The Key Differences Between a Disaster Recovery Plan vs. a Business Continuity Plan

By SolarWinds MSP

23 September, 2020

As a managed services provider (MSP), you may have been asked for your recommendation on whether to implement a disaster recovery plan or a business continuity plan. At face value, these two terms have a lot in common—they both share the long-term goal of keeping your business up and running. There are, however, key differences between the purposes of a business disaster recovery plan versus a business continuity plan, which is why it’s so important for businesses to prepare both. Your customers should know that these two plans are not interchangeable, because they each perform a specific role.

To help you answer this question for your customers, this guide will outline the key differences between a disaster recovery plan, sometimes called a data recovery plan, and a business continuity plan. It will also explain the importance of each and how to go about creating them.

What is a business continuity plan?

A business continuity plan is a broad plan designed to keep a business running, even in the event of a disaster. This plan focuses on the business as a whole, but drills down to specific scenarios that might create operational risks. With business continuity planning, the aim is to keep critical operations functioning, so that your business can continue to conduct regular business activities even under unusual circumstances.

When followed correctly, a business continuity plan should be able to continue to provide services to customers, with minimal disruption, either during or immediately after a disaster. A comprehensive plan should also address the needs of business partners and vendors.

The continuity plan itself should live as a written document that outlines the business’ critical functions. This is likely to include a list of critical supplies, crucial business functions, copies of important records, and employee contact information. The information included in the plan should allow the business to be up and running as soon as possible after a disruptive event has occurred.

What is a disaster recovery plan?

A disaster or data recovery plan is a more focused, specific part of the wider business continuity plan. The scope of a disaster recovery plan is sometimes narrowed to focus on the data and information systems of a business. In the simplest of terms, a disaster recovery plan is designed to save data with the sole purpose of being able to recover it quickly in the event of a disaster. With this aim in mind, disaster recovery plans are usually developed to address the specific requirements of the IT department to get back up and running—which ultimately affects the business as a whole.

Depending on the type of disaster that occurs, the plan could involve everything from recovering a small data set to an entire datacenter. Most businesses are heavily reliant on information technology, which is why the disaster recovery plan is such an important part of successful business continuity planning.

In some cases, disaster recovery planning may also refer to protocols that exist outside the IT department. For example, disaster recovery plans could include steps for recovery personnel to seek a backup business location so that critical operations can be resumed. This might be useful in the event of an environmental disaster, such as flooding, which might render the existing business premises unusable. The plan might also include guidance on how to restore communication between emergency staff if the usual communication lines are unavailable. If your IT department is creating an IT-focused plan, you should include all non-IT recovery protocols in the wider business continuity plan.

A disaster recovery plan vs. business continuity plan

To summarize, disaster recovery refers to the way data, servers, files, software applications, and operating systems are restored following a damaging event. In contrast, business continuity refers to the way a business maintains operations during a time of technological malfunction or outage. In other words, a disaster or data recovery plan dictates how a business should respond to a disaster, while a business continuity plan dictates how a business can continue to operate throughout a disaster.

What specific ways can disaster recovery plans be tested?

To help ensure that any disaster recovery plan can hold its own in the event of a real disaster, it’s advisable to run a series of disaster recovery tests. Here are five common types of disaster recovery tests:

Paper test: individuals in your IT department read and annotate recovery plans to flag any issues
Walkthrough test: in a group, your IT department walks through the plans to identify any problems and recommend changes
Simulation: your IT department simulates a disaster to determine whether the response plans are appropriate
Parallel test: recovery systems are implemented and tested to see if they can perform actual business transactions in the event of a disaster. Primary systems still carry the full production workload
Cutover test: primary systems are disconnected and recovery systems are implemented and assume the full production workload to see if they can perform business operations in the event of a disaster

What should you include in a disaster recovery plan?

A disaster recovery plan should encompass all the procedures, technologies, and objectives necessary for making a rapid recovery after a disaster. At minimum, your plan should account for the following:

Recovery technologies: all systems currently implemented, or those that should be, in support of recovery
Recovery time objective (RTO): this refers to your desired timeframe for completing recovery before the situation becomes critical
Recovery point objective (RPO): RPO refers to the age of data backups—it’s the desired recovery point for restoring data from a backup
Recovery protocols: these protocols should identify who does what in the event of a disaster, including clearly defined roles and how you expect recovery personnel to communicate with each other
Vendors, suppliers, and other third parties: your plan should include a list of any parties who may be needed to support recovery, as well as their emergency contact details
Recovery testing: outline periodic tests and mock disaster scenarios to confirm your recovery systems work as they should

Your disaster recovery plan and all the above facets should be updated regularly to help ensure that it remains accurate, as you never know when disaster might strike.

What does a business continuity plan typically include?

Your business continuity plan should act as a single, multifaceted document for managing every aspect of disaster preparedness in your business.

A typical business continuity plan will usually require the following sections:

Contact details: specifically for those who developed the plan, as well as any key recovery personnel
Plan objectives: describes the overall aim of the plan and what it will try to accomplish
Risk assessment: this involves conducting a thorough assessment of disaster scenarios, their likelihood, and their impact
Impact analysis: an outline of how each possible disaster scenario could impact your business (i.e., costs of repair, disruption to services, etc.)
Prevention: steps and systems for helping prevent each of the disasters listed, such as implementing anti malware to prevent cyberattacks
Response: this section should detail how the business will respond to each disaster to minimize the impact
Areas for improvement: any weaknesses identified during the creation of the plan, as well as recommended solutions
Contingencies: a list of secondary backup assets, such as a backup office location to be used in the event of a disaster
Communication: protocols for maintaining communication with recovery personnel, such as a text alert system

Choosing the right disaster recovery and business continuity software

Devising a disaster recovery and business continuity plan is a time-consuming, complicated, and ongoing process. For MSPs, creating these types of plans is even more of a challenge, as they typically manage the recovery and continuity strategy for multiple customers. To do this effectively, it’s crucial that MSPs have access to reliable software so they can manage their approach to business continuity and disaster recovery in a cost-efficient and streamlined way.

SolarWinds^® N-central^® helps MSPs tackle disaster recovery and business continuity with an all-in-one solution. N-central is a powerful option because it provides a scalable solution to disaster recovery and business continuity planning—alongside a whole slew of other critical MSP capabilities. N-central includes the capabilities necessary for MSPs to effectively manage complex networks with maximum precision—all from one powerful dashboard.

This remote monitoring and management tool offers a range of backup management features to support effective disaster recovery and business continuity. This includes cloud and on-premises backup, bare metal recovery, virtual machine support, private keys, data archiving, and more. By having such features alongside patch management, network topology mapping, remote monitoring, and more, MSPs gain access to a single dashboard that allows them to offer more streamlined customer services. To learn more, a 30-day free trial of N-central is available.