The primary difference between a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) lies in their timeframe for activation and overall scope.
BCP (Business Continuity Plan):
Focuses on ensuring that critical business processes continue operating during and after a disruption.
It includes strategies for maintaining operations (e.g., alternative work locations, manual procedures, supplier dependencies).
Activated immediately when a disruption occurs to keep the business running.
DRP (Disaster Recovery Plan):
Primarily focuses on the recovery of IT systems and infrastructure after a disruption.
It includes steps for restoring data, servers, and applications to bring IT operations back to normal.
Activated after the disaster event to restore normal IT operations.
The timeframe for activation is the key difference because:
BCP is implemented immediately to ensure business continuity.
DRP is implemented after the disaster to restore IT operations.
A. The annual testing requirements → Both BCP and DRP require regular testing, so this is not the key differentiator.
B. The focus on system recovery → Only DRP focuses on system recovery, but the BCP covers more than just IT. The key difference is still the timeframe.
D. The involvement of senior management → Senior management is involved in both plans, so this is not the primary distinction.
[References:ISACA CISA Review Manual, 28th Edition, Chapter 4: Information Systems Operations and Business Resilience, , , , , ]
