- Business continuity deals with keeping business operations running — perhaps in another location or by using different tools and processes — after a disaster has struck.
- Disaster recovery deals with restoring normal business operations after the disaster takes place.
Here's an analogy. Two boys kick a big anthill — a disaster for the ant colony. Some of the ants scramble to save the eggs and the food supply; that's Ant City business continuity. Other ants work on rebuilding the anthill; that's Ant City disaster recovery. Both teams work to ensure the anthill's survival, but each team has its own role to play.
Business continuity and disaster recovery planning have these common elements:
- Identification of critical business functions: The Business Impact Analysis (BIA) and Risk Assessment (discussed in the section "Conduct Business Impact Analysis," later in this chapter) identify these functions.
- Identification of possible scenarios: The planning team identifies all the likely man-made and natural activation scenarios, ranked by probability and impact to the organization.
- Experts: People who understand the organization's critical business processes.
Business continuity (and disaster recovery) planning exist because bad things happen. Organizations that want to survive a disastrous event need to make formal and extensive plans — contingency plans to keep the business running and recovery plans to return operations to normal.
Keeping a business operating during a disaster can be like juggling with one arm tied behind your back (we first thought of plate-spinning and one-armed paper hangers, but most of our readers are probably too young to understand these). You'd better plan in advance how you're going to do it, and practice! It could happen at night, you know (one-handed juggling in the dark is a lot harder).
Before business continuity planning can begin, everyone on the project team has to make and understand some basic definitions and assumptions. These critical items include
- Senior management support: The development of a Business Continuity Plan (BCP) is time consuming, with no immediate or tangible return on investment (ROI). To ensure a successful business continuity planning project, you need the support of the organization's senior management, including adequate budget, manpower, and visible statements backing the project. Senior management needs to make explicit statements identifying the responsible parties, as well as the importance of the business continuity planning project, budget, priorities, urgency, and timing.
- Senior management involvement: Senior management can't just bless the business continuity planning project. Because senior managers and directors may have implicit and explicit responsibility for the organization's ability to recover from a disaster, senior management needs to have a degree of direct involvement in the business continuity planning effort. The careers that these people save may be their own.
- Project team membership: Which people do you want to put on the business continuity planning project team? The team must represent all relevant functions and business units. Many of the team members probably have their usual jobs, too, so the team needs to develop a realistic timeline for how quickly the business continuity planning project can make progress.
- Who brings the donuts: Because it's critical that business continuity planning meetings are well attended, quality donuts are an essential success component.