What's the difference between a Disaster Recovery Plan and a Business Continuity Plan?
I used to think both terms referred to the exact same thing, but one of my clients just requested to have a look at both documents.
The request emanates from the security department of a very big company, so I guess they know what they're talking about ...
What's the difference between a DRP and a BCP ?
Disaster Recovery Plan is the proceedures the administrators do to restore normal business workflow.
Business Continuity Plan is what end users do to remain productive when normal business workflow is interrupted.
In a nutshell a BCP defines how you operate during a business interruption/disaster and a DRP defines how you get back to normal operations after a business interruption/disaster.
I guess I could see them as follows:
Disaster Recovery Plan - What steps you would take to recover from a fire in your server room for example.
Business Continuity Plan - What steps you would take to let business users continue to work while you are executing your Disaster Recovery Plan.
A Business Continuity Plan describes a set of procedures your company will use to continue critical business operations in the event of disruption (of that specific and/or all critical business operations). For instance, if the ability to take phone calls is a critical business operation (i.e. maybe you run a help desk), then you may define, in your BCP, what may cause a phone interruption, and what procedures you would take to respond to it.
Conversely, as stated by Massimo, the Disaster Recovery Plan (DRP) is a subset of your BCP. The DRP specifies the further reaching implications of disaster -- where your primary place (or all places) of business are uninhabitable. Not only is this relevant to your place of business, but your workforce as well (Workforce Continuity).
Several organizations often combine the concept of both, calling it a BCDR (Business Continuity / Disaster Recover) plan. This is what we've done.