Differences Between a Vendor's Disaster Recovery and Business Continuity Plans

The assumption that disaster recover plans and business continuity plans are the same thing is a common misconception. While they are closely intertwined, they’re not the same.

A business continuity plan (BCP) is an organization’s plan(s) that is developed to ensure key operations, products and services will be delivered at a predetermined or acceptable level of availability should a business disrupting event occur. A disaster recovery plan (DRP) is a subset of business continuity and outlines the organization’s anticipated, immediate response and procedures that they’ll follow if they experience a business disrupting event in order to resume normal operations.

Key Differences Between Vendor’s Disaster Recovery and Business Continuity Plans

Here are six additional key differences:

1. Strategic Objectives vs. Calculated Plans - BCPs are strategic objectives. DRPs are calculated plans.
   
   

2. Business Resiliency vs. Resuming Operations - BCPs attempt to avoid business interruptions by proactively implementing plans and controls designed to increase the business’s resiliency to potential disaster scenarios outlined in the BCP. DRPs guide disaster recovery personnel in reacting and responding to events that transcend the BCP and in recovering the organization’s people, facilities and systems to normal operations.
   
   

3. BCP Focus - BCPs focus on the following:
   • Risk assessment
   • Preventive controls
   • Succession planning
   • Planning with public entities such as emergency services, local or state disaster relief agencies
   • Communications with identified key vendors, clients, employees and the media
     
     

4. DRP Focus - DRPs focus on the following:
   • Gathering of disaster recovery personnel at the command center
   • Deciding if the incident is a disaster
   • Salvage operations, recovery operations, communications, restoration to normal operations
     
     

5. BCP Components - Your vendor’s BCP should include the following 13 components:
   • Business impact analysis
   • Personnel loss planning
   • Relocations plans
   • Remote access availability
   • Facility loss contingencies
   • Pandemic contingencies
   • Breach/disruption notification procedures
   • Testing procedures
   • Copies of the plan are held off-site in secure locations and available
   • Plan is reviewed, tested and updated regularly
   • Senior management and board approval
   • SLAs and contractual obligations
   • Failover and backup locations
     
     

6. DRP Components - Your vendor’s DRP should include the following six components:
   • Dedicated team and individuals
   • Testing and updates
   • Notification process
   • Backup procedures
   • Procedures for personnel and system recovery to normal operations
   • Senior management/board approval and involvement

As you can see, BCPs and DRPs are closely related but serve distinct purposes. Both are critical to ensuring that a business safeguards its personnel and its ability to meet contractual obligations to customers.

Dive deeper into business continuity planning with your vendors. Download the infographic.