Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

Difference between BCP and DR

The definition of BCP and DR have been changing over a period of time. This is what I think is the difference between BCP and DR. What do the others in this group think?

https://practicalinfosec.wordpress.com/2012/10/08/difference-between-dr-and-bcp-and-other-stories/

"Business Continuity Planning (BCP) and Disaster Recovery (DR) are used together so often that people often begin to forget that there is a difference between the two. The idea of this post is to try to define these terms from a practical point of view. As I like to mention in all my posts, this blog is about practical information security…

In day to day lingo, BCP refers to plans about how a business should plan for continuing in case of a disaster. DR refers to how the IT (information technology) should recover in case of a disaster. It may sound a bit weird, but after the first 500 times, you sort of start getting used to it and start preaching it as well. I think these definitions must have started off as a practical joke played by mischievous IT staff on their organization, or maybe it was some consultant trying to wiggle out of a situation where he forgot to make a BCP for IT.

“Oh, I have given you a BCP. For IT, what you really need is a DR. Should I send you a bill for that as well?”

The definitions are so ingrained in daily (consultant) life that we now refer to DR as IT-DR. You will hear wise sounding words like, “We have a DR in place, but not a BCP” If you want to stick to pop culture, you can stop reading now. You know all that you need to know about the difference between DR and BCP. If you are interested in analyzing the words further, read on.

If you think practically, a BCP is a plan that allows a business to plan in advance what it needs to do to ensure that its key products and services continue to be delivered (technicality: at a predefined level) in case of a disaster, while a DR allows a business to plan what needs to be done immediately after a disaster to recover from the event. So, a BCP tells your business the steps to be taken to continue its key product and services, while a DR tells your business the steps to be taken to recover post an incident.

Your impact analysis, your business continuity strategy and business continuity plans are a part of BCP. Your incident response, emergency response, damage assessment, evacuation plans, etc. are all a part of DR. It makes sense to divide your planning into two parts

  1. Planning to continue your business operations and
  2. Planning to recover from disaster situations

If you use these definitions of BCP and DR, you would probably end up having a practical and effective BCMS for your organisation.

As usual, the story is never simple.

Let us assume a practical scenario in an organization, where the IT team is the one that is really worried about data backup and recovery. No one else gives two hoots. Roughly translated, it means the others will run to IT in case of disaster and say: “What do you mean you cannot recover it. I assumed it was being backed up.”

So, the IT team takes it upon itself to build a business continuity plan. The problem, however, is that they will receive no data from business about esoteric terms like ‘criticality of activities supporting key products and services’. They have to do the next best thing. Ask the business “What will happen if this application crashes and is not recoverable?” This becomes the applications RTO. They ask “What will happen if we lose data for 1 min, 1 hour, 1 day, 1 week, 1 year, etc. progressively (until they see the business users pupils dilate). This becomes their RPO. Armed with this data they create a plan to recover these key applications and services (provided and supported by IT) within the RTO and RPO. Calling this a business continuity plan is not the right thing to do, hence the IT calls it a DR plan. It is then free to make statements like “We have a DR, but not a BCP” to the half-read consultant and get away by showing this document as a BCP to the untrained auditor (believe me there are plenty of those around). The auditor sees some calculation of RTO and RPO and accepts the plan as a BCP, thus obfuscating the definitions further.

Practical advice: Plan in two parts as above. A plan to continue business processes (Including support processes like IT) and a plan to respond to and recover from incidents (Emergency Management) and you should be good. If you are in IT and the business is not responding for a BCMS, use the tactic shown above to have a minimalist practical plan."

You must sign in to rate content.
(10 ratings)

Comments

RE: Difference between BCP and DR

Can we have the text of your post on this page itself ? else If I have to comment on the topic I need to visit the blog and post the comments there. Further if any other reader posts comments those would not be visible unless I visit the blog.
Gopalakrishnan at 10/14/2012 7:08:49 AM Quote
You must sign in to rate content.
(2 ratings)

RE: Difference between BCP and DR

Hi Gopalakrishnan, good point. I have put the contents here for everyone's convenience. Please bear with the long ramblings... :)
Chaitanya Kunthe at 10/15/2012 12:58:19 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

just an idea: may be BCP and DRP are the same thing, but on different maturity levels.
can a cunning IT manager say for his DRP that it is BCP but mature enough to meet his needs?
Petru at 10/23/2012 2:06:57 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

  • Hi, Disaster Recovery need not necessarily be "how IT should recovers in case of disaster, as you have mentioned. In my view, it refers to other support processes which need to recover from a disaster. So, as I understand the terms, BCP and DR, while the former is strategic, the latter is tactical (response to a disaster)
Sharath at 1/31/2013 12:26:06 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

Hi Friends, To put it in plain and simple meanings; BCP - is the holistic process of having a business continuity in place right from the policy, steering committee roles & responsibilities, BIA, Risk Assessments, Incident Management, Crisis Management, & Preventive Corrective actions, etc. When all the above are governed, this can also be called as BCM. Whereas DR - is the practical process or steps to recover from a disaster once the Crisis Management declares a disaster (usually referred to IT). Please note DR is a subset of BCP/BCM. BRP - Business Recovery Plan contains the practical process or steps for the business/ops team to recover their critical activities from a disaster once the Crisis Management declares a disaster (usually referred to the business operations teams). Please note BRP is also a subset of BCP/BCM. The confusions usually come around the the various terminologies used in the forums, and varieties of processes implemented in different organizations. End of day, the basics and the objective are the same. Hope I have been able to add clarity on this subject. Regards, Hemanth
Hemanth K Raju at 2/1/2013 5:02:24 AM Quote
You must sign in to rate content.
(5 ratings)

RE: Difference between BCP and DR

What actual I do understand is the DR is just one of the component in BCP, this a major difference between them

raslunya at 10/15/2014 12:42:22 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

This comment has been deleted by the administrator
chikt at 10/15/2014 12:45:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

As per my understanding, BCP is the plan and DR is the exercise!!

On Wed, Oct 15, 2014 at 11:13 PM, <
business-c
Manickam at 10/15/2014 12:52:25 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

No. A disaster is a subjective thing. A business continuity plan should
have provision for losses like facilities and infrastructure and these may
be classified as a disaster and they may involve moving somewhere else.
Unfortunately there is this idea that DR is IT specific and involves a site
move but this is erroneous.

On Wed, Oct 15, 2014 at 7:53 PM, <
business-c
Stuart165 at 10/15/2014 12:59:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

BCP refers to the businesses ability to continue its fundamental functions in the event something deters their workforce from performing in the regularly prescribed fashion. This can be anything from not being able to get into their regular office space, not being able to get access to their regular PCs or laptops, or if there is a pandemic situation where your workforce is greatly reduced. The BCP plans for how a business would address these situations around workflow, but it does not necessarily mean their systems are down or unreachable.
DR would be more for the planning for how to address the situations where accesses to crucial systems are unavailable. When systems are down and how to restore those systems.

Thank you,
Joseph Schlientz
ITIL V3, Six Sigma CSSGB
Technology Service Manager - Infrastructure
CoSD County Technology Office
Desk 619-531-4812
Cell 858-775-9612

Joseph607 at 10/15/2014 1:03:32 PM Quote
You must sign in to rate content.
(2 ratings)

RE: Difference between BCP and DR

Disaster recovery is plan, procedures, processes and activities to recover
operations of technical systems after disaster (natural, human induced,
whatever) happens. Disaster recovery is planned and performed by technical
staff according to findings made during BCP process - business needs
dictate recovery schedule, timings and processes. BCP is comprehensive
process of doing BIA (Business Impact Analysis), RA (Risk Assesment) and
BCP is touching complete organization.

On Wed, Oct 15, 2014 at 7:53 PM, <
business-c
Predrag767 at 10/15/2014 1:05:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Very interesting discussion and I have learnt something. We all agree that BCP and DR is all about managing the business in a crisis situations and to minimise disruption to services, ie, minimising risk. BCP and DR is all about planning, developing processes and procedures to manage a crisis situation and enable the business to carry on with its services. 
The crisis situation can be a typical one or specific to the business. In a crisis situation business may or may not be dependent on IT. My take on IT BCP and DR is that depending on the crisis situation IT will invoke an IT BCP or DR or a break fix. Scenario building and risk assessment, ie, likelihood, consequence and impact, will help to deal with known crisis, however "Black Swan" event will continue to challenge our preparation for minimising disruption to business. 
Asaf782 at 10/16/2014 4:36:51 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

This comment has been deleted by the administrator
Hannah656 at 10/16/2014 4:40:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

The so-called Black Swan is a myth in my view. These events may in
themselves be rare but from a planning point of view the BUSINESS impact is
no different from other events. You should already have a plan for no IT or
no buildings whether it is caused by a plaque of locusts or an earthquake.
The impact on business is identical. The impact on emergency services is
different but this is not a BC planners problem

On Thu, Oct 16, 2014 at 11:39 PM, <
business-c
Stuart165 at 10/17/2014 1:48:18 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Hi Chaitanya, "Planning to continue your business operations and Planning to recover from disaster situations" can be a good yardstick for understanding BCP and DR keeping in perspective that many of the business processes are automated and finally if you say business continuity, it sounds like IT continuity. Essentially DR is a subset of BCP because even when you plan to continue your business operations, you have to keep in mind that in parallel recovery operations would kick-in in case of disaster scenario. Remember even after the DR activities are successfully completed, business would still require some more time to finally stabilize and resume to the state before the disruption. Usually these post DR operations are carried by business users and departments and not by IT. These activities after DR completion are not recognized very often and so it sometimes seems DR and BCP are same!!!! regards, Sanjiv
SKA at 10/19/2014 8:54:59 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

This comment has been deleted by the administrator
jnatt at 10/19/2014 8:59:18 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Great discussion on this topic, with many good points made. A quick summarization point in that the business process owners need to buy in with BCP and DR. If IT leads the discussion and the business process owners don't buy in or take it seriously, then it will be a waste of time and money for all involved.
SArndt at 10/24/2014 11:24:15 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

To make it clear, in my organisation we have a Business Continuity Plan (BCP) & a separate IT Disaster Recovery Plan (IT DRP). The BCP sets out what is a crisis, roles & responsibilities & responses. However for IT Response, it makes reference to the IT DRP.
KenChinSG at 10/27/2014 4:46:51 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Community Solutions Email TemplateWhile at the Department of Justice (DOJ) there had Business Impact Analysis (BIA) and a Contingency Plans for each system (per FISMA and NIST guidance), a Continuity of Operations Plan (COOP) for management, and Disaster Recovery Plan (DRP) for recovery at the alternate/backup processing site (i.e., Data Center). There was also a Devolution Plan for management so they could work at emergency (some times multiple) facilities. By the way, some people lump the Incident Response Plan (IRP) into a Continuity Plan, but I disagree because the IRP is for immediate computer and/or network emergency response. The Business Continuity Plan (BCP) is a commercial term oriented towards businesses. From what I have seen, the BCP is used primarily by large organizations because they need to stay in business. The BCP should contain instructions for everyone in the organizaiton. The DRP is intended for moving and assuming operations atthe alternate site, and it possibly contains instructions for resumption of normal operations at the original or new site. The DRP is intended for IT personnel.

Larry G. Wlosinski, CDP, CISSP, CISM, CAP, CRISC, CISA, ITIL v3, CBCP
----- Original Message -----
From: business-continuity-disaster-recovery-planning@isaca-discussions.org
To: wlosinskilarry@msn.com
Sent: Monday, October 27, 2014 5:49 PM
Subject: [KenChinSG - msg177msg] RE: Difference between BCP and DR {#06BCC}



[KenChinSG - msg177msg] RE: Difference between BCP and DR
Reply to this email to post directly to this discussion.

To protect your privacy please remove your signature and any automatically added content from your reply. Learn More

Submitted by KenChinSG

To make it clear, in my organisation we have a Business Continuity Plan (BCP) & a separate IT Disaster Recovery Plan (IT DRP). The BCP sets out what is a crisis, roles & responsibilities & responses. However for IT Response, it makes reference to the IT DRP.

------------------------------------------------------------------

View Discussion / Unsubscribe from this list / My Mailing Lists


Message Tracking ID:177;ID:177;



ISACA
http://www.isaca.org

Larry Wlosinski at 10/27/2014 5:08:17 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

BCP may contain instructions for everyone in the organisation if it is in context of the continuity plan in general including IT. But when we talk of IT BCP, it does not necessarily include everyone as there may be certain processes which may be restricted to the specific set of personnel engaged. For example, continuity of the payment process, continuity of grievance redressa process in the enterprise systems etc.. 
DR cannot simply be restricted merely for IT. It may so happen that one may plan specific IT DRP, but DR may be planned in general for the organisation for non IT specific as well. 
Praveen Kumar at 11/20/2014 4:42:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

On Thu, Nov 20, 2014 at 4:14 PM, <
business-c
JaliyaG at 11/20/2014 4:55:16 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

On Thu, Nov 20, 2014 at 4:27 PM, <
business-c
JaliyaG at 11/20/2014 6:49:17 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

I am minced for words here but in my opinion the difference is maintaining a Recovery site which in essence is an establishment of a BCP or DR plan. There is very little to distinguish between the two as both set out to minimize risk and keep the entity functional and competitive in the event of natural or man-made calamities. The BCP primarily institutes policies and procedures necessary to shift operations to the Recovery site and continue with minimal disruption to the key business processes and objectives. This is why geographical proximities are strategic to any BCP. It is also critical to not that designing a BCP depends on the nature and scope of operations of an entity and may vary significantly
John229 at 11/20/2014 10:17:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

I like the discussion. BCP is about what we do in case of unfavourable business situations, be it a disaster or not. The causes for unfavourable situations may be a disaster or something less dramatic. Let us say, the business is so much depended on the finance function. And, for simplicity, let us say the finance function consists of three employees. There is a possibility that these three employees may not be available for various reasons. Let us say, one is on leave and the two got sick. I would not call that a disaster to the business and I would not expect this to be covered by the DR plan. But i would expect it to be covered by the BCP. Suffice to say, BCP should ideally cover all the issues pertaining to the continuation of the business, including a case of a disaster, while DR is strictly referring to a case of a disaster. What constitute as disaster is of course something else.
Petrus Kafidi at 11/24/2014 7:38:20 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Joe at 11/24/2014 7:41:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Wayne992 at 11/24/2014 7:41:23 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
jnatt at 11/24/2014 7:41:24 AM Quote
You must sign in to rate content.
(Unrated)

Difference between BCP and DR

Petrus's example is simple and good. In my view, - BCPs need to be pan-enterprise in nature and attempt to answer the questions around "how to continue business in the event something negative should happen?" BCPs are strategic and forward thinking. - DRPs are built around acceptable responses to events that disrupt businesses. They are "post-facto" in nature. To quote an example: Event: Fire in the Building. Consequences are: records destruction, people trapped in office, area cordoned off and access is cut off, etc. This event will have two approaches. "What if this happens?" and "It has happened, now what?" BCP deals with the first question. It could include policies that cover activities such as: for people not in office, direct them to work from home, direct to another office, display signs in the office to let customers and public know about alternate branches / locations, overlap of duties to accommodate leaves of employees, listing of key functions that must remain active to support business (e.g., Invoice & Billing, client facing business floors such as flight ticket counters, banking halls, call centers, etc., and their associated technology applications & infrastructure). DR deals with the second question. It could include actions like: Are there people with burns and injuries? do we have emergency hospital numbers and have the numbers been called? how long will the emergency teams take, to reach the site? is the evacuation plan ready and being executed? is the computer equipment safe? how long do key vendor partners (e.g., Network providers) take to switch over data to another server in another location? What is the process to reconstruct lost records? Is the time taken to restore normalcy (RTO) and the extent of data recovery (RPO) acceptable? In both the cases, it would be prudent for the management to conduct drills / simulations at some acceptable times (say once in 1 or 2 years) to gauge the effectiveness of their plans. Hope readers find this useful. Regards. Narasimham.
NARASIMHAM NVL at 11/26/2014 11:06:04 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
chikt at 11/26/2014 11:09:21 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
jnatt at 11/26/2014 11:09:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Bhaskaran401 at 11/26/2014 11:09:23 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Interesting discussion indeed!  I'm just quoting the NIST Special Publication 800-34 Rev. 1:

Business Continuity Plan (BCP) - The BCP focuses on sustaining an organization’s mission/business processes during and after a disruption. An example of a mission/business process may be an organization’s payroll process or customer service process. A BCP may be written for mission/business processes within a single business unit or may address the entire organization’s processes. The BCP may also be scoped to address only the functions deemed to be priorities. 

Disaster Recovery Plan (DRP) - The DRP applies to major, usually physical disruptions to service that deny access to the primary facility infrastructure for an extended period. A DRP is an information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency. The DRP may be supported by multiple information system contingency plans to address recovery of impacted individual systems once the alternate facility has been established. A DRP may support a BCP or COOP plan by recovering supporting systems for mission/business processes or mission essential functions at an alternate location. The DRP only addresses information system disruptions that require relocation.
Inam at 12/16/2014 1:42:25 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Ursula860 at 1/23/2015 11:38:16 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
JRLiving at 1/23/2015 11:41:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Hannah656 at 1/23/2015 11:49:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Unfortunately, people do not understand that IT infrastructure running does not equal critical applications running.  BCP is essential to making sure we can do business as usual!!. 
OW at 2/9/2015 4:05:21 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Joe at 2/9/2015 4:08:46 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Cecilia947 at 2/9/2015 4:10:46 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Fiona477 at 2/9/2015 4:10:47 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

The key here is on the words:
DR, Disaster Recovery is more focus on how to prevent and restore it from a disaster full stop.
BCP, Business Continuity Plan has a wider scope and is about ensuring we can continue business if a majors risk, disaster or incident occurs. How to operate during the recovery phase and then how to get back to normal operation. This include it dr, business operation, crisis management.

Hth,

Lamine

-----Message d'origine-----
De : business-continuity-disaster-recovery-planning@isaca-discussions.org
Envoyé : 09/02/2015 23:09
À : alamine78@yahoo.com
Objet : [Octavius - msg258msg] RE: Difference between BCP and DR {#7D868}






[Octavius - msg258msg] RE: Difference between BCP and DR





h1, h2, h3, h4, h5, h6 { font-weight: normal; margin: 0; } h1 { font-size: 1.8em; } h2 { font-size: 1.6em; } h3 { font-size: 1.3em; } h4, h5 h6 { font-size: 1.1em; font-weight: bold; } a { color: #0000cc; } hr { height: 2px; border-style: none; background: #ddd; color: #ddd; margin: 1em 0; } div.message hr { margin: 5px 0; color: #000; background: #000;} div.footerLinks a { color: #0000cc; } .discQuote{ font-size:10px; font-style:italic; padding: 15px; border-style:dotted; border-width:1px; background-color:#e6e6e6; margin:10px; }




Reply to this email to post directly to this discussion.





To protect your privacy please remove your signature and any automatically added content from your reply. Learn More






Submitted by Octavius


Unfortunately, people do not understand that IT infrastructure running does not equal critical applications running. BCP is essential to making sure we can do business as usual!!.






View Discussion / Unsubscribe from this list / My Mailing Lists




Message Tracking ID:258;ID:258;







ISACA

http://www.isaca.org



Lamine134 at 2/10/2015 1:10:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
jnatt at 2/10/2015 1:15:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

I would also argue that while an organization's BCP should include significant events, it should also include minor things as well. The focus is indeed a wider scope, as Lamine suggests, but should focus on continuity of all aspects of operations, not simply items of large risk.
cdamico04 at 2/10/2015 6:00:14 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

I would also argue that while an organization's BCP should include significant events, it should also include minor things as well. The focus is indeed a wider scope, as Lamine suggests, but should focus on continuity of all aspects of operations, not simply items of large risk.
cdamico04 at 2/10/2015 6:00:14 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
jnatt at 2/10/2015 1:15:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

The key here is on the words:
DR, Disaster Recovery is more focus on how to prevent and restore it from a disaster full stop.
BCP, Business Continuity Plan has a wider scope and is about ensuring we can continue business if a majors risk, disaster or incident occurs. How to operate during the recovery phase and then how to get back to normal operation. This include it dr, business operation, crisis management.

Hth,

Lamine

-----Message d'origine-----
De : business-continuity-disaster-recovery-planning@isaca-discussions.org
Envoyé : 09/02/2015 23:09
À : alamine78@yahoo.com
Objet : [Octavius - msg258msg] RE: Difference between BCP and DR {#7D868}






[Octavius - msg258msg] RE: Difference between BCP and DR





h1, h2, h3, h4, h5, h6 { font-weight: normal; margin: 0; } h1 { font-size: 1.8em; } h2 { font-size: 1.6em; } h3 { font-size: 1.3em; } h4, h5 h6 { font-size: 1.1em; font-weight: bold; } a { color: #0000cc; } hr { height: 2px; border-style: none; background: #ddd; color: #ddd; margin: 1em 0; } div.message hr { margin: 5px 0; color: #000; background: #000;} div.footerLinks a { color: #0000cc; } .discQuote{ font-size:10px; font-style:italic; padding: 15px; border-style:dotted; border-width:1px; background-color:#e6e6e6; margin:10px; }




Reply to this email to post directly to this discussion.





To protect your privacy please remove your signature and any automatically added content from your reply. Learn More






Submitted by Octavius


Unfortunately, people do not understand that IT infrastructure running does not equal critical applications running. BCP is essential to making sure we can do business as usual!!.






View Discussion / Unsubscribe from this list / My Mailing Lists




Message Tracking ID:258;ID:258;







ISACA

http://www.isaca.org



Lamine134 at 2/10/2015 1:10:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Fiona477 at 2/9/2015 4:10:47 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Cecilia947 at 2/9/2015 4:10:46 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Joe at 2/9/2015 4:08:46 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Unfortunately, people do not understand that IT infrastructure running does not equal critical applications running.  BCP is essential to making sure we can do business as usual!!. 
OW at 2/9/2015 4:05:21 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Hannah656 at 1/23/2015 11:49:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
JRLiving at 1/23/2015 11:41:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Ursula860 at 1/23/2015 11:38:16 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Interesting discussion indeed!  I'm just quoting the NIST Special Publication 800-34 Rev. 1:

Business Continuity Plan (BCP) - The BCP focuses on sustaining an organization’s mission/business processes during and after a disruption. An example of a mission/business process may be an organization’s payroll process or customer service process. A BCP may be written for mission/business processes within a single business unit or may address the entire organization’s processes. The BCP may also be scoped to address only the functions deemed to be priorities. 

Disaster Recovery Plan (DRP) - The DRP applies to major, usually physical disruptions to service that deny access to the primary facility infrastructure for an extended period. A DRP is an information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency. The DRP may be supported by multiple information system contingency plans to address recovery of impacted individual systems once the alternate facility has been established. A DRP may support a BCP or COOP plan by recovering supporting systems for mission/business processes or mission essential functions at an alternate location. The DRP only addresses information system disruptions that require relocation.
Inam at 12/16/2014 1:42:25 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Bhaskaran401 at 11/26/2014 11:09:23 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
jnatt at 11/26/2014 11:09:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
chikt at 11/26/2014 11:09:21 AM Quote
You must sign in to rate content.
(Unrated)

Difference between BCP and DR

Petrus's example is simple and good. In my view, - BCPs need to be pan-enterprise in nature and attempt to answer the questions around "how to continue business in the event something negative should happen?" BCPs are strategic and forward thinking. - DRPs are built around acceptable responses to events that disrupt businesses. They are "post-facto" in nature. To quote an example: Event: Fire in the Building. Consequences are: records destruction, people trapped in office, area cordoned off and access is cut off, etc. This event will have two approaches. "What if this happens?" and "It has happened, now what?" BCP deals with the first question. It could include policies that cover activities such as: for people not in office, direct them to work from home, direct to another office, display signs in the office to let customers and public know about alternate branches / locations, overlap of duties to accommodate leaves of employees, listing of key functions that must remain active to support business (e.g., Invoice & Billing, client facing business floors such as flight ticket counters, banking halls, call centers, etc., and their associated technology applications & infrastructure). DR deals with the second question. It could include actions like: Are there people with burns and injuries? do we have emergency hospital numbers and have the numbers been called? how long will the emergency teams take, to reach the site? is the evacuation plan ready and being executed? is the computer equipment safe? how long do key vendor partners (e.g., Network providers) take to switch over data to another server in another location? What is the process to reconstruct lost records? Is the time taken to restore normalcy (RTO) and the extent of data recovery (RPO) acceptable? In both the cases, it would be prudent for the management to conduct drills / simulations at some acceptable times (say once in 1 or 2 years) to gauge the effectiveness of their plans. Hope readers find this useful. Regards. Narasimham.
NARASIMHAM NVL at 11/26/2014 11:06:04 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
jnatt at 11/24/2014 7:41:24 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Wayne992 at 11/24/2014 7:41:23 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Joe at 11/24/2014 7:41:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

I like the discussion. BCP is about what we do in case of unfavourable business situations, be it a disaster or not. The causes for unfavourable situations may be a disaster or something less dramatic. Let us say, the business is so much depended on the finance function. And, for simplicity, let us say the finance function consists of three employees. There is a possibility that these three employees may not be available for various reasons. Let us say, one is on leave and the two got sick. I would not call that a disaster to the business and I would not expect this to be covered by the DR plan. But i would expect it to be covered by the BCP. Suffice to say, BCP should ideally cover all the issues pertaining to the continuation of the business, including a case of a disaster, while DR is strictly referring to a case of a disaster. What constitute as disaster is of course something else.
Petrus Kafidi at 11/24/2014 7:38:20 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

I am minced for words here but in my opinion the difference is maintaining a Recovery site which in essence is an establishment of a BCP or DR plan. There is very little to distinguish between the two as both set out to minimize risk and keep the entity functional and competitive in the event of natural or man-made calamities. The BCP primarily institutes policies and procedures necessary to shift operations to the Recovery site and continue with minimal disruption to the key business processes and objectives. This is why geographical proximities are strategic to any BCP. It is also critical to not that designing a BCP depends on the nature and scope of operations of an entity and may vary significantly
John229 at 11/20/2014 10:17:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

On Thu, Nov 20, 2014 at 4:27 PM, <
business-c
JaliyaG at 11/20/2014 6:49:17 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

On Thu, Nov 20, 2014 at 4:14 PM, <
business-c
JaliyaG at 11/20/2014 4:55:16 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

BCP may contain instructions for everyone in the organisation if it is in context of the continuity plan in general including IT. But when we talk of IT BCP, it does not necessarily include everyone as there may be certain processes which may be restricted to the specific set of personnel engaged. For example, continuity of the payment process, continuity of grievance redressa process in the enterprise systems etc.. 
DR cannot simply be restricted merely for IT. It may so happen that one may plan specific IT DRP, but DR may be planned in general for the organisation for non IT specific as well. 
Praveen Kumar at 11/20/2014 4:42:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Community Solutions Email TemplateWhile at the Department of Justice (DOJ) there had Business Impact Analysis (BIA) and a Contingency Plans for each system (per FISMA and NIST guidance), a Continuity of Operations Plan (COOP) for management, and Disaster Recovery Plan (DRP) for recovery at the alternate/backup processing site (i.e., Data Center). There was also a Devolution Plan for management so they could work at emergency (some times multiple) facilities. By the way, some people lump the Incident Response Plan (IRP) into a Continuity Plan, but I disagree because the IRP is for immediate computer and/or network emergency response. The Business Continuity Plan (BCP) is a commercial term oriented towards businesses. From what I have seen, the BCP is used primarily by large organizations because they need to stay in business. The BCP should contain instructions for everyone in the organizaiton. The DRP is intended for moving and assuming operations atthe alternate site, and it possibly contains instructions for resumption of normal operations at the original or new site. The DRP is intended for IT personnel.

Larry G. Wlosinski, CDP, CISSP, CISM, CAP, CRISC, CISA, ITIL v3, CBCP
----- Original Message -----
From: business-continuity-disaster-recovery-planning@isaca-discussions.org
To: wlosinskilarry@msn.com
Sent: Monday, October 27, 2014 5:49 PM
Subject: [KenChinSG - msg177msg] RE: Difference between BCP and DR {#06BCC}



[KenChinSG - msg177msg] RE: Difference between BCP and DR
Reply to this email to post directly to this discussion.

To protect your privacy please remove your signature and any automatically added content from your reply. Learn More

Submitted by KenChinSG

To make it clear, in my organisation we have a Business Continuity Plan (BCP) & a separate IT Disaster Recovery Plan (IT DRP). The BCP sets out what is a crisis, roles & responsibilities & responses. However for IT Response, it makes reference to the IT DRP.

------------------------------------------------------------------

View Discussion / Unsubscribe from this list / My Mailing Lists


Message Tracking ID:177;ID:177;



ISACA
http://www.isaca.org

Larry Wlosinski at 10/27/2014 5:08:17 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

To make it clear, in my organisation we have a Business Continuity Plan (BCP) & a separate IT Disaster Recovery Plan (IT DRP). The BCP sets out what is a crisis, roles & responsibilities & responses. However for IT Response, it makes reference to the IT DRP.
KenChinSG at 10/27/2014 4:46:51 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Great discussion on this topic, with many good points made. A quick summarization point in that the business process owners need to buy in with BCP and DR. If IT leads the discussion and the business process owners don't buy in or take it seriously, then it will be a waste of time and money for all involved.
SArndt at 10/24/2014 11:24:15 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

This comment has been deleted by the administrator
jnatt at 10/19/2014 8:59:18 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Hi Chaitanya, "Planning to continue your business operations and Planning to recover from disaster situations" can be a good yardstick for understanding BCP and DR keeping in perspective that many of the business processes are automated and finally if you say business continuity, it sounds like IT continuity. Essentially DR is a subset of BCP because even when you plan to continue your business operations, you have to keep in mind that in parallel recovery operations would kick-in in case of disaster scenario. Remember even after the DR activities are successfully completed, business would still require some more time to finally stabilize and resume to the state before the disruption. Usually these post DR operations are carried by business users and departments and not by IT. These activities after DR completion are not recognized very often and so it sometimes seems DR and BCP are same!!!! regards, Sanjiv
SKA at 10/19/2014 8:54:59 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

The so-called Black Swan is a myth in my view. These events may in
themselves be rare but from a planning point of view the BUSINESS impact is
no different from other events. You should already have a plan for no IT or
no buildings whether it is caused by a plaque of locusts or an earthquake.
The impact on business is identical. The impact on emergency services is
different but this is not a BC planners problem

On Thu, Oct 16, 2014 at 11:39 PM, <
business-c
Stuart165 at 10/17/2014 1:48:18 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

This comment has been deleted by the administrator
Hannah656 at 10/16/2014 4:40:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Very interesting discussion and I have learnt something. We all agree that BCP and DR is all about managing the business in a crisis situations and to minimise disruption to services, ie, minimising risk. BCP and DR is all about planning, developing processes and procedures to manage a crisis situation and enable the business to carry on with its services. 
The crisis situation can be a typical one or specific to the business. In a crisis situation business may or may not be dependent on IT. My take on IT BCP and DR is that depending on the crisis situation IT will invoke an IT BCP or DR or a break fix. Scenario building and risk assessment, ie, likelihood, consequence and impact, will help to deal with known crisis, however "Black Swan" event will continue to challenge our preparation for minimising disruption to business. 
Asaf782 at 10/16/2014 4:36:51 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Disaster recovery is plan, procedures, processes and activities to recover
operations of technical systems after disaster (natural, human induced,
whatever) happens. Disaster recovery is planned and performed by technical
staff according to findings made during BCP process - business needs
dictate recovery schedule, timings and processes. BCP is comprehensive
process of doing BIA (Business Impact Analysis), RA (Risk Assesment) and
BCP is touching complete organization.

On Wed, Oct 15, 2014 at 7:53 PM, <
business-c
Predrag767 at 10/15/2014 1:05:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

BCP refers to the businesses ability to continue its fundamental functions in the event something deters their workforce from performing in the regularly prescribed fashion. This can be anything from not being able to get into their regular office space, not being able to get access to their regular PCs or laptops, or if there is a pandemic situation where your workforce is greatly reduced. The BCP plans for how a business would address these situations around workflow, but it does not necessarily mean their systems are down or unreachable.
DR would be more for the planning for how to address the situations where accesses to crucial systems are unavailable. When systems are down and how to restore those systems.

Thank you,
Joseph Schlientz
ITIL V3, Six Sigma CSSGB
Technology Service Manager - Infrastructure
CoSD County Technology Office
Desk 619-531-4812
Cell 858-775-9612

Joseph607 at 10/15/2014 1:03:32 PM Quote
You must sign in to rate content.
(2 ratings)

RE: Difference between BCP and DR

No. A disaster is a subjective thing. A business continuity plan should
have provision for losses like facilities and infrastructure and these may
be classified as a disaster and they may involve moving somewhere else.
Unfortunately there is this idea that DR is IT specific and involves a site
move but this is erroneous.

On Wed, Oct 15, 2014 at 7:53 PM, <
business-c
Stuart165 at 10/15/2014 12:59:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

As per my understanding, BCP is the plan and DR is the exercise!!

On Wed, Oct 15, 2014 at 11:13 PM, <
business-c
Manickam at 10/15/2014 12:52:25 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

This comment has been deleted by the administrator
chikt at 10/15/2014 12:45:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

What actual I do understand is the DR is just one of the component in BCP, this a major difference between them

raslunya at 10/15/2014 12:42:22 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Hi Friends, To put it in plain and simple meanings; BCP - is the holistic process of having a business continuity in place right from the policy, steering committee roles & responsibilities, BIA, Risk Assessments, Incident Management, Crisis Management, & Preventive Corrective actions, etc. When all the above are governed, this can also be called as BCM. Whereas DR - is the practical process or steps to recover from a disaster once the Crisis Management declares a disaster (usually referred to IT). Please note DR is a subset of BCP/BCM. BRP - Business Recovery Plan contains the practical process or steps for the business/ops team to recover their critical activities from a disaster once the Crisis Management declares a disaster (usually referred to the business operations teams). Please note BRP is also a subset of BCP/BCM. The confusions usually come around the the various terminologies used in the forums, and varieties of processes implemented in different organizations. End of day, the basics and the objective are the same. Hope I have been able to add clarity on this subject. Regards, Hemanth
Hemanth K Raju at 2/1/2013 5:02:24 AM Quote
You must sign in to rate content.
(5 ratings)

RE: Difference between BCP and DR

  • Hi, Disaster Recovery need not necessarily be "how IT should recovers in case of disaster, as you have mentioned. In my view, it refers to other support processes which need to recover from a disaster. So, as I understand the terms, BCP and DR, while the former is strategic, the latter is tactical (response to a disaster)
Sharath at 1/31/2013 12:26:06 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

just an idea: may be BCP and DRP are the same thing, but on different maturity levels.
can a cunning IT manager say for his DRP that it is BCP but mature enough to meet his needs?
Petru at 10/23/2012 2:06:57 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

Hi Gopalakrishnan, good point. I have put the contents here for everyone's convenience. Please bear with the long ramblings... :)
Chaitanya Kunthe at 10/15/2012 12:58:19 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

Can we have the text of your post on this page itself ? else If I have to comment on the topic I need to visit the blog and post the comments there. Further if any other reader posts comments those would not be visible unless I visit the blog.
Gopalakrishnan at 10/14/2012 7:08:49 AM Quote
You must sign in to rate content.
(2 ratings)

RE: Difference between BCP and DR

Hi Friends, To put it in plain and simple meanings; BCP - is the holistic process of having a business continuity in place right from the policy, steering committee roles & responsibilities, BIA, Risk Assessments, Incident Management, Crisis Management, & Preventive Corrective actions, etc. When all the above are governed, this can also be called as BCM. Whereas DR - is the practical process or steps to recover from a disaster once the Crisis Management declares a disaster (usually referred to IT). Please note DR is a subset of BCP/BCM. BRP - Business Recovery Plan contains the practical process or steps for the business/ops team to recover their critical activities from a disaster once the Crisis Management declares a disaster (usually referred to the business operations teams). Please note BRP is also a subset of BCP/BCM. The confusions usually come around the the various terminologies used in the forums, and varieties of processes implemented in different organizations. End of day, the basics and the objective are the same. Hope I have been able to add clarity on this subject. Regards, Hemanth
Hemanth K Raju at 2/1/2013 5:02:24 AM Quote
You must sign in to rate content.
(5 ratings)

RE: Difference between BCP and DR

BCP refers to the businesses ability to continue its fundamental functions in the event something deters their workforce from performing in the regularly prescribed fashion. This can be anything from not being able to get into their regular office space, not being able to get access to their regular PCs or laptops, or if there is a pandemic situation where your workforce is greatly reduced. The BCP plans for how a business would address these situations around workflow, but it does not necessarily mean their systems are down or unreachable.
DR would be more for the planning for how to address the situations where accesses to crucial systems are unavailable. When systems are down and how to restore those systems.

Thank you,
Joseph Schlientz
ITIL V3, Six Sigma CSSGB
Technology Service Manager - Infrastructure
CoSD County Technology Office
Desk 619-531-4812
Cell 858-775-9612

Joseph607 at 10/15/2014 1:03:32 PM Quote
You must sign in to rate content.
(2 ratings)

RE: Difference between BCP and DR

Can we have the text of your post on this page itself ? else If I have to comment on the topic I need to visit the blog and post the comments there. Further if any other reader posts comments those would not be visible unless I visit the blog.
Gopalakrishnan at 10/14/2012 7:08:49 AM Quote
You must sign in to rate content.
(2 ratings)

RE: Difference between BCP and DR

Hi Chaitanya, "Planning to continue your business operations and Planning to recover from disaster situations" can be a good yardstick for understanding BCP and DR keeping in perspective that many of the business processes are automated and finally if you say business continuity, it sounds like IT continuity. Essentially DR is a subset of BCP because even when you plan to continue your business operations, you have to keep in mind that in parallel recovery operations would kick-in in case of disaster scenario. Remember even after the DR activities are successfully completed, business would still require some more time to finally stabilize and resume to the state before the disruption. Usually these post DR operations are carried by business users and departments and not by IT. These activities after DR completion are not recognized very often and so it sometimes seems DR and BCP are same!!!! regards, Sanjiv
SKA at 10/19/2014 8:54:59 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

Hi Gopalakrishnan, good point. I have put the contents here for everyone's convenience. Please bear with the long ramblings... :)
Chaitanya Kunthe at 10/15/2012 12:58:19 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

just an idea: may be BCP and DRP are the same thing, but on different maturity levels.
can a cunning IT manager say for his DRP that it is BCP but mature enough to meet his needs?
Petru at 10/23/2012 2:06:57 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

  • Hi, Disaster Recovery need not necessarily be "how IT should recovers in case of disaster, as you have mentioned. In my view, it refers to other support processes which need to recover from a disaster. So, as I understand the terms, BCP and DR, while the former is strategic, the latter is tactical (response to a disaster)
Sharath at 1/31/2013 12:26:06 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Difference between BCP and DR

What actual I do understand is the DR is just one of the component in BCP, this a major difference between them

raslunya at 10/15/2014 12:42:22 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

This comment has been deleted by the administrator
chikt at 10/15/2014 12:45:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

As per my understanding, BCP is the plan and DR is the exercise!!

On Wed, Oct 15, 2014 at 11:13 PM, <
business-c
Manickam at 10/15/2014 12:52:25 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

No. A disaster is a subjective thing. A business continuity plan should
have provision for losses like facilities and infrastructure and these may
be classified as a disaster and they may involve moving somewhere else.
Unfortunately there is this idea that DR is IT specific and involves a site
move but this is erroneous.

On Wed, Oct 15, 2014 at 7:53 PM, <
business-c
Stuart165 at 10/15/2014 12:59:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Disaster recovery is plan, procedures, processes and activities to recover
operations of technical systems after disaster (natural, human induced,
whatever) happens. Disaster recovery is planned and performed by technical
staff according to findings made during BCP process - business needs
dictate recovery schedule, timings and processes. BCP is comprehensive
process of doing BIA (Business Impact Analysis), RA (Risk Assesment) and
BCP is touching complete organization.

On Wed, Oct 15, 2014 at 7:53 PM, <
business-c
Predrag767 at 10/15/2014 1:05:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Very interesting discussion and I have learnt something. We all agree that BCP and DR is all about managing the business in a crisis situations and to minimise disruption to services, ie, minimising risk. BCP and DR is all about planning, developing processes and procedures to manage a crisis situation and enable the business to carry on with its services. 
The crisis situation can be a typical one or specific to the business. In a crisis situation business may or may not be dependent on IT. My take on IT BCP and DR is that depending on the crisis situation IT will invoke an IT BCP or DR or a break fix. Scenario building and risk assessment, ie, likelihood, consequence and impact, will help to deal with known crisis, however "Black Swan" event will continue to challenge our preparation for minimising disruption to business. 
Asaf782 at 10/16/2014 4:36:51 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

This comment has been deleted by the administrator
Hannah656 at 10/16/2014 4:40:26 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

The so-called Black Swan is a myth in my view. These events may in
themselves be rare but from a planning point of view the BUSINESS impact is
no different from other events. You should already have a plan for no IT or
no buildings whether it is caused by a plaque of locusts or an earthquake.
The impact on business is identical. The impact on emergency services is
different but this is not a BC planners problem

On Thu, Oct 16, 2014 at 11:39 PM, <
business-c
Stuart165 at 10/17/2014 1:48:18 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

This comment has been deleted by the administrator
jnatt at 10/19/2014 8:59:18 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Great discussion on this topic, with many good points made. A quick summarization point in that the business process owners need to buy in with BCP and DR. If IT leads the discussion and the business process owners don't buy in or take it seriously, then it will be a waste of time and money for all involved.
SArndt at 10/24/2014 11:24:15 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

To make it clear, in my organisation we have a Business Continuity Plan (BCP) & a separate IT Disaster Recovery Plan (IT DRP). The BCP sets out what is a crisis, roles & responsibilities & responses. However for IT Response, it makes reference to the IT DRP.
KenChinSG at 10/27/2014 4:46:51 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Community Solutions Email TemplateWhile at the Department of Justice (DOJ) there had Business Impact Analysis (BIA) and a Contingency Plans for each system (per FISMA and NIST guidance), a Continuity of Operations Plan (COOP) for management, and Disaster Recovery Plan (DRP) for recovery at the alternate/backup processing site (i.e., Data Center). There was also a Devolution Plan for management so they could work at emergency (some times multiple) facilities. By the way, some people lump the Incident Response Plan (IRP) into a Continuity Plan, but I disagree because the IRP is for immediate computer and/or network emergency response. The Business Continuity Plan (BCP) is a commercial term oriented towards businesses. From what I have seen, the BCP is used primarily by large organizations because they need to stay in business. The BCP should contain instructions for everyone in the organizaiton. The DRP is intended for moving and assuming operations atthe alternate site, and it possibly contains instructions for resumption of normal operations at the original or new site. The DRP is intended for IT personnel.

Larry G. Wlosinski, CDP, CISSP, CISM, CAP, CRISC, CISA, ITIL v3, CBCP
----- Original Message -----
From: business-continuity-disaster-recovery-planning@isaca-discussions.org
To: wlosinskilarry@msn.com
Sent: Monday, October 27, 2014 5:49 PM
Subject: [KenChinSG - msg177msg] RE: Difference between BCP and DR {#06BCC}



[KenChinSG - msg177msg] RE: Difference between BCP and DR
Reply to this email to post directly to this discussion.

To protect your privacy please remove your signature and any automatically added content from your reply. Learn More

Submitted by KenChinSG

To make it clear, in my organisation we have a Business Continuity Plan (BCP) & a separate IT Disaster Recovery Plan (IT DRP). The BCP sets out what is a crisis, roles & responsibilities & responses. However for IT Response, it makes reference to the IT DRP.

------------------------------------------------------------------

View Discussion / Unsubscribe from this list / My Mailing Lists


Message Tracking ID:177;ID:177;



ISACA
http://www.isaca.org

Larry Wlosinski at 10/27/2014 5:08:17 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

BCP may contain instructions for everyone in the organisation if it is in context of the continuity plan in general including IT. But when we talk of IT BCP, it does not necessarily include everyone as there may be certain processes which may be restricted to the specific set of personnel engaged. For example, continuity of the payment process, continuity of grievance redressa process in the enterprise systems etc.. 
DR cannot simply be restricted merely for IT. It may so happen that one may plan specific IT DRP, but DR may be planned in general for the organisation for non IT specific as well. 
Praveen Kumar at 11/20/2014 4:42:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

On Thu, Nov 20, 2014 at 4:14 PM, <
business-c
JaliyaG at 11/20/2014 4:55:16 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

On Thu, Nov 20, 2014 at 4:27 PM, <
business-c
JaliyaG at 11/20/2014 6:49:17 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

I am minced for words here but in my opinion the difference is maintaining a Recovery site which in essence is an establishment of a BCP or DR plan. There is very little to distinguish between the two as both set out to minimize risk and keep the entity functional and competitive in the event of natural or man-made calamities. The BCP primarily institutes policies and procedures necessary to shift operations to the Recovery site and continue with minimal disruption to the key business processes and objectives. This is why geographical proximities are strategic to any BCP. It is also critical to not that designing a BCP depends on the nature and scope of operations of an entity and may vary significantly
John229 at 11/20/2014 10:17:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

I like the discussion. BCP is about what we do in case of unfavourable business situations, be it a disaster or not. The causes for unfavourable situations may be a disaster or something less dramatic. Let us say, the business is so much depended on the finance function. And, for simplicity, let us say the finance function consists of three employees. There is a possibility that these three employees may not be available for various reasons. Let us say, one is on leave and the two got sick. I would not call that a disaster to the business and I would not expect this to be covered by the DR plan. But i would expect it to be covered by the BCP. Suffice to say, BCP should ideally cover all the issues pertaining to the continuation of the business, including a case of a disaster, while DR is strictly referring to a case of a disaster. What constitute as disaster is of course something else.
Petrus Kafidi at 11/24/2014 7:38:20 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Joe at 11/24/2014 7:41:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Wayne992 at 11/24/2014 7:41:23 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
jnatt at 11/24/2014 7:41:24 AM Quote
You must sign in to rate content.
(Unrated)

Difference between BCP and DR

Petrus's example is simple and good. In my view, - BCPs need to be pan-enterprise in nature and attempt to answer the questions around "how to continue business in the event something negative should happen?" BCPs are strategic and forward thinking. - DRPs are built around acceptable responses to events that disrupt businesses. They are "post-facto" in nature. To quote an example: Event: Fire in the Building. Consequences are: records destruction, people trapped in office, area cordoned off and access is cut off, etc. This event will have two approaches. "What if this happens?" and "It has happened, now what?" BCP deals with the first question. It could include policies that cover activities such as: for people not in office, direct them to work from home, direct to another office, display signs in the office to let customers and public know about alternate branches / locations, overlap of duties to accommodate leaves of employees, listing of key functions that must remain active to support business (e.g., Invoice & Billing, client facing business floors such as flight ticket counters, banking halls, call centers, etc., and their associated technology applications & infrastructure). DR deals with the second question. It could include actions like: Are there people with burns and injuries? do we have emergency hospital numbers and have the numbers been called? how long will the emergency teams take, to reach the site? is the evacuation plan ready and being executed? is the computer equipment safe? how long do key vendor partners (e.g., Network providers) take to switch over data to another server in another location? What is the process to reconstruct lost records? Is the time taken to restore normalcy (RTO) and the extent of data recovery (RPO) acceptable? In both the cases, it would be prudent for the management to conduct drills / simulations at some acceptable times (say once in 1 or 2 years) to gauge the effectiveness of their plans. Hope readers find this useful. Regards. Narasimham.
NARASIMHAM NVL at 11/26/2014 11:06:04 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
chikt at 11/26/2014 11:09:21 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
jnatt at 11/26/2014 11:09:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Bhaskaran401 at 11/26/2014 11:09:23 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Interesting discussion indeed!  I'm just quoting the NIST Special Publication 800-34 Rev. 1:

Business Continuity Plan (BCP) - The BCP focuses on sustaining an organization’s mission/business processes during and after a disruption. An example of a mission/business process may be an organization’s payroll process or customer service process. A BCP may be written for mission/business processes within a single business unit or may address the entire organization’s processes. The BCP may also be scoped to address only the functions deemed to be priorities. 

Disaster Recovery Plan (DRP) - The DRP applies to major, usually physical disruptions to service that deny access to the primary facility infrastructure for an extended period. A DRP is an information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency. The DRP may be supported by multiple information system contingency plans to address recovery of impacted individual systems once the alternate facility has been established. A DRP may support a BCP or COOP plan by recovering supporting systems for mission/business processes or mission essential functions at an alternate location. The DRP only addresses information system disruptions that require relocation.
Inam at 12/16/2014 1:42:25 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Ursula860 at 1/23/2015 11:38:16 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
JRLiving at 1/23/2015 11:41:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Hannah656 at 1/23/2015 11:49:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

Unfortunately, people do not understand that IT infrastructure running does not equal critical applications running.  BCP is essential to making sure we can do business as usual!!. 
OW at 2/9/2015 4:05:21 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Joe at 2/9/2015 4:08:46 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Cecilia947 at 2/9/2015 4:10:46 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
Fiona477 at 2/9/2015 4:10:47 PM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

The key here is on the words:
DR, Disaster Recovery is more focus on how to prevent and restore it from a disaster full stop.
BCP, Business Continuity Plan has a wider scope and is about ensuring we can continue business if a majors risk, disaster or incident occurs. How to operate during the recovery phase and then how to get back to normal operation. This include it dr, business operation, crisis management.

Hth,

Lamine

-----Message d'origine-----
De : business-continuity-disaster-recovery-planning@isaca-discussions.org
Envoyé : 09/02/2015 23:09
À : alamine78@yahoo.com
Objet : [Octavius - msg258msg] RE: Difference between BCP and DR {#7D868}






[Octavius - msg258msg] RE: Difference between BCP and DR





h1, h2, h3, h4, h5, h6 { font-weight: normal; margin: 0; } h1 { font-size: 1.8em; } h2 { font-size: 1.6em; } h3 { font-size: 1.3em; } h4, h5 h6 { font-size: 1.1em; font-weight: bold; } a { color: #0000cc; } hr { height: 2px; border-style: none; background: #ddd; color: #ddd; margin: 1em 0; } div.message hr { margin: 5px 0; color: #000; background: #000;} div.footerLinks a { color: #0000cc; } .discQuote{ font-size:10px; font-style:italic; padding: 15px; border-style:dotted; border-width:1px; background-color:#e6e6e6; margin:10px; }




Reply to this email to post directly to this discussion.





To protect your privacy please remove your signature and any automatically added content from your reply. Learn More






Submitted by Octavius


Unfortunately, people do not understand that IT infrastructure running does not equal critical applications running. BCP is essential to making sure we can do business as usual!!.






View Discussion / Unsubscribe from this list / My Mailing Lists




Message Tracking ID:258;ID:258;







ISACA

http://www.isaca.org



Lamine134 at 2/10/2015 1:10:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
jnatt at 2/10/2015 1:15:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: Difference between BCP and DR

I would also argue that while an organization's BCP should include significant events, it should also include minor things as well. The focus is indeed a wider scope, as Lamine suggests, but should focus on continuity of all aspects of operations, not simply items of large risk.
cdamico04 at 2/10/2015 6:00:14 AM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.