organization.

What Is BCDR?

Techopedia defines BCDR as a set of processes and techniques used to help an organization recover from a disaster and continue or resume routine business operations. It is a broad term that combines the roles and functions of IT and business in the aftermath of a disaster.

BCDR enables organizations to adapt to and bounce back from disruptions while maintaining continuous business operations.

What Is the Difference Between Business Continuity and Disaster Recovery?

The term “business continuity and disaster recovery” is a fusion of two components — business continuity and disaster recovery. BC and DR plans are designed to bring things back to normal in the event of a disaster or a catastrophe. Although they complement each other, they are not the same and their functions are different. While a business continuity plan is a company-wide strategic planning, disaster recovery is mainly IT-focused.

Business continuity: According to the Disaster Recovery Journal (DRJ) and Business Continuity Institute (BCI) , business continuity is “the strategic and tactical capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level.”

A business continuity plan focuses on how an organization maintains critical business operations during and after a disaster. This plan includes every aspect of an organization: its employees, communication channel, office building, IT infrastructure, business partners, etc. It comprises specific actions and pre-determined responsibilities that must be taken when disaster strikes.

Disaster recovery: DR is part of a business continuity plan. The DRJ and BCI define disaster recovery as “the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure, systems and applications, which are vital to an organization after a disaster or outage.”

A disaster recovery plan concerns with restoration of important IT applications and data after a catastrophe. DR focuses on minimizing downtime as well as the impact of a disaster by ensuring vital support systems are up and running as quickly as possible with minimal loss of data.

How Are Business Continuity and Disaster Recovery Connected?

Business continuity and disaster recovery are essential aspects of an organization’s overall risk management strategy. Having a business continuity strategy without a disaster recovery plan would be ineffective, and disaster recovery alone does not ensure business continuity. Both BC and DR plans need to work together to mitigate the business impact of a potential disaster.

A good business continuity plan ensures that business-critical functions are unhindered when disaster strikes and requires a disaster recovery plan that ensures all IT systems, software and applications are accessible and recoverable. Both business continuity and disaster recovery are equally important since they provide specific procedures and strategies on how a business will resume after a crisis.

What Is a BCDR Plan?

A business continuity and disaster recovery plan is a combination of strategies, policies and procedures about how an organization should respond to or adapt to potential threats or unforeseen disruptive events while minimizing the negative impacts. A BCDR plan should account for a variety of scenarios — from accidental deletions and hardware failure to malware attacks and natural disasters. It helps ensure that routine tasks continue smoothly with minimal or no downtime, or data loss following a disaster.

A BCDR plan encompasses what steps should be taken to ensure vital business processes are uninterrupted and how to quickly restore IT systems and data to resume business after a disruptive event.

Goals of BCDR Planning

The fundamental goal of BCDR planning is not only to provide data recovery but also to minimize the effects of a crisis on business operations and enable an organization to get back to normal quickly in the aftermath of a disaster.

Listed below are five goals that you can use to fortify your BCDR plans.

Why Is It Important for an Organization to Have a BCDR Plan?

A business continuity and disaster recovery plan helps organizations prepare for potentially disruptive events. It enhances an organization’s ability to continue business operations with little or no disruption and minimizes the risk in the event of a natural or man-made disaster.

Organizations without a BCDR plan cannot survive or recover from a major disaster. In fact, the effects of large-scale disasters can shut down operations. More than 90 percent of companies without a DR plan that suffer a major disaster are out of business within 12 months. A BCDR plan is like an insurance policy for an organization. BCDR programs help an organization to reduce overall risk, get back up and running after an outage or disruption, mitigate the risk of data loss and protect against reputational damage.

Improve Your Business Resilience with Unitrends

For companies, being able to effectively tackle any disaster can have a positive impact on customers and partners. However, developing a comprehensive BCDR strategy can be a challenge due to its complex nature or lack of in-house expertise. Unitrends can help your organization achieve resiliency and prepare for unforeseen disruptive events.

Unitrends increases uptime, productivity and confidence, enabling you to do more with less. Our all-in-one backup appliances simplify data protection, application spin-up and SLA policy, and integrate seamlessly with the cloud, thereby delivering long-term retention and fast disaster recovery.

To learn how you can minimize downtime and maximize productivity, register for a demo today.

About Unitrends

Unitrends increases uptime, productivity and confidence in a world in which IT professionals must do more with less. Unitrends leverages high-availability hardware and software engineering, cloud economics, enterprise power with consumer-grade design, and customer-obsessed support to natively provide all-in-one enterprise backup and continuity. The result is a “one throat to choke” set of offerings that allow customers to focus on their business rather than backup.

Related Posts

Backup strategy: what it is and how to create one.

Posted by Adam Marget on 09/27/22

In today’s threat-laden environment, having a solid data backup strategy is an absolute...

Achieving a Geo-Redundant Backup Strategy With Unitrends

Posted by Adam Marget on 10/11/22

The evolution of cyberattacks poses new and unique challenges for organizations of all...

Unitrends Awarded 8 Badges for Server Backup and DRaaS in G2’s Fall 2022 Reports

Posted by Adam Marget on 10/14/22

G2, a world-leading business solutions review platform, has awarded Unitrends Backup and Recovery...

business continuity management and disaster recovery planning

Home  >  Learning Center  >  EdgeSec  >  Business continuity planning (BCP)  

Article's content

Business continuity planning (bcp), what is business continuity.

In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures.

The core of this concept is the business continuity plan — a defined strategy that includes every facet of your organization and details procedures for maintaining business availability.

Start with a business continuity plan

Business continuity management starts with planning how to maintain your critical functions (e.g., IT, sales and support) during and after a disruption.

A business continuity plan (BCP) should comprise the following element

1. Threat Analysis

The identification of potential disruptions, along with potential damage they can cause to affected resources. Examples include:

2. Role assignment

Every organization needs a well-defined chain of command and substitute plan to deal with absence of staff in a crisis scenario. Employees must be cross-trained on their responsibilities so as to be able to fill in for one another.

Internal departments (e.g., marketing, IT, human resources) should be broken down into teams based on their skills and responsibilities. Team leaders can then assign roles and duties to individuals according to your organization’s threat analysis.

3. Communications

A communications strategy details how information is disseminated immediately following and during a disruptive event, as well as after it has been resolved.

Your strategy should include:

From electrical power to communications and data, every critical business component must have an adequate backup plan that includes:

Load balancing business continuity

Load balancing  maintains business continuity by distributing incoming requests across multiple backend servers in your data center. This provides redundancy in the event of a server failure, ensuring continuous application uptime.

In contrast to the reactive measures used in failover and  disaster recovery  (described below) load balancing is a preventative measure.  Health monitoring  tracks server availability, ensuring accurate load distribution at all times—including during disruptive events.

Disaster recovery plan (DCP) – Your second line of defense

Even the most carefully thought out business continuity plan is never completely foolproof. Despite your best efforts, some disasters simply cannot be mitigated. A disaster recovery plan (DCP) is a second line of defense that enables you to bounce back from the worst disruptions with minimal damage.

As the name implies, a disaster recovery plan deals with the restoration of operations after a major disruption. It’s defined by two factors: RTO and  RPO .

disaster recovery plan

Deciding on specific RTOs and RPOs helps clearly show the technical solutions needed to achieve your recovery goals. In most cases the decision is going to boil down to choosing the right failover solution.

See how Imperva Load Balancer can help you with business continuity planning.

Choosing the right failover solutions

Failover  is the switching between primary and backup systems in the event of failure, outage or downtime. It’s the key component of your disaster recovery and business continuity plans.

A failover system should address both RTO and RPO goals by keeping backup infrastructure and data at the ready. Ideally, your failover solution should seamlessly kick in to insulate end users from any service degradation.

When choosing a solution, the two most important aspects to consider are its technological prowess and its service level agreement (SLA). The latter is often a reflection of the former.

For an IT organization charged with the business continuity of a website or web application, there are three failover options:

Latest Articles








The State of Security Within eCommerce in 2022

Learn how automated threats and API attacks on retailers are increasing

Prevoty is now part of the Imperva Runtime Protection

Protection against zero-day attacks

No tuning, highly-accurate out-of-the-box

Effective against OWASP top 10 vulnerabilities

An Imperva security specialist will contact you shortly.

Top 3 US Retailer

business continuity management and disaster recovery planning

Cloudian Products  

The object storage buyer’s guide.

Technical/financial benefits; how to evaluate for your environment.

HyperIQ Observability & Analytics

Watch 2-min Intro

Evaluator Group Webinar

Skills Shortage? Ease the Storage Management Burden. Watch On-Demand

Scaling Object Storage with Adaptive Data Management

Get White Paper


Industries  , 2021 enterprise ransomware victims report.

Don’t Be a Victim

Scalable S3-Compatible Storage, On-Prem with AWS Outposts

Trending topic: on-prem s3 for data analytics.

Watch Webinar

Ransomware 2021: A Conversation with Veeam CISO Gil Vega

Hear His Thoughts

How a Private Cloud Addresses the Kubernetes Storage Challenge

Free White Paper

Data Security & Compliance: 3 ?s Every CIO Should Ask

Ask the Right ??s

5 Things Every MSP Should Know About Sovereign Cloud

Get Free eBook

TCO Report: NAS File Tiering

Learn how object storage can dramatically reduce Tier 1 storage costs

Get TCO Analysis

Satellite Application Catapult Deploys Cloudian for Scalable Storage

Replaces conventional NAS, saves 75%

Read Their Story

On-Demand Webinar

Veeam & Cloudian: Office 365 Backup – It’s Essential

Blog: How to Grow Your Storage and Not Your CAPEX Spend

Pay as you grow, starting at 1.3 cents/GB/month

Read the Blog

Why the FBI Can’t Stop Cybercrime and How You Can

Register Now

8 Reasons to Choose Cloudian for State & Local Government Data

Get 8 Reasons

Cloudian HyperStore SEC17a-4 Cohasset Assessment Report

Read the Assessment

Hybrid Cloud for Manufacturers

Tape: does it measure up, customer testimonial: university of leicester.

Hear from Mark

Public Health England: Resilient IT Infrastructure for an Uncertain Time

Watch On-Demand

How to Accelerate Genomics Data Analysis Pipelines by 10X

Hear from Weka

How MSPs Can Build Profitable Revenue Streams with Storage Services

Get IDC’s Take

Technology Partners  

Get scalable storage on-prem for aws outposts.

Hear from AWS

Lock Ransomware Out with Commvault & Cloudian

Cribl stream with cloudian hyperstore s3 data lake, why object storage is best for advanced analytics apps in greenplum.

Explore Solution

Customer Video: NTT Communications

Hear from NTT

How to Store Kasten Backups to Cloudian delivers world-class backup-as-a-service with lenovo & cloudian.

Why They Chose Us

Modernize SQL Server with S3 Data Lake

Find Out How

How to Run Cloudian on OpenShift as a Container

Immutable object storage for european smbs from rnt rausch and cloudian, backup/archive to cloudian with rubrik nas cloud direct, on-premises object storage for snowflake analytics workloads.

Get the Details

Splunk, ClearShark, and Cloudian discuss Federal Industry Storage Trends

Teradata & cloudian: modern data analytics for hybrid and multi-cloud, 1-step to data protection: all you need to know about veeam v12 + cloudian.

Step up to Cloudian

Modernize Your Enterprise Archive Storage with Cloudian and Veritas

Read About It

Unified Analytics Data Lake Platform with Vertica and Cloudian HyperStore

Vmware cloud providers: get started in cloud storage, free..

Get Started

Weka + Cloudian: High-Performance, Exabyte-Scalable Storage for AI/ML

Customers  , cloudian enables leading swiss financial institution to retain and analyze more big data.

Read Case Study

Indonesian Financial Services Company Replaces NAS With Cloudian

State of california selects storage-as-a-service offering powered by cloudian, cloudian provides utah state agencies with rubrik-compatible backup target, cuts costs by 75 percent, australian genomic sequencing leader accelerates research with cloudian, swiss education non-profit achieves scale and flexibility of public cloud on-prem with cloudian, indonesia ministry of education deploys cloudian object storage to keep up with data growth, leading german paper company meets growing data backup needs with cloudian, vox media automates archive process to accelerate workflow by 10x, wgbh boston builds a hybrid cloud active archive with cloudian hyperstore, large german retailer consolidates primary and secondary storage to cloudian, how a sovereign cloud provider succeeds in cloud storage services.

View On-Demand

IT Service Provider Drives Business Growth with Cloudian-based Offering

Calcasieu parish sheriff deploys hybrid cloud for digital evidence data, montebello bus lines mobile video surveillance with cloudian object storage, resources  , storage guides  , ransomware protection buyer’s guide.

Get Free Guide


Cloudian named a gartner peer insights customers’ choice for distributed file systems and object storage.

Read Reviews

Disaster Recovery and Business Continuity Plans

Disaster recovery and business continuity are tightly related. In the 1970s, organizations started preparing Disaster Recovery (DR) plans, which were mainly focused on natural disasters. In the 1980s and onwards, the focus shifted to a more holistic view, named Business Continuity (BC).

While disaster recovery narrowly focused on how to bring systems back online after a disaster, business continuity aimed to develop a proactive process that would keep businesses alive and operating even in the face of a major crisis. Accordingly, a   disaster recovery plan is limited to ensuring data protection, preventing damage to systems and recovering them as quickly as possible, while a business continuity plan covers all aspects of the business including business processes, manpower, partners and suppliers.

In this article you learn: • What is a business continuity plan? • 7 chapters of a sample business continuity plan • The difference between a DR and BC plan • A BC plan in action: hour by hour • Ensuring business continuity for your data with Cloudian

What is a Business Continuity Plan?

A business continuity plan details how a business will continue operating and serving its customers, even in the face of a dramatic event like a natural disaster, major IT failure, or a cyberattack. The end goal is to preserve a company’s financial viability, market position, reputation, and customers, even in the face of a crisis.

Business continuity planning covers every aspect of the business including:

A business continuity plan must consider important questions and provide good answers. What single points of failure exist in the organization? What are the critical dependencies on equipment, in-house staff, suppliers or other third parties? What workarounds exist for disruption of any of these? Which organizational processes, staff, skills and technology are needed to maintain business operations and fully recover from a disaster?

7 Chapters of a Business Continuity Plan

A typical business continuity plan contains the following sections:

Business Continuity vs. Disaster Recovery Plan

The terms business continuity plan and disaster recovery plan are sometimes used interchangeably. However, as we illustrated in our plan structure above, a disaster recovery plan is an important section within a business continuity plan. See our article about IT disaster recovery plans.

The table below illustrates how a business continuity plan differs from an IT disaster recovery plan—it touches on the same aspects but from a holistic business perspective.

Business Continuity Plan in Action: Hour by Hour

Once you have a business continuity plan, here is what a crisis could look like, hour by hour, as the plan unfolds. The activities below are just examples, and of course, will vary depending on the crisis and the nature of the business.

Ensuring Business Continuity for Your Data with Cloudian

Cloudian offers low-cost disk-based storage that lets you store up to 1.5 Petabytes of backups. The Cloudian appliance can be deployed in your local data center, or in a remote DR site. We provide integrated data management tools that let you store data seamlessly to a remote appliance.

cloudian backup target

Cloudian also supports a hybrid cloud setup. The Cloudian appliance can replicate your data to a cloud storage service such as Amazon S3, Azure Blob Storage or Google Cloud Storage. This allows you to backup data frequently and enjoy fast local access while keeping a copy of data on the cloud in case the on-premise data center goes down.

cloudian backup and dr

Learn more about Cloudian’s data protection solutions.

Get Started With Cloudian Today

business continuity management and disaster recovery planning

Request a Demo

Join a 30 minute demo with a Cloudian expert.

business continuity management and disaster recovery planning

Download a Free Trial

Try Cloudian in your shop. Run on any VM, even your laptop.

business continuity management and disaster recovery planning

Receive a Cloudian quote and see how much you can save.

business continuity management and disaster recovery planning

U.S. flag

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

business continuity management and disaster recovery planning

Business Continuity Plan

world globe

Business Continuity Planning Process Diagram - Text Version

When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential. Development of a business continuity plan includes four steps:

Information technology (IT) includes many components such as networks, servers, desktop and laptop computers and wireless devices. The ability to run both office productivity and enterprise software is critical. Therefore, recovery strategies for information technology should be developed so technology can be restored in time to meet the needs of the business. Manual workarounds should be part of the IT plan so business can continue while computer systems are being restored.

Resources for Business Continuity Planning 

Business Continuity Impact Analysis

Business continuity impact analysis identifies the effects resulting from disruption of business functions and processes. It also uses information to make decisions about recovery priorities and strategies.

The Operational & Financial Impacts worksheet  can be used to capture this information as discussed in Business Impact Analysis . The worksheet should be completed by business function and process managers with sufficient knowledge of the business. Once all worksheets are completed, the worksheets can be tabulated to summarize:

Those functions or processes with the highest potential operational and financial impacts become priorities for restoration. The point in time when a function or process must be recovered, before unacceptable consequences could occur, is often referred to as the “Recovery Time Objective.”

Resource Required to Support Recovery Strategies

Recovery of a critical or time-sensitive process requires resources. The Business Continuity Resource Requirements worksheet should be completed by business function and process managers. Completed worksheets are used to determine the resource requirements for recovery strategies.

Following an incident that disrupts business operations, resources will be needed to carry out recovery strategies and to restore normal business operations. Resources can come from within the business or be provided by third parties. Resources include:

Since all resources cannot be replaced immediately following a loss, managers should estimate the resources that will be needed in the hours, days and weeks following an incident.

Conducting the Business Continuity Impact Analysis

The worksheets Operational and Financial Impacts  and Business Continuity Resource Requirements should be distributed to business process managers along with instructions about the process and how the information will be used. After all managers have completed their worksheets, information should be reviewed. Gaps or inconsistencies should be identified. Meetings with individual managers should be held to clarify information and obtain missing information.

After all worksheets have been completed and validated, the priorities for restoration of business processes should be identified. Primary and dependent resource requirements should also be identified. This information will be used to develop recovery strategies.

Recovery Strategies

If a facility is damaged, production machinery breaks down, a supplier fails to deliver or information technology is disrupted, business is impacted and the financial losses can begin to grow. Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are prioritized by the recovery time objectives (RTO) developed during the business impact analysis .

Recovery strategies require resources including people, facilities, equipment, materials and information technology. An analysis of the resources required to execute recovery strategies should be conducted to identify gaps. For example, if a machine fails but other machines are readily available to make up lost production, then there is no resource gap. However, if all machines are lost due to a flood, and insufficient undamaged inventory is available to meet customer demand until production is restored, production might be made up by machines at another facility—whether owned or contracted.

Strategies may involve contracting with third parties, entering into partnership or reciprocal agreements or displacing other activities within the company. Staff with in-depth knowledge of business functions and processes are in the best position to determine what will work. Possible alternatives should be explored and presented to management for approval and to decide how much to spend.

Depending upon the size of the company and resources available, there may be many recovery strategies that can be explored.

Utilization of other owned or controlled facilities performing similar work is one option. Operations may be relocated to an alternate site - assuming both are not impacted by the same incident. This strategy also assumes that the surviving site has the resources and capacity to assume the work of the impacted site. Prioritization of production or service levels, providing additional staff and resources and other action would be needed if capacity at the second site is inadequate.

Telecommuting is a strategy employed when staff can work from home through remote connectivity. It can be used in combination with other strategies to reduce alternate site requirements. This strategy requires ensuring telecommuters have a suitable home work environment and are equipped with or have access to a computer with required applications and data, peripherals, and a secure broadband connection.

In an emergency, space at another facility can be put to use. Cafeterias, conference rooms and training rooms can be converted to office space or to other uses when needed. Equipping converted space with furnishings, equipment, power, connectivity and other resources would be required to meet the needs of workers.

Partnership or reciprocal agreements can be arranged with other businesses or organizations that can support each other in the event of a disaster. Assuming space is available, issues such as the capacity and connectivity of telecommunications and information technology, protection of privacy and intellectual property, the impacts to each other’s operation and allocating expenses must be addressed. Agreements should be negotiated in writing and documented in the business continuity plan. Periodic review of the agreement is needed to determine if there is a change in the ability of each party to support the other.

There are many vendors that support business continuity and information technology recovery strategies. External suppliers can provide a full business environment including office space and live data centers ready to be occupied. Other options include provision of technology equipped office trailers, replacement machinery and other equipment. The availability and cost of these options can be affected when a regional disaster results in competition for these resources.

There are multiple strategies for recovery of manufacturing operations. Many of these strategies include use of existing owned or leased facilities. Manufacturing strategies include:

There are many factors to consider in manufacturing recovery strategies:

Resources for Developing Recovery Strategies

Manual Workarounds

Telephones are ringing and customer service staff is busy talking with customers and keying orders into the computer system. The electronic order entry system checks available inventory, processes payments and routes orders to the distribution center for fulfillment. Suddenly the order entry system goes down. What should the customer service staff do now? If the staff is equipped with paper order forms, order processing can continue until the electronic system comes back up and no phone orders will be lost.

The order forms and procedures for using them are examples of “manual workarounds.” These workarounds are recovery strategies for use when information technology resources are not available.

Developing Manual Workarounds

Identify the steps in the automated process - creating a diagram of the process can help. Consider the following aspects of information and work flow:

Internal Interfaces (department, person, activity and resource requirements)

Create data collection forms to capture information and define processes for manual handling of the information collected. Establish control logs to document transactions and track their progress through the manual system.

Manual workarounds require manual labor, so you may need to reassign staff or bring in temporary assistance.

Last Updated: 05/26/2021

Return to top

The Key Differences Between a Disaster Recovery Plan vs. a Business Continuity Plan

business continuity management and disaster recovery planning

As a managed services provider (MSP), you may have been asked for your recommendation on whether to implement a disaster recovery plan or a business continuity plan. At face value, these two terms have a lot in common—they both share the long-term goal of keeping your business up and running. There are, however, key differences between the purposes of a business disaster recovery plan versus a business continuity plan, which is why it’s so important for businesses to prepare both. Your customers should know that these two plans are not interchangeable, because they each perform a specific role.

Manage large networks or scale IT operations with RMM made for growing service providers.

To help you answer this question for your customers, this guide will outline the key differences between a disaster recovery plan, sometimes called a data recovery plan, and a  business continuity plan . It will also explain the importance of each and how to go about creating them.

What is a business continuity plan?

A business continuity plan is a broad plan designed to keep a business running, even in the event of a disaster. This plan focuses on the business as a whole, but drills down to specific scenarios that might create operational risks. With business continuity planning, the aim is to keep critical operations functioning, so that your business can continue to conduct regular business activities even under unusual circumstances.

When followed correctly, a business continuity plan should be able to continue to provide services to customers, with minimal disruption, either during or immediately after a disaster. A comprehensive plan should also address the needs of business partners and vendors.

The continuity plan itself should live as a written document that outlines the business’ critical functions. This is likely to include a list of critical supplies, crucial business functions, copies of important records, and employee contact information. The information included in the plan should allow the business to be up and running as soon as possible after a disruptive event has occurred.

What is a disaster recovery plan?

A disaster or data recovery plan is a more focused, specific part of the wider business continuity plan. The scope of a disaster recovery plan is sometimes narrowed to focus on the data and information systems of a business. In the simplest of terms, a disaster recovery plan is designed to save data with the sole purpose of being able to recover it quickly in the event of a disaster. With this aim in mind, disaster recovery plans are usually developed to address the specific requirements of the IT department to get back up and running—which ultimately affects the business as a whole.

Depending on the type of disaster that occurs, the plan could involve everything from recovering a small data set to an entire datacenter. Most businesses are heavily reliant on information technology, which is why the disaster recovery plan is such an important part of successful business continuity planning.

In some cases, disaster recovery planning may also refer to protocols that exist outside the IT department. For example, disaster recovery plans could include steps for recovery personnel to seek a backup business location so that critical operations can be resumed. This might be useful in the event of an environmental disaster, such as flooding, which might render the existing business premises unusable. The plan might also include guidance on how to restore communication between emergency staff if the usual communication lines are unavailable. If your IT department is creating an IT-focused plan, you should include all non-IT recovery protocols in the wider business continuity plan.

A disaster recovery plan vs. business continuity plan

To summarize, disaster recovery refers to the way data, servers, files, software applications, and operating systems are restored following a damaging event. In contrast, business continuity refers to the way a business maintains operations during a time of technological malfunction or outage. In other words, a disaster or data recovery plan dictates how a business should respond to a disaster, while a business continuity plan dictates how a business can continue to operate throughout a disaster.

What specific ways can disaster recovery plans be tested?

To help ensure that any disaster recovery plan can hold its own in the event of a real disaster, it’s advisable to run a series of disaster recovery tests. Here are five common types of disaster recovery tests:

What should you include in a disaster recovery plan?

A disaster recovery plan should encompass all the procedures, technologies, and objectives necessary for making a rapid recovery after a disaster. At minimum, your plan should account for the following:

Your disaster recovery plan and all the above facets should be updated regularly to help ensure that it remains accurate, as you never know when disaster might strike.

What does a business continuity plan typically include?

Your business continuity plan should act as a single, multifaceted document for managing every aspect of disaster preparedness in your business.

A typical business continuity plan will usually require the following sections:

Choosing the right disaster recovery and business continuity software

Devising a disaster recovery and business continuity plan is a time-consuming, complicated, and ongoing process. For MSPs, creating these types of plans is even more of a challenge, as they typically manage the recovery and continuity strategy for multiple customers. To do this effectively, it’s crucial that MSPs have access to reliable software so they can manage their approach to business continuity and disaster recovery in a cost-efficient and streamlined way.

N-able ®  N-central ®  helps MSPs tackle disaster recovery and business continuity with an all-in-one solution. N-central is a powerful option because it provides a scalable solution to disaster recovery and business continuity planning—alongside a whole slew of other critical MSP capabilities. N-central includes the capabilities necessary for MSPs to effectively manage complex networks with maximum precision—all from one powerful dashboard.

This remote monitoring and management tool offers a range of backup management features to support effective disaster recovery and  business continuity . This includes cloud and on-premises backup, bare metal recovery, virtual machine support, private keys, data archiving, and more. By having such features alongside patch management, network topology mapping , remote monitoring, and more, MSPs gain access to a single dashboard that allows them to offer more streamlined customer services. To learn more, a  30-day free trial  of N-central is available.

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

If this issue persists, please visit our Contact Sales page for local phone numbers.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

An educational institution offering market-relevant and unique specializations in Executive MBA, Graduate Diploma and Graduate Certificate programs

A gathering of professionals and experts who discuss on the latest trends and topics

An authentic source of information and inspiration

KATE is a freeware app, web-based available, granting digital access to training materials.

Online store for ISO and IEC standards, Toolkits, eBooks, etc.

Business Continuity and Disaster Recovery

business continuity management and disaster recovery planning

Business Continuity and Disaster Recovery (BCDR) planning is a set of strategies, policies, and procedures that help an organization respond, adapt, continue its operations, and recover in case of a disruptive event. They are essential components of an organization's overall risk management strategy. 

The importance of BCDR increases considering that organizations are exposed to a variety of disruptive events, some of which are impossible to be eliminated. However, implementing a good business continuity and disaster recovery plan can keep an organization running through interruptions of any kind: power outages, IT system failures, natural disasters, supply chain risks, and more.

Why is BCDR Planning Important?

BCDR helps an organization prepare for unforeseen risks to its operations. It specifies all the steps that should be taken in such critical events and outlines what precautions should be taken to reduce risks.

The main purpose of BCDR is to minimize the impact of disruptions on an organization. It is what keeps an organization running smoothly, reduces downtime, and recovers from any disruption. Furthermore, it protects the organizations’ staff and assets and makes sure they are able to function under any condition created. 

Business Continuity and Disaster Recovery benefits

Implementing an effective BCDR helps organizations maintain their reputation, as well as keep their revenue flowing in. 

What is the Difference Between Business Continuity and Disaster Recovery?

Although business continuity and disaster recovery are frequently used interchangeably, they differ, especially as each plan is implemented in different periods. 

Business continuity refers to an organization’s processes and procedures put in place to ensure that its main operations can continue regardless the unfavorable circumstances. Business continuity is the ability to preserve operations or services in the face of a disruptive event. 

On the other hand, disaster recovery focuses on the technology part of your business and aims to restore operations and systems as soon as possible after an incident happens. Disaster recovery is frequently considered to be an essential component of business continuity.

Top Threats to an Organization’s Continuity

Organizations can face a variety of unexpected events which can be physical or virtual. Some of the top threats to business continuity that every organization should be aware of:

How to Develop Business Continuity and Disaster Recovery Plans?

To create a  BCDR  plan for your organization, there are four important general steps that need to be followed:

Developing a  BCDR  plan can be broken down into creating two distinguished plans: 

Business Continuity Plan

Business continuity planning goes beyond the technology component. It involves many short-term and long-term processes, such as the response, recovery, resumption, and maintenance of the entire organization. 

There are eight general steps involved in creating a business continuity plan:

Disaster Recovery Plan

 A Disaster Recovery Plan contains detailed instructions on how to respond to unplanned incidents and is more thorough than a business continuity plan.

There are seven steps involved in creating a disaster recovery plan:

Benefits of a Business Continuity Plan

Developing an effective business continuity requires a lot of effort, time, and skills. However, it will result in being very beneficial for your organization. A business continuity plan can help in:

Benefits of Disaster Recovery Plan

Having a  disaster recovery plan  can help in:

Business Continuity Management and Disaster Recovery Training Courses

Business Continuity Management and Disaster Recovery training courses prepare professionals with the strong knowledge and skills needed to properly implement these systems. They help them understand the principles of BCDR and how to align them with their organization’s needs.

ISO 22301 Business Continuity Management System Training Courses

ISO 22301 Business Continuity Management System  is an international standard designed to reduce the likelihood of a disruptive incident occurring, protect from, prepare for, respond to, and recover from them. It is very useful because it is applicable to any type of organization, large or small, and within any industry or public sector. 

The business continuity management process helps create a clear understanding of how your organization operates, where failure might occur, and provides improvement points for your business processes.

Additionally, by applying business continuity management you can help your organization get a competitive advantage, increase your reputation, and contribute to continual business improvement. 

Being certified against  ISO 22301  expands your knowledge of how to align a business continuity management system with organizational objectives, and how to manage a team in the implementation of ISO 22301, it will improve your analytical and decision-making skills, and it will equip you with the necessary expertise.

Disaster Recovery Training Courses

Disaster Recovery  training courses provide professionals with the needed expertise, knowledge, and skills to implement, maintain, and manage disaster recovery plans. It contains a variety of policies and procedures for protecting IT infrastructure against disruption caused by humans or natural disasters.

With a Disaster Recovery certification, you will strengthen your capabilities to design, run, and conduct a DR project. You with be able to understand the concepts, approaches, methods, strategies, and techniques related to DR. You will be able to help an organization in implementing DR best practices and meeting their business objectives.

While disaster recovery is sometimes considered a component of business continuity, organizations are more protected and prepared when both plans are developed. They are related to each other and each of them plays a crucial role in building a more  resilient organization . 

About the Author

Vlerë Hyseni is the Digital Content Officer at PECB. She is in charge of doing research, creating, and developing digital content for a variety of industries. If you have any questions, please do not hesitate to contact her at:  [email protected]

Latest Articles

Understanding industry 4.0: the fourth industrial revolution.

business continuity management and disaster recovery planning

Lean Management: A Comprehensive Guide

business continuity management and disaster recovery planning

The Plan-Do-Check-Act (PDCA) Cycle: A Guide to Continuous Improvement

business continuity management and disaster recovery planning


Training & Certification



Terms, Conditions, and Policies | Privacy Statement

© 2023 Professional Evaluation and Certification Board. All rights reserved.

business continuity management and disaster recovery planning

Invenio IT

Business Continuity

What’s the difference b/w disaster recovery plan and business continuity plan, november 3, 2022.

business continuity management and disaster recovery planning

Dale Shulmistra


by Dale Shulmistra Nov 3, 2022 Business Continuity

People often use the terms disaster recovery and business continuity planning interchangeably, but while these two terms are similar, they describe two  different approaches businesses take to bounce back in the event of a disaster .

So what is the difference between a disaster recovery plan and  business continuity  plan? The answer varies a little depending on who you ask, but the basic rule of thumb is this:

A business continuity plan is focused on all aspects of disaster planning as it relates to preventing an interruption to business operations. A disaster recovery plan is focused more specifically on the response and recovery stages of a disaster, especially in regards to IT systems.

To further differentiate these concepts, let’s look at each plan individually:

According to Dell, a business continuity plan is a strategy that businesses put in place to continue operating with minimal disruption in the event of a disaster. A disaster recovery plan is more specific. It’s a plan to “restore the data and applications that run your business should your data center, servers or other infrastructure get damaged or destroyed.”

Below, we dig a little deeper into the unique components of each plan and how they differ, but first, let’s talk about why they’re essential in the first place.

Why are a DRP and BCP Important?

Businesses face a wide variety of threats that can impede their ability to function. These could result from natural disasters like fires, floods, tornados, earthquakes or hurricanes. There are also many man-made threats, like malware, cyberattacks, ransomware, accidental data deletion or even internal sabotage. Without both a business continuity plan and a disaster recovery plan in place, businesses face the dire consequences of being ill-prepared when disaster strikes.

Research shows that half of all businesses that experience a major disaster “never return to the marketplace.” Of businesses that are involved in a major fire, 70 percent “fail within 3 years.”

The stakes are especially high for small businesses. According to FEMA (Federal Emergency Management Agency),  90% of smaller companies fail within one year after a disaster  if they’re unable to resume operations within 5 days. Without detailed plans for preparing for such a disaster, businesses are setting themselves up for failure.

By focusing on both business continuity and disaster recovery planning, you can ensure your business can withstand these challenges.

Alarming Statistics about the Need for Disaster Planning

The rates of business failure are especially high for businesses that do not have a business continuity plan or disaster recovery plan. Consider some of these alarming business continuity statistics :

How a Business Continuity Plan and Disaster Recovery Plan Overlap

In reality, both plans are referred to generally when describing a business’s disaster preparedness, whether for prevention or response or both.

But also, it’s important to remember that a comprehensive business continuity plan will actually have a disaster recovery plan built into it. Your BCP is a master document that should encompass all aspects of a company’s disaster prevention, mitigation and response, including the recovery protocols (whether tech-focused or not). You cannot have an effective business continuity plan without addressing how the business will recover from different kinds of disasters.

Confused? Don’t be. Let’s take a closer look at each plan.

Business Continuity Planning

A business continuity plan is a broad plan to keep a business up and running in the event of a disaster. It focuses on the business as a whole, but also drills down to very specific scenarios that create risks for operations.

With business continuity planning, generally speaking, you’re focusing on the critical operations that the business needs to get up and running again after a disruption in order to conduct regular business. If the plan is followed correctly, businesses should be able to continue to provide services to customers during or immediately after a disaster with minimal disruption. The plan also focuses on the needs of business partners and vendors.

A business continuity plan is a written document that lists the business’s essential functions. According to TechTarget, these are things like a list of critical supplies, employee contact information, a list of crucial business functions or copies of important records. Basically, the business continuity plan includes all the necessary information to get the business up and running as soon as possible after a disruptive event.

But even that is only one small component of a BCP, as we address below.  

Disaster Recovery Planning

A disaster recovery plan can be considered a more focused, specific part of a business continuity plan.

Depending on who you talk to, a disaster recovery plan is sometimes narrowly focused on a business’s data and information systems. According to  Data Center Knowledge , for example, a disaster recovery plan is designed to save “data with the sole purpose of being able to recover it in the event of a disaster.” For this reason, disaster recovery planning is usually focused on the needs of the IT department.

Depending on the type of disaster, the plan could involve everything from recovering a small data set to the loss of an entire datacenter. Since most businesses are increasingly reliant on information technology, the disaster recovery plan is an important part of business continuity planning.

A disaster recovery plan can also refer to protocols that are outside the realm of IT. For example, the plan could include steps for recovery personnel to seek a secondary business location to resume critical operations. Or, it could include guidance for how to restore communication between emergency staff if primary lines of communication are unavailable.

In other words, disaster recovery planning does not always have to be strictly IT-focused, though it often is. If your IT personnel are creating an IT-focused disaster recovery plan, just be sure that all non-IT recovery protocols are included within the larger BCP documentation.

What to Include in a Business Continuity Plan

Your BCP should serve as the single, multifaceted document for managing all ends of disaster preparedness at your organization:

These are broad categories that need to be defined individually for each possible disaster scenario. To do so, you need to gain a better understanding of the unique risks that pose a threat to your organization and how those events will impact the business in terms of downtime, costs, reputation damage and so on.

As such, a typical business continuity plan will usually require the following sections:

What to Include in a Disaster Recovery Plan

A disaster recovery plan is essentially the “Response” component of your business continuity plan. It encompasses all the procedures, technologies and objectives necessary for completing a quick recovery after a disaster. This recovery could pertain to lost data, damaged hardware, network outages, application failure or virtually any other point of failure across your operations.

Here are some things you’ll want to identify within your disaster recovery plan:

Like your BCP, your disaster recovery plan should also be updated periodically to ensure all the information is still accurate.

Also, remember that the information in your DRP should be dictated in part by a thorough business analysis, like the risk assessments and impact analyses from your overall continuity planning. It is indeed important to understand the differences between a business continuity plan and a disaster recovery plan, but perhaps even more important is understanding how these two documents hinge on each other and play a connected role in maintaining continuity.

Backup & Disaster Recovery

One of the best strategies in disaster recovery planning is to keep all of your data backed up on a server at a secondary site. This way, if a disaster occurs at the primary site, a backup of all vital data is available. A good disaster recovery plan will dictate how you manage and access data from the secondary site as quickly as possible.

For example, in the case of hybrid-cloud backup systems like the  Datto SIRIS , you have several recovery options available to you.  If a disaster occurs at the primary site, you can restore data from the cloud or boot the entire backup as a virtual machine. The virtualization method allows for instant access to data and applications while a full recovery is in process.

Ultimately, the reliability of your disaster recovery plan is dependent on everything you’ve included in the plan: all the infrastructure, processes, planning and testing.

Frequently Asked Questions

1) what’s the difference between a business continuity plan and a disaster recovery plan.

The main difference is that a disaster recovery plan is more focused on the procedures for recovering from a disaster, especially in regards to IT systems, while a business continuity plan focuses on the bigger picture of preventing all operational disruptions.

Disaster recovery planning is typically considered a subset of business continuity planning.

2) Which comes first: business continuity or disaster recovery?

Business continuity planning is the foundation of a business’s disaster planning and thus should come before disaster recovery planning. Continuity planning will identify the primary threats to a business using a risk assessment and impact analysis. Those assessments can be used to inform IT disaster recovery planning.

3) What is an example of a business continuity strategy?

One example of a business continuity strategy is creating frequent data backups that can be restored in case files are deleted, destroyed or lost. This strategy involves using a dependable business continuity and disaster recovery (BC/DR) system that enables frequent backups and prompt restore methods.

4) What is business continuity and disaster recovery?

Business continuity and disaster recovery (or BC/DR) refers to the systems and procedures that help a business continue operating through a disaster. The term is commonly used in reference to data backup and recovery systems, but it can apply to other IT systems as well.

Don’t Go without a Plan! Get the Protection You Need.

Being prepared for a disaster is one of the most important things a business can do to prevent costly downtime—or permanent closure—when these disruptive incidents occur. Get in touch with our experts at Invenio IT to explore the technology your organization needs for business continuity, data backup and disaster recovery.  Request a free demo  or contact our specialists at Invenio IT by calling (646) 395-1170 or by emailing  [email protected] .

New call-to-action

Assessing Threats: A Complete Guide to BCP Risk Management

Jan 11, 2023

Risks are everywhere. They're in your building, the aging utility lines, the...

SMB Ransomware: Why Businesses Face Big Risks from Attackers

SMB Ransomware: Why Businesses Face Big Risks from Attackers

Jan 3, 2023

Large organizations like the Colonial Pipeline get major media attention when they...

What is the Cost of Data Loss in 2023?

What is the Cost of Data Loss in 2023?

Jan 1, 2023

Data loss is one of the most common causes of business disruption today—and one of...



  1. A Business Continuity Plan Is A Disaster Management Plan

    business continuity management and disaster recovery planning

  2. Business Continuity & Disaster Recovery 101

    business continuity management and disaster recovery planning

  3. The Importance of Disaster Recovery and Business Continuity Planning

    business continuity management and disaster recovery planning

  4. Business Disaster Recovery Plan

    business continuity management and disaster recovery planning

  5. business continuity and disaster recovery plan template

    business continuity management and disaster recovery planning

  6. 5 Ways A Disaster Recovery Plan Can Keep You In Business

    business continuity management and disaster recovery planning


  1. Disaster Risk Reduction Innovative Approaches to Community Support

  2. BCM Institute, BCMpedia

  3. BCM Institute, BCMpedia

  4. E4


  6. Top 25 Business Continuity Manager Interview Questions and Answers for 2023


  1. Business Continuity and Disaster Recovery

    While a business continuity plan focuses on defining how business operations should function under abnormal circumstances during a disaster or

  2. What Is BCDR? Business Continuity and Disaster Recovery Guide

    The role of BCDR is to minimize the effects of outages and disruptions on business operations. BCDR practices enable an organization to get back on its feet

  3. Business Continuity vs. Disaster Recovery: 5 Key Differences

    Business continuity and disaster recovery have different goals. Effective business continuity plans limit operational downtime, whereas effective disaster

  4. BCDR: Business Continuity and Disaster Recovery

    A business continuity and disaster recovery plan is a combination of strategies, policies and procedures about how an organization should respond to or adapt to

  5. Business Continuity & Disaster Recovery Planning (BCP & DRP)

    Even the most carefully thought out business continuity plan is never completely foolproof. Despite your best efforts, some disasters simply cannot be mitigated

  6. Disaster Recovery and Business Continuity Plans in Action

    Accordingly, a disaster recovery plan is limited to ensuring data protection, preventing damage to systems and recovering them as quickly as possible, while a

  7. Business Continuity Plan

    Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are

  8. Key Differences Between a Disaster Recovery Plan vs. a Business

    A business continuity plan is a broad plan designed to keep a business running, even in the event of a disaster. This plan focuses on the

  9. Business Continuity and Disaster Recovery

    Business Continuity and Disaster Recovery (BCDR) planning is a set of strategies, policies, and procedures that help an organization respond

  10. Disaster recovery plan and business continuity plan

    A business continuity plan is focused on all aspects of disaster planning as it relates to preventing an interruption to business operations. A disaster