Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

The Difference Between a Business Continuity Plan, a Disruption Plan, and a Disaster Recovery Plan

The core documents of the ISO22301 standard for a Business Continuity Management System (BCMS) are the Business Continuity Plan, the Disruption Plan and Disaster Recovery Plan.  Other standards, such as ISO14001 for Environmental and ISO27001 for Information Security have elements of business continuity that require these documents too.

Many organizations find it difficult to differentiate between the plans. So let’s look at the differences between them. While these plans have similar goals—to maintain operations and ensure the organization’s long-term success—there are distinct differences between them which we outline below.

A Business Continuity Plan

A Business Continuity Plan (BCP) is a document that describes your organization’s strategies, processes, and procedures to ensure that essential business functions can continue during and after a disruption or crisis. A BCP provides an overall framework for managing and responding to disruptions and includes policies, procedures, and strategies for different stages of a disruption or crisis and how your organization will return to normal operations.

A Disruption Plan

Disruption plans, on the other hand, are focused on mitigating the impact of a specific disruption on your organization. These plans typically include the actions that your organization can take to minimize the effects of the disruption and ensure your organization is able to continue to operate as close to normal as possible in the face of the disruption. Disruption plans may involve contingency plans, such as moving to an emergency site, alternate sources of supply, and other strategies designed to minimize the impact of a disruption on your organization. They also document the steps that need to be taken to recover from the disruption along with the time constraints determined by the organization for the return to ‘business as normal’.

Disaster Recovery Plan

Disaster recovery plans (DRP) are a reactive approach that is specifically geared towards recovering your organization’s critical IT infrastructure and systems after a disaster or disruptive event. The DRP aims to minimize the downtime and loss of data by providing a plan for restoring IT systems and infrastructure to their pre-disaster state. It typically includes backup and recovery procedures, offsite data storage, disaster recovery site location, and testing procedures

Key documents for ISO22301 and ISO27001

ISO22301 places importance on operating and maintaining your processes, capabilities and response actions and plans to ensure your organization will survive disruptive events. It goes on to define the Business Continuity Plan as: ‘a document that guides an organization to respond to a disruption and resume, recover and restore the delivery of your products and services in line with your business continuity objectives’.

What ISO22301 does not define are Disruption or Disaster Recovery plans. ISO22301 and other standards such as ISO27001, refer to business continuity procedures. These procedures are your specific actions to be taken in the event of a particular type of disruption. So effectively they are your Disruption and Disaster Recovery plans, the difference being that Disaster Recovery Plans are focused on your IT assets and resources.

Summary

In summary, while a Business Continuity Plan is a comprehensive plan that outlines your organization’s strategies for managing and responding to disruptions, the Disruption Plan and Disaster Recovery Plan are narrower plans that focus on managing a specific disruption or event. All of these plans are important components of your organization’s overall resilience and ability to recover from disruptions.

These plans, when in place, need to be updated and reviewed as new risks or potential disruptions emerge, and as your organization’s needs change. This is a requirement of the ISO22301 Business Continuity Management System should you decide to go for certification and is also a key component of the ISO27001 and ISO14001 standards.

 

Written by  Ted Spiller – CertiKit’s Compliance Consultant. Ted is an expert in many ISO management systems; he is a Lead Auditor for ISO27001, SO9001 and ISO14001 and Auditor for ISO45001 and ISO22301.


More ISO Resources

CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the ISO standard of your choice, go to our guidance pages where you can find more specific information about each standard and more downloadable resources.

More ISO Guidance

We’ve helped more than 7000 businesses with their compliance

Testimonials

I like the fact that the documents are very comprehensive and more than sufficient for compliance.

Infoslips
South Africa

View all Testimonials