There tends to be a fair amount of confusion regarding what Disaster Recovery is all about, what areas of risk it covers and why it's so important to mitigate risk by having a disaster recovery plan. In this introduction we provide a definition for Disaster Recovery Planning, we look at why DR is becoming a more visible business priority and we discuss the terms used to refer to disaster recovery planning and the scope of different plans.

In this tutorial:

An Introduction

What's in a name?

An Introduction

Disaster Recovery Planning is the process of preparing for recovery or continuation of IT processing tasks that support critical business processes in the event of a threat to your IT infrastructure. In some cases, IT infrastructure would be recovered in a process that could take days (or weeks) while in other cases processing will continue immediately (or within minutes) at a remote site away from the threat.

The Disaster Recovery (DR) planning and testing process is not generally regarded by IT teams as the most exciting task to be involved in, and most would prefer to keep busy with ‘cooler’ projects such as virtualization or some new Web 2.0 technology. But business continuity and disaster recovery planning is critical for an organization and when the worst actually happens, there is always plenty of excitement to go around!

As the world has virtually shrunk to become a global village and business opening and closing times have been replaced with round-the-clock operations, the importance of being prepared to keep a business running in the event of a disruptive situation has become a more visible priority.

The threats to an organization, whether from the increase in political uncertainty on a global scale, decreased stability of national power networks, or the changing climate conditions and related severe weather, have seemingly been increasing over the past decade. Further, new threats are continually looming on the horizon, such as the outbreak of highly contagious diseases, digital blackmail and hacking, and new methods used by terrorists for wide-scale destruction. And in addition to these, there are of course internal threats, whether damage caused accidentally through human error or purposeful damage to data by an employee.

As a result, business continuity and disaster recovery have become more widely known terms and more people in IT are finding that they need to be involved in doing their part of ensure that the business can continue when something goes wrong.

What's in a name?

Over the last three decades the terms used to refer to the process of preparing a business to continue when faced with a threat of some sort, and for preparing IT systems for the worst, have changed. Today there is still a lot of confusion and debate over which terms apply to which aspects of risk planning. Some of the more widely used terms include Business Continuity Plan (BCP), Disaster Recovery Plan (DRP), Continuity of Operations Plan (COOP), Business Resumption Plan (BRP), contingency planning, disaster avoidance, resiliency and information availability.

In some countries, Business Continuity is not a widely used term and Disaster Recovery is used to refer to recovery of the business as a whole, not just the IT infrastructure. However, throughout this site we will refer to Business Continuity as the planning for keeping the business as a whole running and Disaster Recovery as a subset of Business Continuity, referring to the task of keeping IT infrastructure available or recovering the IT infrastructure required for critical business processes.

Disaster Recovery is not however the best and most descriptive term of what DR planning and implementation actually involves. Disaster Recovery would seem to describe recovery of a resource after a major incident such as flood or fire. In reality though, many incidents that cause disruption to IT infrastructure (and therefore the business) are relatively minor events such as corruption of data, the accidental deletion of a file, or a hardware fault. As a result, a DR Plan should provide guidance in the event of a major disaster or a minor disruption.

Business Continuity Planning is about focusing on the organization as a whole and a good BCP should refer to all aspects of the business, including people, premises, facilities and IT infrastructure. A Business Continuity Plan (BCP) needs to cover any significant risk to the organization from events such as loss of a branch due to a fire or loss of a key staff member, through to contamination of the business’ products and resulting damage to the organizations reputation or a national outbreak of a highly contagious disease that affects large parts of the employee base.

The IT department should not create the BCP (although even today many businesses think of business continuity and disaster recovery planning as an IT only function), but IT should take the objectives specified by the business in the BCP and create a DR Plan that aims to meet those objectives.