BCMS3: What is Disaster Recovery Management

If you are familiar with the Business Continuity Management (BCM) system, then you may know the terms Disaster Recovery Management (DRM) and Disaster Recovery Plan (DRP). Both BCM and DRM refer to a contingency management system, but how does BCM and DRM differ?

The short answer is that the scope is different. While DRM generally focuses on the recovery capability of key IT systems, BCM often covers holistic capabilities of the organization that is needed for responding to a disruption and resuming/recovering the key businesses. You can see the difference more in BCP and DRP as below.

Scope of BCP and DRP (in general)

Therefore, DRM is sometimes explained as a subset of BCM. Looking at ISO 22301: 2019, the international BCM standard, IT systems are listed as a type of resources (c.f. 8.3.4 Resource requirements). DRM can be considered as a management system that ensures the required resource are available.

Common contents corresponding to a specific scenario (e.g. disruption of an e-commerce site)

However, it is not always necessary to develop an independent DRM. You can include the recovery procedures of the key IT systems in a BCP. Furthermore, you can call your contingency management system in your own way. The term Crisis Management and IT Service Continuity Management (c.f. ITIL (Information Technology Infrastructure Library)) are also often used to describe a contingency management system. What is more important is that your contingency management systems are consistent and relevant to your business objectives.

Reference
ISO 22301:2019(en) Security and resilience — Business continuity management systems. (as of 16 Apr 2020, some ISO (International Organization for Standardization) standards including ISO 22301:2019 are freely accessible to support global efforts in dealing with the COVID-19 crisis)