Skip to main content

Why your Business Continuity Plan and Disaster Recovery Plan Aren’t the Same Thing

Why your Business Continuity Plan and Disaster Recovery Plan Aren’t the Same Thing


The CEO, CFO, and CIO are meeting to discuss the state of the organization. The company is located within a coastal city and the CEO has concerns about how prepared they are given the inherent risks of their geographic area.
The CFO tells the CEO, “Don’t worry, I’m developing a Business Continuity Plan that will outline everything necessary to keep the lights on.” The CIO then says, “Well, I’m developing a Disaster Recovery Plan that will do that as well.”
The CEO looks perplexed. Why are my CFO and CIO performing the same work and why are they calling it by two different names? The truth of the matter is that he should only be concerned if these plans are being developed in parallel without any input between the CIO and CFO.

Two Plans with Different Goals and Timelines

Within contemporary corporate culture, Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) have started to be used interchangeably. They are both very different documents but do depend on each other, to some degree, to keep the business alive during a potentially disastrous situation.
The primary difference between the plans has to do with its timeline in relation to the disaster event. A BCP is a plan that the business uses to plan in advance what needs to be done to ensure that key products and services continue to be available in case of a disaster. DRP plans for what needs to be done immediately after a disaster in order to recover quickly. Basically, the BCP is planning to continue business operations during a disaster while the DRP is planning to recover from that disaster.

To Do Your BCP and DRP Right, Do Them Together

The CFO should be analyzing the impact of risks on the organization and developing a business strategy on what the company needs to do to “keep the lights on” in the event of a disaster, while the CIO should be looking at all of the business-critical systems within the IT environment and understand the process to fail-over to other systems if a disaster should happen. However, the two are not mutually exclusive.  Without knowing the levels of accepted risk documented within the BCP, the CIO cannot develop an accurate DRP. Without an understanding of realistic recovery objectives for the business’ technology, the CFO cannot develop an accurate BCP.
The importance of the business and technology departments to be on the same page cannot be understated. Creating a BCP or a DRP in a vacuum is a recipe for comprehensive business failure. While both documents have a different list of critical risks and threats, they should all be discussed and accounted for in both plans. Aligning the goals of both groups will create a sound plan for the organization to prepare for, and recover from, a disaster under realistic terms.
So, should our CEO be concerned that the CFO is working on a BCP and the CIO is working on a DRP?  Not necessarily – but the CEO needs to make sure that they are discussing both of these plans together and reviewing them with the CEO to make sure the plan does truly “keep the lights on”.




Labels:

Comments

Post a Comment

Popular posts from this blog

Scan to USB/SD - RICOH MFP Feature

Scan to USB/SD is a Ricoh scan function enabling users to scan documents directly to a USB memory device or an SD card. How does it work? From supported Ricoh multifunction products (MFPs) with USB/SD slots, users insert their USB/SD card, and follow the instructions on the operation panel to scan their document to the memory device.  When the user removes their USB/SD card from the MFP, they can access their scanned files immediately with their PC, laptop, or other mobile device. Which file formats are supported? Scan to USB/SD supports PDF/A, single-page TIFF, JPEG, PDF, and high compression PDFs, as well as multi page TIFF, PDF and high compression PDF file formats. Can the scan be enlarged or reduced? Ricoh MFPs with a GWNX controller allow users to automatically reduce or enlarge the size of their scan to a different supported paper size. For example, an A4 size document can be scanned to A5 paper size. This is ideal to save both storage space, and paper, if the document will be p
Post a Comment
Read more

Total Cost of Ownership (TCO)

When a customer buys a Ricoh device, the Total Cost of Ownership (TCO) includes the purchase price and the running costs over the lifetime of the product. The TCO is calculated in steps, using these costs and quantities: Cost of supplies and consumables Expected yield of supplies and consumables Document volumes Expected lifespan of the device Purchase price. Many different software tools are available, via the internet and from your sales manager, to help you calculate TCO. Four steps to calculate TCO There are basically four steps to calculate the TCO: Step 1:  Calculate Cost Per Page (CPP) Step 2:  Calculate average monthly running cost Step 3:  Calculate lifetime running cost Step 4:  Calculate TCO. You can use these steps to calculate the TCO of a Ricoh device and a competitor's device. The difference in TCO between different devices is an important part of the sales approach, when TCO is an advantage. This column contains the business overview. Step 1: Calculate Cost Per Page
Post a Comment
Read more

User authentication - RICOH

User authentication is a process for authorised users to validate that they are who they say they are, by some pre-arranged criteria. Typically, user authentication is required to allow access to electronic devices, networks, or services. A common user authentication process is accessing bank accounts at an automatic teller machine (ATM). This requires us to enter a bank-issued security card, followed by a personal identification number (PIN) at the keypad. Because user authentication is a part of daily life, the requirement for user authentication to access office automation equipment at work is a standard expectation. User authentication methods Supported Ricoh multifunction products (MFPs) provide four methods to control user access: Windows authentication LDAP authentication Basic authentication User codes.   Windows authentication Users are required to log on to the device using their existing Windows network username and password. Only users with a valid username and password can
Post a Comment
Read more