Re: [me-bcp] Digest Number 163
- View SourceThanks for the endorsement in views and understanding. Having worked extensively on Y2K contingency planning in the late ninties, there is a great degree of resemblance in the overall philosophy and approach towards the issue regardless the different nature of the trigger of the problem (Y2K date bug or some natural/man-made disaster).
"M. Yasir Khan" <yasir_kh@...> wrote:
Dear BCP enthusiasts,
Both the terms BCP and DRP are self explanatory but people seems to put debate to it and compare them. I agree with Mr. Thiab that they are overlapping in nature but I feel that they are different in nature and deal with different situations and address separate issues.
Business continuance (sometimes referred to as business continuity) describes the processes and procedures an organization puts in place to ensure that essential functions can continue during and after a disaster. Business continuance planning seeks to prevent interruption of mission-critical services, and to reestablish full functioning as swiftly and smoothly as possible.
Although business continuance is important for any enterprise, it may not be practical for any but the largest to maintain full functioning throughout a disaster crisis. According to many experts, the first step in business continuity planning is deciding which of the organization's functions are essential, and apportioning the available budget accordingly. Once the crucial components are identified, failover mechanisms can be put in place. New technologies, such as disk mirroring over the Internet, make it feasible for an organization to maintain up-to-date copies of data in geographically dispersed locations, so that data access can continue uninterrupted if one location is disabled.
A disaster recovery plan (DRP) - sometimes referred to as a business continuity plan (BCP) or business process contingency plan (BPCP) - describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.
Disaster recovery is becoming an increasingly important aspect of enterprise computing. As devices, systems, and networks become ever more complex, there are simply more things that can go wrong. As a consequence, recovery plans have also become more complex. According to Jon William Toigo (the author of Disaster Recovery Planning), fifteen years ago a disaster recovery plan might consist of powering down a mainframe and other computers in advance of a threat (such as a fire, for example, or the sprinkler system), disassembling components, and subsequently drying circuit boards in the parking lot with a hair dryer. Current enterprise systems tend to be too complicated for such simple and hands-on approaches, however, and interruption of service or loss of data can have serious financial impact, whether directly or through loss of customer confidence.
Appropriate plans vary from one enterprise to another, depending on variables such as the type of business, the processes involved, and the level of security needed. Disaster recovery planning may be developed within an organization or purchased as a software application or a service. It is not unusual for an enterprise to spend 25% of its information technology budget on disaster recovery. While studying for my CISSP, we came across a very nice formula to answer the question that how much I need to spend on Security?
I agree with Mr. Ghazali that DRP can be termed as one entity within the umbrella of BCP. According to a recent Gartner Group document, a business continuance plan should include: a disaster recovery plan, which specifies an organization's planned strategies for post-failure procedures; a business resumption plan, which specifies a means of maintaining essential services at the crisis location; a business recovery plan, which specifies a means of recovering business functions at an alternate location; and a contingency plan, which specifies a means of dealing with external events that can seriously impact the organization. Business continuance has become an increasingly common area of concern since the September 2001 World Trade Center disaster, in which an unforeseen incident created a sudden and severe threat to crucial functions for a number of companies.
So, here are my two pennies.
Muhammad Yasir Khan,
CISSP, CISA (absolutely)
SAP Technology Consultant.
Material Source of this email: http://www.whatis.com
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
Lets Gather to Learn.....
Join ME-BCPHave A Nice Day !
Vision = Direction = Leadership
Bridging true business needs to successful IT solutions
Have fun online with music videos, cool games, IM & more. Check it out!