It is quite common to use business continuity and disaster recovery as interchangeable terms. They aren’t, however, the same thing so it’s useful to have a clear understanding of what the important differences are so that you can carry out effective planning.
What’s the difference?
Business continuity means a strategy that lets a business continue to operate with minimal interruption to key business processes. Business continuity goes beyond just IT services and includes planning for work emergency facilities and staff availability.
Disaster recovery planning supports the business continuity plan. A DR plan details the ability to recover access to the data and applications required to run your critical business processes should your data centre, servers, or other infrastructure get damaged or destroyed.
The design of BC and DR plans needs to balance a company’s ability to tolerate down-time against the budget available to fund contingency solutions. Options could include in-house save/restore, external DR service and/or hot standby at system or even data-centre level. Each of the options comes with an associated speed of recover and corresponding cost.
Protect your data
Whatever your strategy, protecting your company’s data is critical. If your company loses some or all of its data, it could be catastrophic. You may not know how much to bill to your customers, how much they already owe you, and what you owe to your suppliers. Your inventory, manufacturing processes, contractual obligations, and competitive intelligence could all be gone.
Disaster recovery plans are developed so that everyone knows exactly what to do to help the business IT function recover in the aftermath of a major catastrophic event. Earthquakes, hurricanes, floods, and acts of war have all caused big companies to either activate their DR plans or deeply regret not having one. Plans would include having recent off-site stored backups of all data available for restoration once replacement systems can be established. The more recent the backups, the better, meaning that the planning, scheduling, and rotation of data to offsite facilities is an integral part of a good DR plan. Having a replication based HA solution would be best solution. It could mean IT recovery in minutes or seconds rather than hours or days.
When largescale disasters happen, they can destroy or incapacitate entire buildings, towns, and cities. This is where the concept of redundancy becomes critical. You may backup your data locally, and should a server or storage device fail, you simply replace it and restore the local copy of your data. However, if a major outage hits your building, perhaps even your entire, you’ll need to be sure business critical data is replicated far away in a remote data centre, perhaps more than one.
Consider all your business infrastructure
BC measures need to be put into place at multiple levels. For example, redundant servers, redundant storage, even redundant data centres may be required to provide enough availability to support continuity of the business within the recovery time objectives. Anything that could fail must be considered, including personnel and physical premises. Replacement personnel may need to be ready to step in, and substitute locations must be designated where employees can work should a calamity befall the operation.
It’s easy to see why people use the terms interchangeably. True continuity of business operations requires high availability, which is the lowest level of fault tolerance, and the ability to recover from a disaster almost instantly.
Beyond replicating your valuable data, if your company can’t afford to stop doing business, you’ll need to replicate your entire infrastructure. When an outage or disaster occurs, your network “fails over” to the redundant data centre and your people continue working as if nothing has happened. Users unable to access the company’s network can connect to the secondary data centre easily from wherever they can securely access the internet.
Recovery Speed vs Recovery Budget
You may be unsure of just how much you need to invest to achieve the level of resilience appropriate for your business. You clearly don’t want to overspend, but you shouldn’t under protect either. Start your process by assessing the importance of each business-critical asset including data, IT infrastructure, facilities and people and create a specific plan for each. Compare the approximate cost of each plan against the value delivered by the asset to establish an acceptable ratio. From there, the rest of the process is one of logistics.