In my view, it’s almost impossible to give someone the definition of one of these concepts—“business continuity” or “disaster recovery”—without including a discussion about the other. In fact, the two concepts are so closely married that the phrase “you can’t have one without the other” springs to mind.
Yet, most people think of them differently—hence the addition of “versus” that so often pops up when the two ideas come together. Let’s take a closer look at their interrelatedness and why the common vernacular of “business continuity vs. disaster recovery” should be replaced with “business continuity and disaster recovery.”
Let’s start with some definitions:
Business continuity refers to the overall preparations and strategies that are put into place to enable an organization to remain functional or to recover functionality in the event of an emergency. Technically, the term applies to the entire organization and includes both business functions and technologies.
Disaster recovery refers specifically to the recovery of technology, applications, and systems in the event they are impacted by an outage or emergency event, for instance, a “smoking hole” situation that renders the data center nonfunctional.
While these definitions may be technically correct, most people really think of business continuity in a slightly different way: as encompassing the preparations and strategies that ensure the survival of all business functional units outside of IT, such as accounting, marketing, the supply chain, human resources, sales, finance, and security. The subtle difference here? The exclusion of IT.
In other words, it’s commonly thought that business continuity covers the business function side and disaster recovery covers the IT side.
Typically, companies focus on disaster recovery because everyone is highly dependent on technology. It’s assumed that no one can do anything until IT recovers, then it’s back to business as usual. Though the dependency on IT may be a reality for your business, the fact remains that there are processes and procedures in all parts of the business that need to be addressed in the event of a disruption—and that’s where business continuity comes in.
It makes sense that so many organizations emphasize disaster recovery, because it’s an integral part of conducting business. But when IT goes down, what effects does that have on the remaining business units?
Consider the following scenarios:
As you can see, there’s no clear line defining where IT ends and other parts of the business start. Given the scenarios above, you could even argue that other business units are more important than IT, because without a plan to continue functioning, you’ll start losing customers and your brand may be impacted.
That’s why it’s not enough just to plan for IT recovery. You need to know how you’ll keep the business running while the technical systems are being repaired.
Even if your plan revolves solely around communication methods, that may be sufficient to see your business through a difficult time.
IT is important, but it’s only one part of your business. With a good disaster recovery plan and a business continuity plan (forget about “business continuity vs. disaster recovery”), your company will be well prepared to weather almost any storm.
Not sure how to get started with business continuity planning? BCMMetricsTM can help. Our online Compliance Confidence tool (C2) guides you through a simple assessment activity that evaluates your business against eight different continuity standards so you can be certain of your company’s current level of preparedness. It’s flexible, to match the specific characteristics of your business, and can be completed entirely on your own. You’ll come away with a better understanding of where you need to focus your continuity efforts—and where you may already be wasting valuable time and resources.