The CEO, CFO, and CIO are meeting to discuss the state of the organization. The company is located within a coastal city and the CEO has concerns about how prepared they are given the inherent risks of their geographic area.
The CFO tells the CEO, “Don’t worry, I’m developing a Business Continuity Plan that will outline everything necessary to keep the lights on.” The CIO then says, “Well, I’m developing a Disaster Recovery Plan that will do that as well.”
The CEO looks perplexed. Why are my CFO and CIO performing the same work and why are they calling it by two different names? The truth of the matter is that he should only be concerned if these plans are being developed in parallel without any input between the CIO and CFO.
Two Plans with Different Goals and Timelines
Within contemporary corporate culture, Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) have started to be used interchangeably. They are both very different documents but do depend on each other, to some degree, to keep the business alive during a potentially disastrous situation.
The primary difference between the plans has to do with its timeline in relation to the disaster event. A BCP is a plan that the business uses to plan in advance what needs to be done to ensure that key products and services continue to be available in case of a disaster. DRP plans for what needs to be done immediately after a disaster in order to recover quickly. Basically, the BCP is planning to continue business operations during a disaster while the DRP is planning to recover from that disaster.