Disaster recovery is the area of security planning that deals with protecting an organization from the effects of significant negative events. Significant negative events, in this context, can include anything that puts an organization’s operations at risk: crippling cyberattacks and equipment failures, for example, as well as hurricanes, earthquakes and other natural disasters.
A disaster recovery plan (DRP) documents policies, procedures and actions to limit the disruption to an organization in the wake of a disaster. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of actions intended to minimize the negative effects of a disaster and allow the organization to maintain or quickly resume mission-critical functions.
In information technology, disaster recovery steps may include restoring servers or mainframes with backups, re-establishing private branch exchanges (PBX) or provisioning local area networks (LANs) to meet immediate business needs.
Business continuity describes the processes and procedures an organization must put in place to ensure that mission-critical business functions can continue during and after a disaster. The emphasis is more on maintaining business operations than IT infrastructure. Because business continuity and disaster recovery are so closely related, the two terms are sometimes combined as Business Continuity and Disaster Recovery (BCDR or BC/DR).