Many people use the phrases "business continuity planning" and "disaster recovery" interchangeably, but they aren't the same thing.
Let's take a look at the difference.
A business continuity plan (BCP) allows a business to make advanced plans to address what needs to be done to ensure that it can continue to deliver key products and services. It identifies critical functions and the minimum service levels that need to be met.
A BCP has a wide scope, looking at the enterprise as a whole. It includes a business impact analysis (BIA), which analyzes critical systems, business functions, and services and the elements that support them to determine how a business interruption might impact them.
A disaster recovery (DR) plan allows a business to plan what needs to be done immediately after a disaster to recover from an event. It includes detailed procedures for addressing problems and getting systems like data backup back online.
It should address elements from the BIA:
A disaster recovery plan is one element of a business continuity plan. The BCP is concerned with the whole enterprise. The DR plan is focused on specific steps to recover from an incident.
BCP and DR fill different roles and determining which plan to put into place first depends on the disaster. Ideally, BCP and DR should come into play simultaneously, with the institution working to provide services while recovering, but sometimes one needs to take precedent over the other.
For example, if a disaster is causing injuries or loss of life, disaster recovery will be the top priority as your institution works to ensure people are safe. Once people are taken care of, then BCP can take over.
A cyber attack is one example of when a BCP might take precedence. Your institution's first priority is to stop the attack, understand what's happening, and start servicing members and customers who are experiencing problems. Once the institution has a grasp on what's happening and has found a way to stop it, it can use its DR plan to recover.