A Disaster Recovery Plan (DRP) is a documented, structured approach with instructions for responding to unplanned incidents and events. This step-by-step plan consists of the precautions to minimize the effects of a disaster so your organization can continue to operate or quickly resume mission-critical functions with as little impact to your staff, customers, patients and reputation as is possible.
A BIA is an analysis that assesses the quantitative impact of an incident or interruption on your organization in terms of financial loss & diminished levels of services or products you provide to your customers. This BIA also measures the qualitative impact that occurs with these event in terms of your business to operate and workforce morale & retention, damage to your brand reputation, legal and regulatory jeopardy that might result.
Business Continuity Planning (BCP) is a pro-active plan that facilitates the rapid recovery of business operations to reduce overall impact of a disaster, security incident or other possible interruption to your business operations.
Depending on regulatory compliance (HIPAA, SOX, FISMA) or industry requirements, it is mandatory for those businesses to form and maintain a Disaster Recovery Plan. The truth is all businesses SHOULD have a Business Continuity and Disaster Recovery Plan if they want to stay in business and care about your clients and staff! Even if your business isn't directly required to have and maintain a Disaster Recovery Plan because of regulatory compliance, you may still be indirectly required to have one due to Business Associate Agreements or Supply Chain obligations you fulfill with your business partners that are required to maintain a DRP.
Start with a Risk Assessment. A Risk Assessment will inventory all technology assets in your organization; hardware, software and devices. This Assessment will then identify threats and vulnerabilities and their impact on your data and business operations.