Business Continuity ? Disaster Recovery and Crisis Management differences

A

AnandR

Business Continuity – Disaster Recovery and Crisis Management differences

Hello,

I need help to understand with examples if possible on:

What is the difference between Business Continuity – Disaster Recovery and Crisis Management?

Thanks
Anand
 

qusys

Trusted Information Resource
Re: Business Continuity – Disaster Recovery and Crisis Management

Hello,

I need help to understand with examples if possible on:

What is the difference between Business Continuity – Disaster Recovery and Crisis Management?

Thanks
Anand

I think that crisis management can be seen as the set of the tecniques that allow a Company to control on time the damages in a moment of crisis ( company problem, production, occupational etc...).
We can say the same for Business continuity.
Based upon the definition , they deal with the identification of the potential risk areas, evaluate the consequences of a crisis/disaster , overall it is a sort of planning.
Disaster recovery could be considered as the operative part of the plan studied in the process of business continuity management.
In thsi case the company has previously set plans and program to respond to a particular threat that could mine the business of an organization.
 
P

pldey42

Re: Business Continuity – Disaster Recovery and Crisis Management differences

Here's how BS 25999 defines these concepts:

Incident management - what you do as an immediate consequence of an incident

Business continuity management - what you do to sustain the business while you recover from the incident

Disaster recovery - what you do to put things back as they were

Confusingly, and in the best traditions of English as a context-dependent language, planning for all three (incident management, business continuity and disaster recovery) is called Business Continuity Management. (I didn't write this stuff, I just write about it.) "Crisis management" is what BS 25999 would call incident management - emotional terms were largely avoided in the standard.

For example: a stray meteorite hits your call centre:

Incident management - determine that it was indeed a meteorite (or something capable of obliterating your call centre), notify authorities, next of kin, care for walking wounded, etc ... and kick off the business continuity plan ...

Business continuity management - sustain calls using a temporary call centre with temporary computer and phone systems, data restored from backups and either existing or temporary staff

Disaster recovery - rebuild the call centre, get new equipment and new staff if some were lost in the disaster. Maybe return to a "new normal" rather than the old normal: consider maybe two call centres, miles apart so that if one fails, the other picks up traffic; perhaps put them under mountains, safe from direct meteorite hits. (Or put anti-meteorite missile systems on their rooves!)

Many businesses have the disaster recovery plan but fail to plan for incident management and business continuity. Incident management planning includes, for example, who takes decisions and how does everyone communicate ... and what happens when the mobile phone batteries die?

It's said that the first few hours are critical and time lost early magnifies later consequences. One business had a plan that said, "Take taxis across town to the backup data centre." When push came to shove they lost valuable time because nobody was prepared to pay for taxis, fearing they would not get the expense reimbursed. Moral of the tale: plan ahead for discretionary spending on transport, gear, food and drink, e.g. with company credit card.

Another major mistake is not planning for media management. CEO's often need to be trained to talk to the media in such a fashion as to not make matters worse, obvious example being the first days of the BP oil spill in the Gulf.

There's much more than this to consider, hence BS 25999 - which will be an ISO shortly, sorry, can't remember the number.

Some organizations do BC to improve their ability to ride unexpected situations (weather events, man-made disasters, or smaller things like something bad in the drinking water, loss of electric power or internet); some report reduced insurance premiums; some reduce the probability of late product or service delivery and the associated penalty clauses. Early adopters include global IT services companies and financial services institutions, for which stoppages can be expensive.

BS 25999 was introduced in the UK as one of many responses to several major incidents including some terrorist bombs, an explosion at an oil refinery and some major flood events in order to improve UK resilience. BC plans are mandated upon local and national government, first responders (blue lights and government) and second responders (public utilities).

Hope this helps,
Pat
 

Wes Bucey

Prophet of Profit
Re: Business Continuity – Disaster Recovery and Crisis Management differences

Hello,

I need help to understand with examples if possible on:

What is the difference between Business Continuity – Disaster Recovery and Crisis Management?

Thanks
Anand
Is there a particular problem facing you or is this just idle curiosity?

The three items you name are all parts of a SYSTEM often termed Risk Management. Typically, Crisis Management is the minute to minute activity plan for the period during the crisis or hazard - where do folks go during a fire, a flood, terror attack? Who acts as the spokesman for the organization, who counts noses to assure everyone is safe and no one missing?

Business Continuity and Disaster Recovery are often thought of as two separate activities, but may have some common elements. Disaster Recovery usually is concerned with repairing or replacing people and things damaged or lost during the disaster. Sometimes, this may mean just collecting insurance and starting over [or quitting]; other times, it merges into Business Continuity. Business Continuity is usually concerned with keeping a business operating during and immediately after ANY problem, whether it ranks as a disaster or not (union strike, unavailability of raw material, etc.), especially the idea of continuing to serve customers, and may include stockpiling of raw materials or finished goods in a safe location to make the disruption as brief and, hopefully, as seamless as possible.

An example (before the internet and cloud computing) was an entire business of offsite backup and entire computer systems so an organization would not lose records and could conceivably just move personnel in to the alternate location and carry on business as usual - very big with financial institutions and insurance companies. Comdisco, created by Ken Pontikes, was very big in that business.
 

AndyN

Moved On
Re: Business Continuity – Disaster Recovery and Crisis Management differences

Although ISO 27000 deals with this topic, perhaps this thread should be moved to the Business Continuity forum?
 
A

AnandR

Re: Business Continuity – Disaster Recovery and Crisis Management differences

Thanks Everyone for educating me on this three elements.
 

Richard Regalado

Trusted Information Resource
Re: Business Continuity – Disaster Recovery and Crisis Management differences

The word disaster appeared in the definition of business continuity strategy.

Quoted from BS 25999-2:2007
business continuity strategy
approach by an organization that will ensure its recovery and continuity
in the face of a disaster or other major incident or business disruption

Following the above definition, one can correlate this with the definitions of disruption and incident on the succeeding pages.
 
H

hansenmartin

What?s in a word? With the multiple definitions of disaster recovery planning already in existence, here comes crisis management as well. Example: let?s say your whole data centre crashes because of a faulty power supply configuration, leaving you with no sales and no customer support, and your IT staff threatens to walk out because of ?unacceptable working conditions?. Is that a disaster or a crisis? Is there a difference in the way you should handle it, and will things get worse if you make the wrong choice?
 

Richard Regalado

Trusted Information Resource
Re: Business Continuity – Disaster Recovery and Crisis Management differences

What’s in a word? With the multiple definitions of disaster recovery planning already in existence, here comes crisis management as well. Example: let’s say your whole data centre crashes because of a faulty power supply configuration, leaving you with no sales and no customer support, and your IT staff threatens to walk out because of “unacceptable working conditions”. Is that a disaster or a crisis? Is there a difference in the way you should handle it, and will things get worse if you make the wrong choice?


The Standards do not prohibit organizations from having their own lexicon. As long as everyone who needs to know, understands these terms, an organization would be okay. Regardless whether they call disaster, crisis, incident, Armageddon, etc.
 
Top Bottom