In Stephen Robert Morse’s “How to Protect Your Business Income in 5 Steps,” he mentions that an estimated 25 percent of businesses don’t reopen following a major disaster.

“The first step to protect your business income from unexpected threats is to consider where potential threats may arise,” he writes via SmallBiz Ahead. “Natural disasters, power failures, theft and vandalism are possibilities. Lawsuits and data breaches also pose a significant threat to businesses today.”

He couldn’t be more right. Business risks seem to be growing at an exponential rate, to the point that it’s more realistic to prepare for disaster on a daily basis than to assume that you’re safe. This is exactly why your business needs a way to recover from disaster as well as to make sure that business as normal continues.

Enter disaster recovery (DR) and business continuity (BC) plans. The two terms are often used interchangeably, even though they’re technically not the same thing. So what’s the difference between DR and BC?

Disaster Recovery vs. Business Continuity

Jarrett Potts, writing for DataCenter Knowledge, puts it clearly and concisely: “Disaster recovery is a subset, a small part of overall business continuity.”

A little more detailed is this description from Howard M. Cohen, writing for Dell’s blog:

Disaster recovery (DR) refers to having the ability to restore the data and applications that run your business should your data center, servers, or other infrastructure get damaged or destroyed. One important DR consideration is how quickly data and applications can be recovered and restored. Business continuity (BC) planning refers to a strategy that lets a business operate with minimal or no downtime or service outage.

So, while DR is essentially one part of BC, the scope of the two is really the key difference. Data and IT-related matters, and the process of getting them back up and running after disaster, is what DR entails, while BC is centered more around getting and keeping everything else up and running during disaster.

Considerations When Developing a BCP and DRP

Clearly, every business worth its salt needs both a business continuity plan as well as a disaster recovery plan. So what should every business consider when developing their BCP and DRP? Ontrack recommends these six tips:

  1. Prepare for every hazard. This includes usual reasons for data loss, like hardware failure, human failure, smoke, fire and water damage, as well as not so common incidents such as data loss due to hackers and criminals.
  2. Involve a team. The more people involved in creating these plans, the higher the risk is for error, so make sure everybody is paying attention.
  3. Begin with risk assessments. This will tell you where each one of your weak points is at, and defines what can actually cause failure.
  4. Frequent and recurring tests are necessary. Tests are necessary to make sure BC and DR plans work correctly when needed. Testing might cost a little extra, but at least it doesn’t cost as much as total business failure.
  5. Frequent updates are necessary as well. This includes the soft- and hardware in your company as well as your BC and DR plans. Since technologies changes so often, it is wise to divide the plan into individual steps for a better overview.
  6. Don’t overcomplicate things. Sometimes a simple 2-10 page-long document with the needed information is enough to cover all of the necessary steps. Of course, this depends on the structure of the company and how complicated its rules and regulations are. If your document is substantial, it’s advisable to create a separate, smaller version of the plans as well.

As step four mentions, frequent and recurring tests are necessary. Unfortunately, this isn’t always the norm among companies nowadays. According to Record Nations, less than 20 percent of companies regularly test and keep their plans current.

How Often Should You Test Your BCP and DRP?

This is a question that is asked often, and unfortunately, there is no real industry standard for testing frequency. Once a year is absolutely the bare minimum, and as a general rule, it’s important to test your entire BCP more often because of its complexity.

Whether you’re testing your DR and BC plans once a month or once a week depends entirely on your individual business needs and risks. You’ll probably be able to ascertain how regularly you’ll need to test your plans once you’ve done an official risk assessment.

Pay attention to your business needs and always keep a finger on your business’s pulse. You don’t want to regret not having a recovery plan, because the alternative can mean total business failure.