Difference Between DRP and BCP

Disaster Recovery Plans (DRP) is comprehensive statement of actions to be taken before, during and after a disruptive event causes loss of availability of Information Systems. Primary objective is to provide an alternate processing site and return to primary site within a minimal time frame when ever any disaster occurs in the information systems. Whereas the Business Continuity Plans (BCP) suggests a more comprehensive approach to deal with the restoration of computer systems with all attendant software and connections to full functionality under a variety of damaging or interfering external conditions that businesses face from time to time.

Page Contents

Disaster Recovery and Business ContinuityDifference Between DRP and BCP Explained

The differences between Disaster Recovery Plans and Business Continuity Plans are not very clear in actual usage. Different companies sometimes use these terms differently and, at times, interchangeably.

Technically the Business Continuity Plan (BCP) refers to the means by which loss of business may be avoided and it ought to define the business requirements for continuity of operations. It defines the business requirements for a Disaster Recovery Plan (DRP).

Technically, the Disaster Recovery Plan (DRP) deals with the restoration of computer systems with all attendant software and connections to full functionality under a variety of damaging or interfering external conditions. In daily practice Business Continuity often refers to disaster recovery from a business point-of-view, or dealing with simple daily issues, such as a failed disk, failed server or database, possibly a bad communications line. It is often referred to as the measure of lost time in an application, possibly a mission critical application.

In daily practice Disaster Recovery often refers to major disruption, such as a flooded building, fire or earthquake disrupting an entire installation. The issue of Business Continuity certainly arises when Disaster Recovery is required.

In short we can say that Disaster Recovery Plans addresses the procedures to be followed during and after the loss where as BCP is the preemptive process put in place in preparation for the handling of a disaster.

 

What is the purpose of a Disaster Recovery Plan (DRP)?

The primary purposes of a Disaster Recovery Plan (DRP) are as following:

  1. Prevention (pre-disaster): The pre-planning required — using mirrored servers for mission critical systems, maintaining hot sites, training disaster recovery personnel – to minimize the overall impact of a disaster on systems and resources. This pre-planning also maximizes the ability of an organization to recover from a disaster.
  1. Continuity (during a disaster): The process of maintaining core, mission-critical systems and resource “skeletons” (the bare minimum assets required to keep an organization in operational status) and/or initiating secondary hot sites during a disaster. Continuity measures prevent the whole organization from folding by preserving essential systems and resources.
  2. Recovery (post-disaster): The steps required for the restoration of all systems and resources to full, normal operational status. Organizations can cut down on recovery time by subscribing to quick-ship programs (third-party service providers

Who can deliver pre-configured replacement systems to any location within a fixed timeframe).

What are the key elements of a DRP?

The primary objective of Disaster Recovery Plan (DRP) is to enable an organization to survive a disaster and to continue normal business operations. In order to survive, the organization must assure that critical operations can resume/continue normal processing. Throughout the recovery effort, the plan establishes clear lines of authority and prioritizes work efforts.

The following key of Disaster Recovery Plan (DRP) should be to:

  • Provide for the safety and well-being of people on the premises at the time of a disaster;
  • Continue critical business operations;
  • Minimize the duration of a serious disruption to operations and resources (both information processing and other resources);
  • Minimize immediate damage and losses;
  • Establish management succession and emergency powers;
  • Facilitate effective co-ordination of recovery tasks;
  • Reduce the complexity of the recovery effort;
  • Identify critical lines of business and supporting functions;

Although statistically the probability of a major disaster is remote, the consequences of an occurrence could be catastrophic, both in terms of operational impact and public image. Management appreciates the implications of an occurrence; therefore, it should assign on-going responsibility for recovery planning to an employee dedicated to this essential service.

Management must make a decision to undertake a project that satisfies the following objectives:

  • Determine vulnerability to significant service interruptions in the Data Centre and business facilities and define preventive measures that may be taken to minimize the probability and impact of interruptions;
  • Identify and analyze the economic, service, public image and other implications of extended service interruptions in the Data Centre and other business facilities;
  • Determine immediate, intermediate and extended term recovery needs and resource requirements;
  • Identify the alternatives and select the most cost effective approaches for providing backup operations capability and timely service restoration; and
  • Develop and implement contingency plans that address both immediate and longer-term needs for the Data Centre and other business facilities.

What are the five methods of testing a DRP?

There are several different types of testing method are available to test the Disaster Recovery Plan which can be used when testing a DRP. The following five methods are mostly used methods in this field of DRP testing, which are as following:

  • Walkthrough Testing
  • Simulation Testing
  • Checklist Testing
  • Full Interruption Testing and
  • Parallel Testing

 

Many companies decide to go ahead with a checklist to then proceed to a simulation test. The simulation test is important so that employees know what to do when a disaster actually occurs. The company may decide to do a full interruption test while doing a simulation test, but that really depends on if the company has the type of budget that will allow for this type of testing.

 

Why does a DRP require testing?

The key objectives of a DRP testing are as following:

  • Exercise the recovery processes and procedures
  • Familiarize staff with the recovery process and documentation;
  • Verify the effectiveness of the recovery documentation;
  • Verify the effectiveness of the recovery site;
  • Establish if the recovery objectives are achievable;
  • Identify improvements require to the DR strategy, infrastructure, and recovery processes

So, DRP testing is required to test these key objectives and ensuring that our Disaster Recovery Plan will be work at the time of any disaster occurs.

References:

[1] disaster-recovery-plan-testing-cycle-plan-plan-cycle_563 (application/pdf Object)
URL: http://www.sans.org/reading_room/whitepapers/recovery/disaster-recovery-plan-testing-cycle-plan-plan-cycle_563

[2] https://online.penson.com/PensonBusinessContinuityPlan.pdf

[3] http://www.timothydavidson.com/security-frames/cissp/rhodes/computer-security-drp-bcp.pdf

[4] The IT disaster recovery plan URL: http://www.continuitycentral.com/feature0524.htm