U.S. flag

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

disaster recovery plan for technology

IT Disaster Recovery Plan

world globe

Businesses use information technology to quickly and effectively process information. Employees use electronic mail and Voice Over Internet Protocol (VOIP) telephone systems to communicate. Electronic data interchange (EDI) is used to transmit data including orders and payments from one company to another. Servers process information and store large amounts of data. Desktop computers, laptops and wireless devices are used by employees to create, process, manage and communicate information. What do you when your information technology stops working?

An information technology disaster recovery plan (IT DRP) should be developed in conjunction with the business continuity plan . Priorities and recovery time objectives for information technology should be developed during the business impact analysis . Technology recovery strategies should be developed to restore hardware, applications and data in time to meet the needs of the business recovery.

Businesses large and small create and manage large volumes of electronic information or data. Much of that data is important. Some data is vital to the survival and continued operation of the business. The impact of data loss or corruption from hardware failure, human error, hacking or malware could be significant. A plan for data backup and restoration of electronic information is essential.

Resources for Information Technology Disaster Recovery Planning

IT Recovery Strategies

Recovery strategies should be developed for Information technology (IT) systems, applications and data. This includes networks, servers, desktops, laptops, wireless devices, data and connectivity. Priorities for IT recovery should be consistent with the priorities for recovery of business functions and processes that were developed during the business impact analysis . IT resources required to support time-sensitive business functions and processes should also be identified. The recovery time for an IT resource should match the recovery time objective for the business function or process that depends on the IT resource.

Information technology systems require hardware, software, data and connectivity. Without one component of the “system,” the system may not run. Therefore, recovery strategies should be developed to anticipate the loss of one or more of the following system components:

Some business applications cannot tolerate any downtime. They utilize dual data centers capable of handling all data processing needs, which run in parallel with data mirrored or synchronized between the two centers. This is a very expensive solution that only larger companies can afford. However, there are other solutions available for small to medium sized businesses with critical business applications and data to protect.

Internal Recovery Strategies

Many businesses have access to more than one facility. Hardware at an alternate facility can be configured to run similar hardware and software applications when needed. Assuming data is backed up off-site or data is mirrored between the two sites, data can be restored at the alternate site and processing can continue.

Vendor Supported Recovery Strategies

There are vendors that can provide “hot sites” for IT disaster recovery. These sites are fully configured data centers with commonly used hardware and software products. Subscribers may provide unique equipment or software either at the time of disaster or store it at the hot site ready for use.

Data streams, data security services and applications can be hosted and managed by vendors. This information can be accessed at the primary business site or any alternate site using a web browser. If an outage is detected at the client site by the vendor, the vendor automatically holds data until the client’s system is restored. These vendors can also provide data filtering and detection of malware threats, which enhance cyber security.

Developing an IT Disaster Recovery Plan

Businesses should develop an IT disaster recovery plan. It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and wireless devices), software applications and data. The plan should include a strategy to ensure that all critical information is backed up.

Identify critical software applications and data and the hardware required to run them. Using standardized hardware will help to replicate and reimage new hardware. Ensure that copies of program software are available to enable re-installation on replacement equipment. Prioritize hardware and software restoration.

Document the IT disaster recovery plan as part of the business continuity plan . Test the plan periodically to make sure that it works.

Data Backup

Businesses generate large amounts of data and data files are changing throughout the workday. Data can be lost, corrupted, compromised or stolen through hardware failure, human error, hacking and malware. Loss or corruption of data could result in significant business disruption.

Data backup and recovery should be an integral part of the business continuity plan and information technology disaster recovery plan. Developing a data backup strategy begins with identifying what data to backup, selecting and implementing hardware and software backup procedures, scheduling and conducting backups and periodically validating that data has been accurately backed up.

Developing the Data Backup Plan

Identify data on network servers, desktop computers, laptop computers and wireless devices that needs to be backed up along with other hard copy records and information. The plan should include regularly scheduled backups from wireless devices, laptop computers and desktop computers to a network server. Data on the server can then be backed up. Backing up hard copy vital records can be accomplished by scanning paper records into digital formats and allowing them to be backed up along with other digital data.

Options for Data Backup

Tapes, cartridges and large capacity USB drives with integrated data backup software are effective means for businesses to backup data. The frequency of backups, security of the backups and secure off-site storage should be addressed in the plan. Backups should be stored with the same level of security as the original data.

Many vendors offer online data backup services including storage in the “cloud”. This is a cost-effective solution for businesses with an internet connection. Software installed on the client server or computer is automatically backed up.

Data should be backed up as frequently as necessary to ensure that, if data is lost, it is not unacceptable to the business. The business impact analysis should evaluate the potential for lost data and define the “recovery point objective.” Data restoration times should be confirmed and compared with the IT and business function recovery time objectives.

Last Updated: 02/17/2021

Return to top

disaster recovery plan for technology

disaster recovery plan (DRP)

What is a disaster recovery plan (DRP)?

A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. A DRP is an essential part of a business continuity plan ( BCP ). It is applied to the aspects of an organization that depend on a functioning information technology (IT) infrastructure. A DRP aims to help an organization resolve data loss and recover system functionality so that it can perform in the aftermath of an incident, even if it operates at a minimal level.

The plan consists of steps to minimize the effects of a disaster so the organization can continue to operate or quickly resume mission-critical functions. Typically, a DRP involves an analysis of business processes and continuity needs. Before generating a detailed plan, an organization often performs a business impact analysis ( BIA ) and risk analysis ( RA ), and it establishes recovery objectives.

As cybercrime and security breaches become more sophisticated, it is important for an organization to define its data recovery and protection strategies. The ability to quickly handle incidents can reduce downtime and minimize financial and reputational damages. DRPs also help organizations meet compliance requirements, while providing a clear roadmap to recovery.

Some types of disasters that organizations can plan for include the following:

Recovery plan considerations

When disaster strikes, the recovery strategy should start at the business level to determine which applications are most important to running the organization. The recovery time objective ( RTO ) describes the amount of time critical applications can be down, typically measured in hours, minutes or seconds. The recovery point objective ( RPO ) describes the age of files that must be recovered from data backup storage for normal operations to resume.

This article is part of

What is BCDR? Business continuity and disaster recovery guide

Download this entire guide for FREE now!

Recovery strategies define an organization's plans for responding to an incident, while disaster recovery plans describe how the organization should respond. Recovery plans are derived from recovery strategies.

list of elements to include in a DRP

In determining a recovery strategy, organizations should consider such issues as the following:

Management approval of recovery strategies is important. All strategies should align with the organization's goals. Once DR strategies have been developed and approved, they can be translated into disaster recovery plans.

Types of disaster recovery plans

DRPs can be tailored for a given environment. Some specific types of plans include the following:

Scope and objectives of DR planning

The main objective of a DRP is to minimize negative effects of an incident on business operations. A disaster recovery plan can range in scope from basic to comprehensive. Some DRPs can be as much as 100 pages long.

DR budgets vary greatly and fluctuate over time. Organizations can take advantage of free resources, such as online DRP templates, like the SearchDisasterRecovery template below.

Several organizations, such as the Business Continuity Institute and Disaster Recovery Institute International, also provide free information and online content how-to articles.

An IT disaster recovery plan checklist typically includes the following:

The location of a disaster recovery site should be carefully considered in a DRP. Distance is an important, but often overlooked, element of the DRP process. An off-site location that is close to the primary data center may seem ideal -- in terms of cost, convenience, bandwidth and testing. However, outages differ greatly in scope. A severe regional event can destroy the primary data center and its DR site if the two are located too close together.

list of elements in the BCDR process

How to build a disaster recovery plan

The disaster recovery plan process involves more than simply writing the document. Before writing the DRP, a risk analysis and business impact analysis can help determine where to focus resources in the disaster recovery process.

The BIA identifies the impacts of disruptive events and is the starting point for identifying risk within the context of DR. It also generates the RTO and RPO. The RA identifies threats and vulnerabilities that could disrupt the operation of systems and processes highlighted in the BIA.

The RA assesses the likelihood of a disruptive event and outlines its potential severity.

A DRP checklist should include the following steps:

Disaster recovery plans are living documents. Involving employees -- from management to entry-level -- increases the value of the plan.

Another component of the DRP is the communication plan . This strategy should detail how both internal and external crisis communication will be handled. Internal communication includes alerts that can be sent using email, overhead building paging systems, voice messages and text messages to mobile devices. Examples of internal communication include instructions to evacuate the building and meet at designated places, updates on the progress of the situation and notices when it's safe to return to the building.

External communications are even more essential to the BCP and include instructions on how to notify family members in the case of injury or death; how to inform and update key clients and stakeholders on the status of the disaster; and how to discuss disasters with the media.

Disaster recovery plan template

An organization can begin its DRP with a summary of vital action steps and a list of important contact information. That makes the most essential information quickly and easily accessible.

The plan should define the roles and responsibilities of disaster recovery team members and outline the criteria to launch the plan into action. The plan should specify, in detail, the incident response and recovery activities.

Get help putting together your disaster recovery plan with SearchDisasterRecovery's free, downloadable IT disaster recovery plan template .

Other important elements of a disaster recovery plan template include the following:

Testing your disaster recovery plan

DRPs are substantiated through testing to identify deficiencies and provide opportunities to fix problems before a disaster occurs. Testing can offer proof that the emergency response plan is effective and hits RPOs and RTOs. Since IT systems and technologies are constantly changing, DR testing also helps ensure a disaster recovery plan is up to date.

Reasons given for not testing DRPs include budget restrictions, resource constraints and a lack of management approval. DR testing takes time, resources and planning. It can also be risky if the test involves using live data.

Build and execute your own disaster recover tests using SearchDisasterRecovery's free, downloadable business continuity testing template .

DR testing varies in complexity. In a plan review, a detailed discussion of the DRP looks for missing elements and inconsistencies. In a tabletop test, participants walk through plan activities step by step to demonstrate whether DR team members know their duties in an emergency. A simulation test uses resources such as recovery sites and backup systems in what is essentially a full-scale test without an actual failover .

Incident management plan vs. disaster recovery plan

An incident management plan ( IMP ) -- or incident response plan -- should also be incorporated into the DRP; together, the two create a comprehensive data protection strategy. The goal of both plans is to minimize the impact of an unexpected incident, recover from it and return the organization to its normal production levels as fast as possible. However, IMPs and DRPs are not the same.

The major difference between an incident management plan and a disaster recovery plan is their primary objectives. An IMP focuses on protecting sensitive data during an event and defines the scope of actions to be taken during the incident, including the specific roles and responsibilities of the incident response team.

In contrast, a DRP focuses on defining the recovery objectives and the steps that must be taken to bring the organization back to an operational state after an incident occurs.

Learn what it takes to develop a disaster recovery plan that considers the cloud and cloud services.

Continue Reading About disaster recovery plan (DRP)

Related Terms

Dig deeper on disaster recovery planning and management.

disaster recovery plan for technology

virtual disaster recovery


business impact analysis (BIA)


Cloud-era disaster recovery planning: Maintenance and continuous improvement

A new SaaS backup specialist emerges from stealth to protect data in apps such as Trello, GitHub and GitLab, which CEO Rob ...

A growing number of enterprise Kubernetes users presents an opportunity for CloudCasa, currently a division of Catalogic, with ...

Organizations with SaaS-based applications are still relying on the providers for data protection, even though the vendors are ...

Pure Storage expanded its storage offerings with FlashBlade//E designed for the unstructured data market with an acquisition cost...

Data governance manages the availability, usability, integrity and security of data. Follow these best practices for governance ...

Vast Data Universal Storage brought out data services, including set performance, metadata cataloging, better security, container...

An incident response program ensures security events are addressed quickly and effectively as soon as they occur. These best ...

The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware ...

While ransomware incidents appear to be decreasing, several high-profile organizations, including Dole, Dish Network and the U.S....

Policymakers want federal data privacy legislation limiting businesses' ability to collect data on individuals and banning ...

Public, private, hybrid or consortium, each blockchain network has distinct pluses and minuses that largely drive its ideal uses ...

Get the lowdown on the major features, differentiators, strengths and weaknesses of the blockchain platforms getting the most ...


Introduction: The Technology Recovery Plan (TRP) is a sub-set of the state entity’s Business Continuity Plan. The TRP is activated immediately after a disaster strikes and focuses on getting critical systems back online.

Policy: Each state entity shall develop a TRP in support of the state entity’s Continuity Plan and the business need to protect critical information assets to ensure their availability following an interruption or disaster. Each state entity must keep its TRP up- to-date and provide annual documentation for those updates to the CISO. The annual requirements are:

Recovery Program Compliance Certification ( SIMM 5325-B ) with the CISO, in accordance with the Information Security Compliance Reporting Schedule - SIMM 5330-C .

Each state entity TRP must cover, at a minimum, the program areas which are listed and described in the Technology Recovery Plan Documentation for Agencies Preparation Instructions ( SIMM 5325-A ). If the TRP does not follow the format in SIMM 5325-A , a cross reference sheet, SIMM 5325-B , must be included with the update to indicate where required information is located.

The TRP must outline a planned approach to managing risks to the state entity’s mission, including risk and potential impact to critical information technology assets. The TRP must be derived from the state entity’s business impact assessment and Business Continuity Plan. Instructions for preparing the TRP are described in SIMM 5325-A .

No Revisions for this item.

Search Entire Manual

Print entire sam manual.


Kyndryl has a comprehensive set of Technology Services around hybrid cloud solutions, business resiliency and network services for your IT transformations.

An open integration platform delivering IT solutions.

Co-creating to solve complex business problems

Kyndryl’s industry experts help modernize, digitize and secure your IT to provide outstanding customer experiences.

Kyndryl can help you identify and secure state and federal funding to support your critical technology projects.

Empowering progress while modernizing and managing the world’s mission-critical systems and services

We’ve built relationships with some of the world’s leading companies. Together we’re disruption-proofing their operations and supporting their customers.

Disaster recovery plans explained

Develop a disaster recovery plan that boosts your cyber resilience and recovery capability

What is a disaster recovery plan and how does it work?

A disaster recovery (DR) plan is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events. The plan contains strategies to minimize the effects of a disaster, so an organization can continue to operate or quickly resume key operations.

Disruptions can lead to lost revenue, brand damage and dissatisfied customers — and the longer the recovery time, the greater the adverse business impact. Therefore, a good disaster recovery plan should enable rapid recovery from disruptions, regardless of the source of the disruption.  

Explore DRaaS

A DR plan is more focused than a  business continuity plan and does not necessarily cover all contingencies for business processes, assets, human resources and business partners.

A successful DR solution typically addresses all types of operation disruption and not just the major natural or man-made disasters that make a location unavailable. Disruptions can include power outages, telephone system outages, temporary loss of access to a facility due to bomb threats, a "possible fire" or a low-impact non-destructive fire, flood or other event. A DR plan should be organized by type of disaster and location. It must contain scripts (instructions) that can be implemented by anyone.

Before the 1970s, most organizations only had to concern themselves with making copies of their paper-based records. Disaster recovery planning gained prominence during the 1970s as businesses began to rely more heavily on computer-based operations. At that time, most systems were batch-oriented mainframes. Another offsite mainframe could be loaded from backup tapes, pending recovery of the primary site.

In 1983 the U.S. government mandated that national banks must have a testable backup plan. Many other industries followed as they understood the significant financial losses associated with long-term outages.

By the 2000s, businesses had become even more dependent on digital online services. With the introduction of big data, cloud, mobile and social media, companies had to cope with capturing and storing massive amounts of data at an exponential rate. DR plans had to become much more complex to account for much larger amounts of data storage from a myriad of devices. The advent of cloud computing in the 2010s helped to alleviate this disaster recovery complexity by allowing organizations to outsource their disaster recovery plans and solutions.

Another current trend that emphasizes the importance of a detailed disaster recovery plan is the increasing sophistication of cyber attacks. Industry statistics show that many attacks stay undetected for well over 200 days. With so much time to hide in a network, attackers can plant malware that finds its way into the backup sets –infecting even recovery data. Attacks may stay dormant for weeks or months, allowing malware to propagate throughout the system. Even after an attack is detected, it can be extremely difficult to remove malware that is so prevalent throughout an organization.

Business disruption due to a cyber attack can have a devastating impact on an organization. For instance, cyber outage at a package delivery company can disrupt operations across its supply chain, leading to financial and reputational loss. In today’s digitally dependent world, every second of that disruption counts.

Why is a DR plan important?

The compelling need to drive superior customer experience and business outcome is fueling the growing trend of hybrid multicloud adoption by enterprises. Hybrid multicloud, however, creates infrastructure complexity and potential risks that require specialized skills and tools to manage. As a result of the complexity, organizations are suffering frequent outages and system breakdown, coupled with cyber-attacks, lack of skills, and supplier failure. The business impact of outages or unplanned downtime is extremely high, more so in a hybrid multicloud environment. Delivering resiliency in a hybrid multicloud requires a disaster recovery plan that includes specialized skills, an integrated strategy and advanced technologies, including orchestration for data protection and recovery. Organizations must have comprehensive enterprise resiliency with orchestration technology to help mitigate business continuity risks in hybrid multicloud, enabling businesses to achieve their digital transformation goals.

Other key reasons why a business would want a detailed and tested disaster recovery plan include:

•To minimize interruptions to normal operations.

•To limit the extent of disruption and damage.

•To minimize the economic impact of the interruption.

•To establish alternative means of operation in advance.

•To train personnel with emergency procedures.

•To provide for smooth and rapid restoration of service.

To meet today's expectation of continuous business operations, organizations must be able to restore critical systems within minutes, if not seconds of a disruption.

How are organizations using disaster recovery plans?

Many organizations struggle to evolve their disaster recovery plan strategies quickly enough to address today’s hybrid-IT environments and complex business operations. In an always-on, 24/7-world, an organization can gain a competitive advantage –or lose market share –depending on how quickly it can recover from a disaster and recover core business services.

Some organizations use external disaster recovery and business continuity consulting services to address a company’s needs for assessments, planning and design, implementation, testing and full resiliency program management.

There are proactive services to help businesses overcome disruptions with flexible, cost-effective IT DR solutions.

With the growth of cyber attacks, companies are moving from a traditional/manual recovery approach to an automated and software-defined resiliency approach. Other companies turn to cloud-based backup services provide continuous replication of critical applications, infrastructure, data and systems for rapid recovery after an IT outage. There are also virtual server options to protect critical servers in real-time. This enables rapid recovery of your applications to keep businesses operational during periods of maintenance or unexpected downtime.

For a growing number of organizations, the solution is with resiliency orchestration, a cloud-based approach that uses disaster recovery automation and a suite of continuity-management tools designed specifically for hybrid-IT environments and protecting business process dependencies across applications, data and infrastructure components. The solution increases the availability of business applications so that companies can access necessary high-level or in-depth intelligence regarding Recovery Point Objective (RPO) ,  Recovery Time Objective (RTO)  and the overall health of IT continuity from a centralized dashboard.

In today’s always-on world, your business can’t afford downtime, which can result in revenue loss, reputational damage, and regulatory penalties. Learn how Kyndryl can help transform your IT recovery management through automation to simplify disaster recovery process, increase workflow efficiency, and reduce risk, cost, and system testing time.

How is a disaster recovery (DR) plan used in industry?

Hyundai Heavy Industries (HHI) was faced with that harsh reality when a 5.8 magnitude earthquake struck in 2016. Since the company’s backup center was located near headquarters in Ulsan City, Korea, the earthquake served as a wake-up call for HHI to examine its disaster recovery systems and determine preparedness for a full range of potential disruption. In 2016 an earthquake showed just how close a natural disaster could come to damaging Hyundai's mission critical IT infrastructure. The IT leadership responded quickly, working with Kyndryl Business Resiliency Services to implement a robust disaster recovery solution with a remote data center.

What are the key steps of a disaster recovery (DR) plan?

The objective of a disaster recovery (DR) plan is to ensure that an organization can respond to a disaster or other emergency that affects information systems –and minimize the effect on business operations. Kyndryl has a template for producing a basic DR plan. The following are the suggested steps as found in the DR template. Once you have prepared the information, it is recommended that you store the document in a safe, accessible location off site.

 Ntiva | Managed IT, Security, & Cloud Services

10 Essential Elements of an IT Disaster Recovery Plan


The challenges of recent years have proven that every business needs an IT disaster recovery plan when things go wrong — which as we've learned, they will. It’s never too early to plan disaster recovery, and IT disaster recovery plans (IT DRPs) are essential for rescuing systems. With these things in mind, here is an IT disaster recovery plan template to help you prepare for the worst (so you can hope for the best with more confidence).

What is a disaster recovery plan?

A disaster recovery plan is a documented process detailing a disaster recovery strategy and a list of well-thought-out disaster recovery procedures, designed to help protect your business from expensive disasters.

For your disaster recovery plan template, we've outlined the 10 essential elements of a disaster recovery plan to help get you started!

Many businesses, for various reasons, think they don't need a  disaster recovery plan (IT DRP), but one simple fact explains why the DRP is essential: the majority of IT disasters (big and small) are caused by human error .

Simply put, your employees are the number one reason why your organization needs to have an IT disaster recovery plan (also referred to as DRP or IT DR) in place.

It’s not that you need to guard against disgruntled workers sabotaging critical systems, although that does sometimes happen.

The more common risk comes from your people just being … people, clicking on a bad link, or opening a malware-infected file attached to an email.

Humans are fallible, so the disaster recovery planning process needs to pay special attention to your business’ most well-meaning but inevitably fallible asset. The DRP will minimize the risk of human error, helping to prevent hackers, viruses, or ransomware attacks from having an easy ride.

Other risks exist too, so your plan will need to mitigate against:

Before you jump into building the information technology side of your business continuity strategies, you need to have an idea of the most critical elements.

Let's get started — here are 10 essential elements to include disaster recovery planning.

1. Assessment

2. Strategy

3. Training

4. Response Teams

7. Air Gapping

8. Encryption

9. Retention

10. Testing

Top Ten Essential Elements of a Disaster Recovery Plan (DRP) 

Disaster Recovery LIST(1)

1. Do A Thorough IT Assessment and Inventory

In order to put a reliable disaster recovery plan into action, you first need to do a thorough inventory of your IT assets. This will include on-site hardware and software, and also all the cloud-based systems and services that your business operations rely on.

This assessment and risk analysis is generally conducted by your IT provider and, depending upon the size of your company and the complexity of business processes, your DRP assessment can take some time.

If the DRP assessment is not done or is incomplete, an organization may find it difficult to recover critical processes or data in the event of an IT disaster.

As part of your disaster recovery planning, a managed security service provider can play a key role in ensuring that your security and compliance requirements are being met, regardless of your industry.

2. IT Backup Management Strategy under the DR Plan

Once you've done a thorough assessment of your IT assets — data, systems, hardware, cloud — it's time to get to work on an IT disaster plan.

With disaster recovery planning, the formal strategy generation process begins when an IT engineer takes the information from the assessment and examines it to see what tools and tactics will work best for your scenario and business operations.

DR planning varies because every organization is unique in its reliance upon and use of data, applications, on-site assets, and cloud-based options.

The most cost-effective technology disaster recovery plan option for a business may be to migrate to the cloud instead of maintaining physical off-site data centers (known as disaster recovery sites) for DR plans.

These ironclad facilities have their own enterprise-level protections, so rest assured that the data center disaster recovery plan is your ultimate guarantee of safety within your own DR plan.

An internal disaster recovery site might be a better fit for the recovery strategy when companies have greater information requirements and aggressive recovery time requirements.

The strategy stage of the business continuity/disaster recovery (BCDR) process is where the IT specialists use their experience and expertise to fine-tune the recovery plan that will work for your business.

3. Proper Backup Management Requires Employee Training

In order to be effective, disaster recovery strategies must be championed by top management and adopted throughout the organization.

Each member of the management team and all staff must understand their role in keeping processes within the umbrella of protection provided by the IT disaster recovery plan.

If, for example, an employee decides to make their job "easier" by downloading software from the internet without talking to IT support, they are effectively taking a part of both the company’s data and its operations outside the protection afforded by business continuity planning and the disaster recovery plan.

As part of disaster recovery management, an organization must invest in training employees both in cybersecurity awareness and in their individual roles (the steps they should take) if disaster strikes.

4. Create Disaster Response Teams

Best practice for a disaster recovery plan includes having an emergency response team that determines to what extent the disaster recovery plan must be invoked.

Once the roles and responsibilities are assigned, this team then contacts and assembles the disaster recovery team that includes IT specialists as well as key staff from the main business departments who focus on business recovery.

It's critical to create and test the plan with disruption rehearsals in which delegated staff respond to disaster recovery plan examples. Practice makes perfect, and also embeds the subject into work culture so that nobody will ever ask “What is a disaster recovery?” ever again.

Under the disaster recovery policy, team members need to have the contact information of third parties including key customers, suppliers, insurance, media outlets, and even family members to respond in cases of natural disasters or personal injury.

The recovery plan template will also include a financial assessment that evaluates disaster-related costs and the cost of restoring normal operations.

5. Ensure Your Backups Include Data and Workflow

Perhaps the cornerstone of any IT disaster recovery plan is data backup to prevent data loss. However, it's important to note that not all backup solutions are created equal.

Something to consider when you create a disaster recovery plan is the knowledge that many consumer-grade and "business-lite" backup solutions only back up data files — not your entire system. Without access to BOTH your data and your applications and operating systems, your company could have trouble with restoration.

To prevent data loss and limit the risk to operations, Ntiva follows enterprise-class, image-based cloud backup procedures that mirror (back up) your entire system — not just individual files. That’s why it should be one of the highest placed items on your disaster recovery plan checklist.

As part of the IT disaster recovery plan template, we leverage the 3-2-1 rule of data backup to help make sure you always have a copy of your data available for retrieval from a recovery point.

Disaster Recovery List 2

What is the 3-2-1 rule?

Under disaster recovery plans, your emergency backups need to be regular, automatic and verified at each stage of the backup process.

6. Know What Metrics to Consider in a Disaster Recovery Plan

One of the things you will discuss with your IT provider when setting up a disaster recovery plan is metrics. Questions may include:

Often, the question we get from business management is, "Can we get up and running within XXX hours?"

The answer to that RTO-related question is always, "Yes," but that "Yes" may come with a higher price tag.

Cost factors can inevitably affect your network disaster recovery plan. Whether or not an organization has migrated to the cloud, how often digital assets are backed up, and how quickly you need to restore normal operations, will all be reflected in the price.

With these metrics, it’s always wise to have a conversation about the costs versus benefits. Business disaster recovery is obviously crucial but there’s a sensible balance to be struck with any DR plan.

7. Ensure You're Using Air Gapped Backups

Ntiva procedures create air-gapped backups, keeping cybercriminals from jumping laterally from your live systems to your backups if they enter your network and instigate a disaster in the active data center.

We accomplish this by either having a separate backup that isn't connected to the network by LAN or we utilize a backup appliance running a different operating system (with different security access) than the one used by the server and devices on the network.

This ensures an organization can recover its data within the range of its RPO.

8. Backup Encryption is a MUST

Encryption of your backups is a critical step in keeping the information in your files and applications away from prying eyes.

When data is encrypted both in transit and at rest it is useless to a criminal. Although your team can retrieve and use the data, it appears as gibberish to any unauthorized user.

9. Know Your Backup Retention and Compliance Standards

Under recovery plans, part of the encryption conversation is compliance requirements .

Many of the industry-standard and legislative compliance protocols mandate data encryption. Disaster recovery plans detail the algorithm used for data encryption in the data center and recovery procedures to meet RTO and RPO targets.

Retention of files — especially email correspondence — is a big deal for companies in regulated industries. Part of any IT disaster recovery plan is the inclusion of policies and corresponding IT protocols that ensure that data retention expectations are met.

10. Plan for Disaster Recovery Testing Exercises

Recovery plans are only effective if people test them and everyone knows what their role is when the plan is enacted.

At least once a year, a "tabletop" testing exercise must be performed by your IT provider and key internal stakeholders to make certain that disaster recovery processes are working as they should and that everyone knows what to do in the event of an IT disaster.

Because disaster recovery plans are only as good as your staff can make them, each member of your recovery team should be involved in the testing each year and everyone should know what’s expected of them in the event of an actual IT disaster.

Answer questions for employees like:

Your business disaster recovery plan should include all of these questions (and possibly many more). The answers should be easily accessible so that team members avoid chaos and lost time, and you avoid lost revenue.

Looking to set up or revise your company's Business Continuity and Disaster Recovery Plan? The Ntiva team is here to help. Let's get started.

New call-to-action

Tags: Managed IT

You May Also Like These Articles

Certified Apple Managed Service Provider for Business: Ntiva

Certified Apple Managed Service Provider for Business: Ntiva

Topics: Managed IT

Benefits Of Using Flutter For Mobile App Development

Benefits Of Using Flutter For Mobile App Development

Managed IT Services NYC: 2023 Guide

Managed IT Services NYC: 2023 Guide

Subscribe to the ntiva blog.

Subscribe to our blog to stay informed!

7900 Westpark Drive, Suite A100, McLean, VA 22102 [email protected] 1-888-996-8482


disaster recovery plan for technology

Cloudian Products  

The object storage buyer’s guide.

Technical/financial benefits; how to evaluate for your environment.

HyperIQ Observability & Analytics

Watch 2-min Intro

Evaluator Group Webinar

Skills Shortage? Ease the Storage Management Burden. Watch On-Demand

Scaling Object Storage with Adaptive Data Management

Get White Paper


Industries  , 2021 enterprise ransomware victims report.

Don’t Be a Victim

Scalable S3-Compatible Storage, On-Prem with AWS Outposts

Trending topic: on-prem s3 for data analytics.

Watch Webinar

Ransomware 2021: A Conversation with Veeam CISO Gil Vega

Hear His Thoughts

How a Private Cloud Addresses the Kubernetes Storage Challenge

Free White Paper

Data Security & Compliance: 3 ?s Every CIO Should Ask

Ask the Right ??s

5 Things Every MSP Should Know About Sovereign Cloud

Get Free eBook

TCO Report: NAS File Tiering

Learn how object storage can dramatically reduce Tier 1 storage costs

Get TCO Analysis

Satellite Application Catapult Deploys Cloudian for Scalable Storage

Replaces conventional NAS, saves 75%

Read Their Story

On-Demand Webinar

Veeam & Cloudian: Office 365 Backup – It’s Essential

Blog: How to Grow Your Storage and Not Your CAPEX Spend

Pay as you grow, starting at 1.3 cents/GB/month

Read the Blog

Why the FBI Can’t Stop Cybercrime and How You Can

Register Now

8 Reasons to Choose Cloudian for State & Local Government Data

Get 8 Reasons

Cloudian HyperStore SEC17a-4 Cohasset Assessment Report

Read the Assessment

Hybrid Cloud for Manufacturers

Tape: does it measure up, customer testimonial: university of leicester.

Hear from Mark

Public Health England: Resilient IT Infrastructure for an Uncertain Time

Watch On-Demand

How to Accelerate Genomics Data Analysis Pipelines by 10X

Hear from Weka

How MSPs Can Build Profitable Revenue Streams with Storage Services

Get IDC’s Take

Technology Partners  

Get scalable storage on-prem for aws outposts.

Hear from AWS

Lock Ransomware Out with Commvault & Cloudian

Cribl stream with cloudian hyperstore s3 data lake, why object storage is best for advanced analytics apps in greenplum.

Explore Solution

Customer Video: NTT Communications

Hear from NTT

How to Store Kasten Backups to Cloudian

Klik.solutions delivers world-class backup-as-a-service with lenovo & cloudian.

Why They Chose Us

Modernize SQL Server with S3 Data Lake

Find Out How

How to Run Cloudian on OpenShift as a Container

Immutable object storage for european smbs from rnt rausch and cloudian, backup/archive to cloudian with rubrik nas cloud direct, on-premises object storage for snowflake analytics workloads.

Get the Details

Splunk, ClearShark, and Cloudian discuss Federal Industry Storage Trends

Teradata & cloudian: modern data analytics for hybrid and multi-cloud, 1-step to data protection: all you need to know about veeam v12 + cloudian.

Step up to Cloudian

Modernize Your Enterprise Archive Storage with Cloudian and Veritas

Read About It

Unified Analytics Data Lake Platform with Vertica and Cloudian HyperStore

Vmware cloud providers: get started in cloud storage, free..

Get Started

Weka + Cloudian: High-Performance, Exabyte-Scalable Storage for AI/ML

Customers  , cloudian enables leading swiss financial institution to retain and analyze more big data.

Read Case Study

Indonesian Financial Services Company Replaces NAS With Cloudian

State of california selects storage-as-a-service offering powered by cloudian, cloudian provides utah state agencies with rubrik-compatible backup target, cuts costs by 75 percent, australian genomic sequencing leader accelerates research with cloudian, swiss education non-profit achieves scale and flexibility of public cloud on-prem with cloudian, indonesia ministry of education deploys cloudian object storage to keep up with data growth, leading german paper company meets growing data backup needs with cloudian, vox media automates archive process to accelerate workflow by 10x, wgbh boston builds a hybrid cloud active archive with cloudian hyperstore, large german retailer consolidates primary and secondary storage to cloudian, how a sovereign cloud provider succeeds in cloud storage services.

View On-Demand

IT Service Provider Drives Business Growth with Cloudian-based Offering

Calcasieu parish sheriff deploys hybrid cloud for digital evidence data, montebello bus lines mobile video surveillance with cloudian object storage, resources  , storage guides  , ransomware protection buyer’s guide.

Get Free Guide


Cloudian named a gartner peer insights customers’ choice for distributed file systems and object storage.

Read Reviews

IT Disaster Recovery Plan

The easy way to create your own it disaster recovery plan.

Disaster recovery is a critical process that can help an organization survive and recover in case of disaster – whether a natural disaster, accidental data loss, or malicious cyberattack. The IT disaster recovery plan allows an organization to focus, prioritize its risks and assets, establish a data protection strategy, and determine the best way to recover normal operations. Learn the typical structure of an IT disaster recovery plan and how you should go about creating one for your organization.

In this article you will learn:

• What is a disaster recovery plan? • 7 typical chapters of an IT DR plan • Basic steps to creating a plan for your organization • How to protect your data with Cloudian storage devices

What is a Disaster Recovery Plan?

A disaster recovery (DR) plan is a document that helps an organization react to a disaster and take action to prevent damages, and quickly recover operations. IT disaster recovery is a subset of disaster recovery, which focuses on IT aspects of DR, such as minimizing downtime of servers, databases and employee workstations, and bringing critical systems back online. An IT disaster recovery plan enumerates the tools and procedures to make this happen.

7 Chapters of an IT Disaster Recovery Plan

Here is the typical structure of a DR plan:

Basic Steps to Creating Your IT Disaster Recovery Plan

Building a   disaster recovery plan is not as simple as writing a document. You need to do careful research to understand the needs of your organization and the risks it faces. You also need to carefully coordinate the plan with all stakeholders, test it to make sure it works, and continuously update it to make sure it stays relevant.

Follow these steps to create a working disaster recovery plan:

Protecting Data Effortlessly with Cloudian

If you need to backup data to on-premises storage, Cloudian offers low-cost disk-based storage with capacity up to 1.5 Petabytes. You can also set up a Cloudian appliance in a remote site and save data directly to the remote site using our integrated data management tools.

disaster recovery plan for technology

Alternatively, you can use a hybrid cloud setup. Backup data to a local Cloudian appliance, and configure it to replicate all data to the cloud. This allows you to access data locally for quick recovery, while keeping a copy of data on the cloud in case a disaster affects the on-premise data center.

disaster recovery plan for technology

Learn more about Cloudian’s data protection solutions.

Get Started With Cloudian Today

disaster recovery plan for technology

Request a Demo

Join a 30 minute demo with a Cloudian expert.

disaster recovery plan for technology

Download a Free Trial

Try Cloudian in your shop. Run on any VM, even your laptop.

disaster recovery plan for technology

Receive a Cloudian quote and see how much you can save.

disaster recovery plan for technology


  Back to the Learning Center

10 Steps To Include In Your IT Disaster Recovery Plan 

By: Lisa Carroll on July 23, 2022

Print/Save as PDF

10 Steps To Include In Your IT Disaster Recovery Plan 

Business Continuity | Disaster Recovery

Editor's note: This article was originally published in 2019, but has been updated to include the latest, most comprehensive information.

Most business leaders don’t relish the idea of the possibility that disaster will strike their organization. Whether it’s a natural or man-made disaster, the ramifications can be equally damaging. At a minimum, disasters of either kind can cause downtime, damage to your reputation, and financial loss . 

Like many business owners, you may simply brush aside the topic of business continuity and disaster recovery, assuming that since you haven’t been affected yet you won’t be a victim of such devastation in the future.

Or, you may think that you don’t have the financial and staffing resources necessary to prepare for a future event that may or may not happen. 

At Kelser Corporation, businesses often come to us for services after suffering a damaging event. We are not writing this article to sell Kelser’s services, but rather to provide the information that business leaders like you need to protect your organization . 

You see, we believe firmly that it’s better to prepare for an event than struggle to recover from one. We’ve seen the damage that can be caused and we want to help businesses avoid falling victim. 

In this article, I’ll outline a 10-step IT disaster recovery plan you can implement with or without external help . I’ll explain the critical elements and what you can do now to prepare . 

What Is An IT Disaster Recovery Plan? 

An IT disaster recovery plan is a well-thought-out, strategic, systematic document that companies can use to recover from a disaster (natural or otherwise). 

It involves a step-by-step process for restarting work after an unplanned (and sometimes devastating) event. 

While having an overall disaster recovery plan for the entire organization is important, there should be a separate IT disaster recovery plan that focuses on the IT infrastructure. 

Disaster recovery plans are only effective if they are in place long before a disaster ever happens . 

Why Is An IT Disaster Recovery Plan Important? 

Most companies would be hard-pressed to operate without their IT infrastructure. Everything from customer orders to scheduling to employee communication would grind to a halt without IT. 

A quick internet search shows that between 25 and 40 percent of businesses never recover from a natural disaster. 

In addition, the Council of Insurance Agents & Brokers estimates that 60 percent of small businesses are unable to withstand the six months following a cyber-attack due to the massive costs of recovery including damaged reputation, loss of data and revenue, instability, and reduced employee productivity. 

The good news is that there are steps you can take to lessen the risks during and after a disaster. 

10 Things Every IT Disaster Recovery Plan Must Include

Creating an IT disaster recovery plan will ensure that you can focus more on the other things on your plate. Here are 10 topics every IT disaster recovery plan should cover: 

1. IT Inventory

Make sure you have a list of exactly which IT resources —systems, hardware, and software— are used to run the business . 

Ask employees how their work would be impacted if certain systems or networks were unavailable for a period of time . Identify which applications and data are critical to your business. Take extra measures to protect them.  

It can also be helpful to add different scenarios to your IT disaster recovery plan so that you understand which systems would be affected in the event of a flood, hurricane, fire, power outage, or another disaste r on your premises.

2. Data Backup & Verification 

If you don’t have one already, develop a way to regularly back up your essential data off-site . (Data that is static and unchanging may not need to be backed up more than once.) You may decide to use a physical data center located in a different geographical region or the cloud, for example. 

Many organizations don’t consider the risk of maintaining backups physically on-premises in the event of a natural disaster .

Once you establish a regular backup procedure and schedule , test it often to make sure that it works. The last thing you need to realize mid-emergency is that your backups haven’t been working. 

Both physical and cloud backups have risks. Figure out which makes the most sense for your organization. 

If are considering migrating your data to the cloud, read this article for answers: Cloud Migration: What It Means, How It Works (6 Questions To Ask)

3.  Recovery Timeline

Outline acceptable recovery goals and timeframes by which certain IT systems need to be back in operation. Industries such as healthcare may have a recovery timeline of mere minutes, while other industries may be able to tolerate longer timelines.

Be sure your IT disaster recovery plan includes a well-defined Recovery Time Objective (RTO) and Recovery Point Objective (RPO) .

The RTO outlines the maximum amount of time that should pass before your IT systems recover. The RPO defines the maximum amount of time permissible since the most recent data backup.  

Use this downtime cost calculator tool to evaluate your RTO and RPO and get an estimated cost of downtime for your organization. 

4.  Detailed Responsibility 

Get buy-in from key stakeholders . 

Be sure the team understands which IT operations could be affected, how that could affect different business functions, what would happen next, and who would be responsible for resolving the issues. 

Be sure to include a plan for communicating with employees in the event of a power or internet outage.

5.  Physical Damage

Physical damage to your plant could affect your on-site IT equipment as well. Everything from servers to devices could be affected. Some of these damages can be mitigated by moving your operations to the cloud, but anticipate how you will respond to physical damage that may impact IT resources . 

6.  Insider Threats

Humans can also be a source of disaster, whether malicious or unintentional.

One way to lower your risk is to lock down administrative rights on your IT systems. 

Employees and third-party vendors should only have access permissions to the systems and data they need. 

There are countless stories of companies that have been breached by third-party vendors that were given inappropriate access to vulnerable systems. And, your internal salespeople don’t need access to the payroll and benefits information of other employees. 

Another way to reduce risk is to provide employee security awareness training on a regular basis, This training will keep your staff abreast of the latest cyber threats. Experts agree that 80-90 percent of cyber attacks are caused by human error.

Effective employee security awareness training can reduce your risk.  

Questions? Read this article: Employee Security Awareness Training: An Honest Cost-Benefit Analysis .

Wondering what security awareness training should include? We spell it out in this article: 3 Topics Every Cybersecurity Awareness Training Must Include .

7.  Insurance

If you are concerned about the costs of recovery, there are insurance policies out there that cover natural disasters and cyber incidents . This coverage can include the cost of replacing IT equipment, and compensating for broader losses that result from a disaster . 

If you invest in these types of plans, be sure the details are included in your IT disaster recovery plan for easy access. 

8.  Validation

IT disaster recovery plans should be tested at least once (or preferably twice) per year . One of our clients didn’t test their plan for several years, only to find out that when they did a test all of their drives failed when trying to restore them.

If this had occurred during a real disaster, the data would have been lost forever.

Gaps identified during these tests should be documented extensively so that you can start fixing them .

9.  Business Continuity

Business continuity (BC) refers to the organization’s strategy for maintaining essential business operations as much as possible during and after a catastrophe . Create and test a full BC plan in order to be confident that you can meet any unexpected event head-on. 

This plan, which goes hand-in-hand with the IT and organizational disaster recovery plans, should also be tested and kept current. It is an essential part of the organization’s overall BCDR efforts. 

10. Updates

Disaster recovery isn’t something that you can set and forget; it needs to be actively maintained over time . Update your IT disaster recovery plan with new procedures, technologies, and equipment.

Business needs and staff changes, make sure to update and communicate the relevant changes to everyone involved in executing the plan. 

Are You Ready To Implement Your IT Disaster Recovery Plan? 

Building a strong, resilient disaster recovery plan is essential. After reading this article, you know the topics to include in your plan: IT inventory, data backup & verification, recovery timeline, detailed responsibility, physical damage, insider threats, insurance, validation, business continuity plan, and updates. 

Honestly evaluate your ability to implement the steps outlined in this article . Maybe you can do all or some of them on your own. Organizations with a full complement of IT professionals on staff can likely implement this 10-Step IT Disaster Recovery plan on their own.

Organizations with a small IT staff (or IT staff), may need help from an outside IT provider. 

If you decide that working with an outside provider is the best solution, be sure to compare a number of providers so that you get the best fit. Here is a list of questions to consider asking IT providers you are considering. 

While we know Kelser isn’t the right fit for everyone, we encourage you to check out our managed IT support , which includes business continuity and disaster recovery services. 

Or read this article: What Is Managed IT? What’s Included? What Does It Cost?

No matter how you choose to proceed, it’s imperative that you move forward to protect your organization from disaster before you are affected.

Managed IT Support Page Link CTA [BANNER]

About Lisa Carroll

Lisa is Kelser's VP of Revenue who works at the intersection of business and technology to help Kelser’s clients jump on growth opportunities.

Suggested Posts

Case Study

Does My Small Business Need Managed IT Support Services?

Editor's note: This article was originally posted in 2018, but has been updated to include the most current information. 

Read More »

What Is A Business Continuity Plan? Disasters & More

Editor's note: This article was originally published in 2019, but has been updated to reflect the latest information. 

Data Backups Are Key To Disaster Recovery

Editor’s note: This article was originally posted in 2017 with the title How to Make Sure You Have Disaster-Ready Data Backups, but has been updated...

Visit Our Learning Center


  1. How To Create an Effective Disaster Recovery Plan

    disaster recovery plan for technology

  2. 3 Steps for Building a Cloud-Based Disaster Recovery Plan

    disaster recovery plan for technology

  3. How to Plan an Effective Cloud Disaster Recovery Strategy (CDRS)?

    disaster recovery plan for technology

  4. Disaster Recovery Plan Template

    disaster recovery plan for technology

  5. 10+ Disaster Recovery Plan Examples

    disaster recovery plan for technology

  6. Disaster Recovery Plan for IT

    disaster recovery plan for technology


  1. Disaster Preparedness Plan 1

  2. Introducing the National Disaster Recovery Framework

  3. International Recovery Forum 2021: Building Back Better from Compound Disasters (Full-length video)

  4. Recover Quickly After a Natural Disaster


  6. Introduction to SRM Series


  1. IT Disaster Recovery Plan

    Businesses should develop an IT disaster recovery plan. It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and

  2. What is a Disaster Recovery Plan (DRP) and How Do You Write One?

    It is applied to the aspects of an organization that depend on a functioning information technology (IT) infrastructure. A DRP aims to help an organization

  3. Technology Recovery Plan

    Introduction: The Technology Recovery Plan (TRP) is a sub-set of the state entity's Business Continuity Plan. The TRP is activated immediately after a

  4. What is a Disaster Recovery Plan?

    A disaster recovery (DR) plan is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such

  5. Information Technology Disaster Recovery Plan

    Department of Information Technology Office ... This IT Disaster Recovery Plan presents the requirements and the steps that will be taken in.

  6. IT Disaster Recovery Plan

    1. Do A Thorough IT Assessment and Inventory · 2. IT Backup Management Strategy under the DR Plan · 3. Proper Backup Management Requires Employee

  7. IT Disaster Recovery Planning: A Template

    An IT disaster recovery plan is the lynchpin of an overall business continuity strategy. ... Appendix A – Technology Disaster Recovery Plan .

  8. Information Technology Disaster Recovery Plan

    Information Technology Disaster Recovery Plan. On a regular basis, the IT Director shall: 1). Ensure IT employees are familiar with the Emergency Response

  9. The Easy Way to Create Your Own IT Disaster Recovery Plan

    Basic Steps to Creating Your IT Disaster Recovery Plan · Map out your assets · Identify criticality and context · Risk assessment · Define recovery objectives

  10. 10 Steps To Include In Your IT Disaster Recovery Plan

    10 Things Every IT Disaster Recovery Plan Must Include · 1. IT Inventory · 2. Data Backup & Verification · 3. Recovery Timeline · 4. Detailed