Disaster Recovery vs Business Continuity

What if I told you that your business or organization needs both?  The terms are used interchangeably in conversation, but they are very different.  Disaster recovery in the IT world is viewed as a backup that can recover your data.  That recovery, when done correctly, is able to bring back your data from anywhere, anytime.  Disaster recovery includes a way to run your system with its data in the cloud just like it was in your building.  Business continuity differs in that it isn’t just about data.  Continuity is about decreasing the likelihood of a disruptive incident to your organization.   It is designed to prepare your organization to continue the delivery of its most essential products and services if a disruption were to occur.

Backup

Disaster Recovery typically refers to events where IT or data are the main systems affected.  You would think of disaster recovery as a backup.  Maybe you backup your data manually to drives, or a unit in your building.  Maybe you have OneDrive or Dropbox.  However, you are not completely protected. Human error is a large culprit in data loss. It could be unintentionally deleting items or accidentally overwriting data. Human error can result in other kinds of hardware damage like liquid damage from spills or even accidental reformatting. All of these things are possible and have happened to many SMBs before you. Sometimes recovery is possible from the software platform you were using, maybe your computer has your back and caught these things. Data recovery is a time consuming and money wasting error to fix. Currently, 58% of SMBs are not prepared for data loss. Even worse, 60% of SMBs that lose their data will shut down within six months.  It would be silly to have human error or a simple mishap put your company out of business. The most important part of your backup is that it isn’t just data backup, it gives you a complete copy of your systems.  For example, it would enable your business to resume operations like nothing is wrong, even during a weather event or cyberattack.

Planning

Planning to maintain all the essential functions of your business during as well as after an event is Business Continuity.  Here you establish risk management and tolerance while putting processes and procedures into effect to help minimize your interruptions. Unlike disaster recovery which is one part in the grand scheme of your business, continuity is a plan designed to decrease the likelihood of a disruptive incident to your organization.   It is designed to prepare your organization to continue the delivery of its most essential products and services if a disruption were to occur.

What is a disruption?

A disruption is anything that interrupts normal business activities like natural disasters, like weather, earthquakes, and floods.  Man made threats are another type of disruption, they include fire technical issues and  cyber events.  The next type of threats are to your personnel.  Personnel threats are pandemics, or other events leading to high absenteeism, or actual loss of employees.  The last type of disruptions are the loss of key suppliers.  This would be any other company that supplies goods or services to your organization.  You want to think about your disruptions in the short as well as the long term.

Business Continuity Planning has Six Main Activities

There are six main activities in planning for business continuity.  The first four activities go towards building the plan, and the latter two cover training and testing.  These activities are program design, business impact analysis and risk assessment, strategy development, plan development, and training and awareness. The rules for program design are laid out for how business continuity planning will flow.  Rules cover stakeholders, ground rules, who will be responsible for each part of the plan and the scope.  BIA and risk assessment looks at the activities of the business and how the organization delivers its products & services.  It also reveals the potential impacts of a disruption or threats to the organization over time.  Strategy development uses what you uncover in the BIA and risk assessment to start designing a plan.  Then you start plan development.  These are the instructions and guide for the organization when a disruption occurs. The plan helps you answer 3 questions. Where do I go?  What should I do?  When should I do it? Training and awareness is the next part of the plan.  It introduces plans and processes as well as the resulting strategies to your staff.  The last part are tests and improvements.  Testing validates plans and strategies to be sure they can provide a response and recovery consistent with management expectations.

Wrapping up

By now you know it isn’t Disaster Recovery vs Business Continuity, because they aren’t the same thing.  Disaster recovery stores and backs up your business data in a matter where you can access it no matter the situation.  Business Continuity is all about how to keep your organization functioning no matter what is happing around your business or to your business.  Keep in mind, small businesses need a plan as much as a large enterprise.  They may even need it more since they are often have single points of failure and no plan for when something fails.