Disaster Recovery with BCP, COOP, and DRP
For the CompTIA Security+ exam, you need to be familiar with three terms that are related to disaster recovery:
- Business Continuity Plan (BCP)
- Continuity of operation planning (COOP)
- Disaster Recovery Plan (DRP)
What do each of these terms mean, and what purpose do they serve? Let’s find out.
Business Continuity Plan (BCP)
Business Continuity Plan, or BCP, is concerned with threats that could negatively impact business operations. It’s the process of creating systems of prevention and recovery in the event of an incident.
It could involve keeping business operations running such as by relocating or by using different tools and processes after experiencing a disruption.
Examples of systems that would be considered in BCP could include payroll services and customer-facing services.
Examples of events that could be considered as part of the BCP include supply chain interruptions, ransomware attacks that cripple critical infrastructure, etc…
BCP is not necessarily about just restoring essential business processes, it’s about restoring overall business processes.
Continuity of Operation Planning (COOP)
Continuity of Operation Planning, or COOP, is a United States federal government initiative and, if you were to search for it on a search engine, you would see that FEMA is one of the first results.
The FEMA document contains a definition of what Continuity of Operations means, and it’s defined as:
An effort within individual executive departments and agencies to ensure that Primary Mission Essential Functions (PMEFs) continue to be performed during a wide range of emergencies, including localized acts of nature, accidents and technological or attack-related emergencies.
If we look at the NIST definition, we see something very similar:
A predetermined set of instructions or procedures that describe how an organization’s mission-essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.
COOP focuses on restoring an organization’s mission essential functions (MEF) at an alternate site for up to 30 days before returning to normal operations.
It doesn’t mean that everything should remain operational — it can be used to prioritized what should have redundancies and what should continue functioning for up to 30 days before returning to normal operations.
As an example of COOP, we may plan to have a warm site, which if you’ll remember from a prior lesson, is a different location that an organization can relocate to following a disaster.
Disaster Recovery Plan (DRP)
A DRP, or Disaster Recovery Plan, applies to major and usually physical disruptions to service that denies access to primary facilities for an extended period of time.
A DRP provides a documented plan for how to restore operations of a system, application, or computer facility at an alternate site. That means DRP is focused on restoring and protecting business IT assets.
DRPs can support both a BCP or COOP plan by recovering supporting systems for the business process, but the DRP is designed to only address information system disruptions that require relocation.
Cheat Sheet for the Security+
As another summarized way to think of it, we can say that:
- BCP looks at threats that could impact your business and describes processes to address scenarios related to those threats. It isn’t just focused on restoring critical or IT resources, it’s interested in business continuity as a whole
- DRP focuses more on restoring IT services that are critical to business operations. It focuses on prioritized IT resources based on business impact
- COOP focuses on management policies and procedures to properly respond to and recover from an incident, and it’s a US government initiative that can provide guidance to the private sector for BCP purposes
Responses