An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
IT Disaster Recovery Plan
Businesses use information technology to quickly and effectively process information. Employees use electronic mail and Voice Over Internet Protocol (VOIP) telephone systems to communicate. Electronic data interchange (EDI) is used to transmit data including orders and payments from one company to another. Servers process information and store large amounts of data. Desktop computers, laptops and wireless devices are used by employees to create, process, manage and communicate information. What do you when your information technology stops working?
An information technology disaster recovery plan (IT DRP) should be developed in conjunction with the business continuity plan . Priorities and recovery time objectives for information technology should be developed during the business impact analysis . Technology recovery strategies should be developed to restore hardware, applications and data in time to meet the needs of the business recovery.
Businesses large and small create and manage large volumes of electronic information or data. Much of that data is important. Some data is vital to the survival and continued operation of the business. The impact of data loss or corruption from hardware failure, human error, hacking or malware could be significant. A plan for data backup and restoration of electronic information is essential.
Resources for Information Technology Disaster Recovery Planning
- Computer Security Resource Center - National Institute of Standards and Technology (NIST), Computer Security Division Special Publications
- Contingency Planning Guide for Federal Information Systems - NIST Special Publication 800-34 Rev. 1
- Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities – NIST Special Publication 800-84
- Building An Information Technology Security Awareness and Training Program - NIST Special Publication 800-50
IT Recovery Strategies
Recovery strategies should be developed for Information technology (IT) systems, applications and data. This includes networks, servers, desktops, laptops, wireless devices, data and connectivity. Priorities for IT recovery should be consistent with the priorities for recovery of business functions and processes that were developed during the business impact analysis . IT resources required to support time-sensitive business functions and processes should also be identified. The recovery time for an IT resource should match the recovery time objective for the business function or process that depends on the IT resource.
Information technology systems require hardware, software, data and connectivity. Without one component of the “system,” the system may not run. Therefore, recovery strategies should be developed to anticipate the loss of one or more of the following system components:
- Computer room environment (secure computer room with climate control, conditioned and backup power supply, etc.)
- Hardware (networks, servers, desktop and laptop computers, wireless devices and peripherals)
- Connectivity to a service provider (fiber, cable, wireless, etc.)
- Software applications (electronic data interchange, electronic mail, enterprise resource management, office productivity, etc.)
- Data and restoration
Some business applications cannot tolerate any downtime. They utilize dual data centers capable of handling all data processing needs, which run in parallel with data mirrored or synchronized between the two centers. This is a very expensive solution that only larger companies can afford. However, there are other solutions available for small to medium sized businesses with critical business applications and data to protect.
Internal Recovery Strategies
Many businesses have access to more than one facility. Hardware at an alternate facility can be configured to run similar hardware and software applications when needed. Assuming data is backed up off-site or data is mirrored between the two sites, data can be restored at the alternate site and processing can continue.
Vendor Supported Recovery Strategies
There are vendors that can provide “hot sites” for IT disaster recovery. These sites are fully configured data centers with commonly used hardware and software products. Subscribers may provide unique equipment or software either at the time of disaster or store it at the hot site ready for use.
Data streams, data security services and applications can be hosted and managed by vendors. This information can be accessed at the primary business site or any alternate site using a web browser. If an outage is detected at the client site by the vendor, the vendor automatically holds data until the client’s system is restored. These vendors can also provide data filtering and detection of malware threats, which enhance cyber security.
Developing an IT Disaster Recovery Plan
Businesses should develop an IT disaster recovery plan. It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and wireless devices), software applications and data. The plan should include a strategy to ensure that all critical information is backed up.
Identify critical software applications and data and the hardware required to run them. Using standardized hardware will help to replicate and reimage new hardware. Ensure that copies of program software are available to enable re-installation on replacement equipment. Prioritize hardware and software restoration.
Document the IT disaster recovery plan as part of the business continuity plan . Test the plan periodically to make sure that it works.
Data Backup
Businesses generate large amounts of data and data files are changing throughout the workday. Data can be lost, corrupted, compromised or stolen through hardware failure, human error, hacking and malware. Loss or corruption of data could result in significant business disruption.
Data backup and recovery should be an integral part of the business continuity plan and information technology disaster recovery plan. Developing a data backup strategy begins with identifying what data to backup, selecting and implementing hardware and software backup procedures, scheduling and conducting backups and periodically validating that data has been accurately backed up.
Developing the Data Backup Plan
Identify data on network servers, desktop computers, laptop computers and wireless devices that needs to be backed up along with other hard copy records and information. The plan should include regularly scheduled backups from wireless devices, laptop computers and desktop computers to a network server. Data on the server can then be backed up. Backing up hard copy vital records can be accomplished by scanning paper records into digital formats and allowing them to be backed up along with other digital data.
Options for Data Backup
Tapes, cartridges and large capacity USB drives with integrated data backup software are effective means for businesses to backup data. The frequency of backups, security of the backups and secure off-site storage should be addressed in the plan. Backups should be stored with the same level of security as the original data.
Many vendors offer online data backup services including storage in the “cloud”. This is a cost-effective solution for businesses with an internet connection. Software installed on the client server or computer is automatically backed up.
Data should be backed up as frequently as necessary to ensure that, if data is lost, it is not unacceptable to the business. The business impact analysis should evaluate the potential for lost data and define the “recovery point objective.” Data restoration times should be confirmed and compared with the IT and business function recovery time objectives.
Last Updated: 02/17/2021
Return to top
- Disaster recovery planning and management
disaster recovery plan (DRP)
- Paul Crocetti, Senior Site Editor
What is a disaster recovery plan (DRP)?
A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. A DRP is an essential part of a business continuity plan ( BCP ). It is applied to the aspects of an organization that depend on a functioning information technology (IT) infrastructure. A DRP aims to help an organization resolve data loss and recover system functionality so that it can perform in the aftermath of an incident, even if it operates at a minimal level.
The plan consists of steps to minimize the effects of a disaster so the organization can continue to operate or quickly resume mission-critical functions. Typically, a DRP involves an analysis of business processes and continuity needs. Before generating a detailed plan, an organization often performs a business impact analysis ( BIA ) and risk analysis ( RA ), and it establishes recovery objectives.
As cybercrime and security breaches become more sophisticated, it is important for an organization to define its data recovery and protection strategies. The ability to quickly handle incidents can reduce downtime and minimize financial and reputational damages. DRPs also help organizations meet compliance requirements, while providing a clear roadmap to recovery.
Some types of disasters that organizations can plan for include the following:
- application failure
- communication failure
- power outage
- natural disaster
- malware or other cyber attack
- data center disaster
- building disaster
- campus disaster
- citywide disaster
- regional disaster
- national disaster
- multinational disaster
Recovery plan considerations
When disaster strikes, the recovery strategy should start at the business level to determine which applications are most important to running the organization. The recovery time objective ( RTO ) describes the amount of time critical applications can be down, typically measured in hours, minutes or seconds. The recovery point objective ( RPO ) describes the age of files that must be recovered from data backup storage for normal operations to resume.
This article is part of
What is BCDR? Business continuity and disaster recovery guide
- Which also includes:
- Business resilience vs. business continuity: Key differences
- A free business continuity plan template and guide
- Preparing an annual schedule of business continuity activities
Download this entire guide for FREE now!
Recovery strategies define an organization's plans for responding to an incident, while disaster recovery plans describe how the organization should respond. Recovery plans are derived from recovery strategies.
In determining a recovery strategy, organizations should consider such issues as the following:
- insurance coverage
- resources -- people and physical facilities
- management team's position on risks
- data and data storage
- compliance requirements
Management approval of recovery strategies is important. All strategies should align with the organization's goals. Once DR strategies have been developed and approved, they can be translated into disaster recovery plans.
Types of disaster recovery plans
DRPs can be tailored for a given environment. Some specific types of plans include the following:
- Virtualized disaster recovery plan. Virtualization provides opportunities to implement DR in a more efficient and simpler way. A virtualized environment can spin up new virtual machine instances within minutes and provide application recovery through high availability . Testing is also easier, but the plan must validate that applications can be run in DR mode and returned to normal operations within the RPO and RTO.
- Network disaster recovery plan. Developing a plan for recovering a network gets more complicated as the complexity of the network increases. It is important to provide a detailed, step-by-step recovery procedure; test it properly; and keep it updated. The plan should include information specific to the network, such as in its performance and networking staff.
- Cloud disaster recovery plan. Cloud DR can range from file backup procedures in the cloud to a complete replication. Cloud DR can be space-, time- and cost-efficient, but maintaining the disaster recovery plan requires proper management. The manager must know the location of physical and virtual servers . The plan must address security, which is a common issue in the cloud that can be alleviated through testing.
- Data center disaster recovery plan. This type of plan focuses exclusively on the data center facility and infrastructure. An operational risk assessment is a key part of a data center DRP. It analyzes key components, such as building location, power systems and protection, security and office space. The plan must address a broad range of possible scenarios.
Scope and objectives of DR planning
The main objective of a DRP is to minimize negative effects of an incident on business operations. A disaster recovery plan can range in scope from basic to comprehensive. Some DRPs can be as much as 100 pages long.
DR budgets vary greatly and fluctuate over time. Organizations can take advantage of free resources, such as online DRP templates, like the SearchDisasterRecovery template below.
Several organizations, such as the Business Continuity Institute and Disaster Recovery Institute International, also provide free information and online content how-to articles.
An IT disaster recovery plan checklist typically includes the following:
- critical systems and networks it covers;
- staff members responsible for those systems and networks;
- RTO and RPO information;
- steps to restart, reconfigure, and recover systems and networks; and
- other emergency steps required in the event of an unforeseen incident.
The location of a disaster recovery site should be carefully considered in a DRP. Distance is an important, but often overlooked, element of the DRP process. An off-site location that is close to the primary data center may seem ideal -- in terms of cost, convenience, bandwidth and testing. However, outages differ greatly in scope. A severe regional event can destroy the primary data center and its DR site if the two are located too close together.
How to build a disaster recovery plan
The disaster recovery plan process involves more than simply writing the document. Before writing the DRP, a risk analysis and business impact analysis can help determine where to focus resources in the disaster recovery process.
The BIA identifies the impacts of disruptive events and is the starting point for identifying risk within the context of DR. It also generates the RTO and RPO. The RA identifies threats and vulnerabilities that could disrupt the operation of systems and processes highlighted in the BIA.
The RA assesses the likelihood of a disruptive event and outlines its potential severity.
A DRP checklist should include the following steps:
- establishing the range or extent of necessary treatment and activity -- the scope of recovery;
- gathering relevant network infrastructure documents;
- identifying the most serious threats and vulnerabilities, as well as the most critical assets;
- reviewing the history of unplanned incidents and outages, as well as how they were handled;
- identifying the current disaster recovery procedures and DR strategies;
- identifying the incident response team ;
- having management review and approve the DRP;
- testing the plan;
- updating the plan; and
- implementing a DRP or BCP audit .
Disaster recovery plans are living documents. Involving employees -- from management to entry-level -- increases the value of the plan.
Another component of the DRP is the communication plan . This strategy should detail how both internal and external crisis communication will be handled. Internal communication includes alerts that can be sent using email, overhead building paging systems, voice messages and text messages to mobile devices. Examples of internal communication include instructions to evacuate the building and meet at designated places, updates on the progress of the situation and notices when it's safe to return to the building.
External communications are even more essential to the BCP and include instructions on how to notify family members in the case of injury or death; how to inform and update key clients and stakeholders on the status of the disaster; and how to discuss disasters with the media.
Disaster recovery plan template
An organization can begin its DRP with a summary of vital action steps and a list of important contact information. That makes the most essential information quickly and easily accessible.
The plan should define the roles and responsibilities of disaster recovery team members and outline the criteria to launch the plan into action. The plan should specify, in detail, the incident response and recovery activities.
Get help putting together your disaster recovery plan with SearchDisasterRecovery's free, downloadable IT disaster recovery plan template .
Other important elements of a disaster recovery plan template include the following:
- a statement of intent and a DR policy statement;
- plan goals;
- authentication tools, such as passwords;
- geographical risks and factors;
- tips for dealing with media;
- financial and legal information and action steps; and
- a plan history.
Testing your disaster recovery plan
DRPs are substantiated through testing to identify deficiencies and provide opportunities to fix problems before a disaster occurs. Testing can offer proof that the emergency response plan is effective and hits RPOs and RTOs. Since IT systems and technologies are constantly changing, DR testing also helps ensure a disaster recovery plan is up to date.
Reasons given for not testing DRPs include budget restrictions, resource constraints and a lack of management approval. DR testing takes time, resources and planning. It can also be risky if the test involves using live data.
Build and execute your own disaster recover tests using SearchDisasterRecovery's free, downloadable business continuity testing template .
DR testing varies in complexity. In a plan review, a detailed discussion of the DRP looks for missing elements and inconsistencies. In a tabletop test, participants walk through plan activities step by step to demonstrate whether DR team members know their duties in an emergency. A simulation test uses resources such as recovery sites and backup systems in what is essentially a full-scale test without an actual failover .
Incident management plan vs. disaster recovery plan
An incident management plan ( IMP ) -- or incident response plan -- should also be incorporated into the DRP; together, the two create a comprehensive data protection strategy. The goal of both plans is to minimize the impact of an unexpected incident, recover from it and return the organization to its normal production levels as fast as possible. However, IMPs and DRPs are not the same.
The major difference between an incident management plan and a disaster recovery plan is their primary objectives. An IMP focuses on protecting sensitive data during an event and defines the scope of actions to be taken during the incident, including the specific roles and responsibilities of the incident response team.
In contrast, a DRP focuses on defining the recovery objectives and the steps that must be taken to bring the organization back to an operational state after an incident occurs.
Learn what it takes to develop a disaster recovery plan that considers the cloud and cloud services.
Continue Reading About disaster recovery plan (DRP)
- 10 steps for optimal IT disaster recovery plan design
- 4 components of a disaster recovery plan to prepare for a crisis
- 6 steps to a successful network disaster recovery plan
- What to include in a disaster recovery testing plan
Related Terms
Dig deeper on disaster recovery planning and management.
virtual disaster recovery
business impact analysis (BIA)
Cloud-era disaster recovery planning: Maintenance and continuous improvement
A new SaaS backup specialist emerges from stealth to protect data in apps such as Trello, GitHub and GitLab, which CEO Rob ...
A growing number of enterprise Kubernetes users presents an opportunity for CloudCasa, currently a division of Catalogic, with ...
Organizations with SaaS-based applications are still relying on the providers for data protection, even though the vendors are ...
Pure Storage expanded its storage offerings with FlashBlade//E designed for the unstructured data market with an acquisition cost...
Data governance manages the availability, usability, integrity and security of data. Follow these best practices for governance ...
Vast Data Universal Storage brought out data services, including set performance, metadata cataloging, better security, container...
An incident response program ensures security events are addressed quickly and effectively as soon as they occur. These best ...
The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware ...
While ransomware incidents appear to be decreasing, several high-profile organizations, including Dole, Dish Network and the U.S....
Policymakers want federal data privacy legislation limiting businesses' ability to collect data on individuals and banning ...
Public, private, hybrid or consortium, each blockchain network has distinct pluses and minuses that largely drive its ideal uses ...
Get the lowdown on the major features, differentiators, strengths and weaknesses of the blockchain platforms getting the most ...
TECHNOLOGY RECOVERY PLAN - 5325.1
Introduction: The Technology Recovery Plan (TRP) is a sub-set of the state entity’s Business Continuity Plan. The TRP is activated immediately after a disaster strikes and focuses on getting critical systems back online.
Policy: Each state entity shall develop a TRP in support of the state entity’s Continuity Plan and the business need to protect critical information assets to ensure their availability following an interruption or disaster. Each state entity must keep its TRP up- to-date and provide annual documentation for those updates to the CISO. The annual requirements are:
Recovery Program Compliance Certification ( SIMM 5325-B ) with the CISO, in accordance with the Information Security Compliance Reporting Schedule - SIMM 5330-C .
- If the state entity employs the services of a data center it must work with the data center to establish and document TRP coordination procedures.
Each state entity TRP must cover, at a minimum, the program areas which are listed and described in the Technology Recovery Plan Documentation for Agencies Preparation Instructions ( SIMM 5325-A ). If the TRP does not follow the format in SIMM 5325-A , a cross reference sheet, SIMM 5325-B , must be included with the update to indicate where required information is located.
The TRP must outline a planned approach to managing risks to the state entity’s mission, including risk and potential impact to critical information technology assets. The TRP must be derived from the state entity’s business impact assessment and Business Continuity Plan. Instructions for preparing the TRP are described in SIMM 5325-A .
No Revisions for this item.
Search Entire Manual
Print entire sam manual.
- Perspectives
Kyndryl has a comprehensive set of Technology Services around hybrid cloud solutions, business resiliency and network services for your IT transformations.
- Applications
- Core Enterprise and zCloud
- Data and AI
- Digital Workplace
- Network and Edge
- Security and Resiliency
An open integration platform delivering IT solutions.
Co-creating to solve complex business problems
Kyndryl’s industry experts help modernize, digitize and secure your IT to provide outstanding customer experiences.
- Banking and Financial Markets
- Manufacturing
- Communications and Media
- Travel and Transportation
Kyndryl can help you identify and secure state and federal funding to support your critical technology projects.
Empowering progress while modernizing and managing the world’s mission-critical systems and services
- Corporate Responsibility
- Inclusion and Diversity
We’ve built relationships with some of the world’s leading companies. Together we’re disruption-proofing their operations and supporting their customers.
Disaster recovery plans explained
Develop a disaster recovery plan that boosts your cyber resilience and recovery capability
What is a disaster recovery plan and how does it work?
A disaster recovery (DR) plan is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events. The plan contains strategies to minimize the effects of a disaster, so an organization can continue to operate or quickly resume key operations.
Disruptions can lead to lost revenue, brand damage and dissatisfied customers — and the longer the recovery time, the greater the adverse business impact. Therefore, a good disaster recovery plan should enable rapid recovery from disruptions, regardless of the source of the disruption.
Explore DRaaS
A DR plan is more focused than a business continuity plan and does not necessarily cover all contingencies for business processes, assets, human resources and business partners.
A successful DR solution typically addresses all types of operation disruption and not just the major natural or man-made disasters that make a location unavailable. Disruptions can include power outages, telephone system outages, temporary loss of access to a facility due to bomb threats, a "possible fire" or a low-impact non-destructive fire, flood or other event. A DR plan should be organized by type of disaster and location. It must contain scripts (instructions) that can be implemented by anyone.
Before the 1970s, most organizations only had to concern themselves with making copies of their paper-based records. Disaster recovery planning gained prominence during the 1970s as businesses began to rely more heavily on computer-based operations. At that time, most systems were batch-oriented mainframes. Another offsite mainframe could be loaded from backup tapes, pending recovery of the primary site.
In 1983 the U.S. government mandated that national banks must have a testable backup plan. Many other industries followed as they understood the significant financial losses associated with long-term outages.
By the 2000s, businesses had become even more dependent on digital online services. With the introduction of big data, cloud, mobile and social media, companies had to cope with capturing and storing massive amounts of data at an exponential rate. DR plans had to become much more complex to account for much larger amounts of data storage from a myriad of devices. The advent of cloud computing in the 2010s helped to alleviate this disaster recovery complexity by allowing organizations to outsource their disaster recovery plans and solutions.
Another current trend that emphasizes the importance of a detailed disaster recovery plan is the increasing sophistication of cyber attacks. Industry statistics show that many attacks stay undetected for well over 200 days. With so much time to hide in a network, attackers can plant malware that finds its way into the backup sets –infecting even recovery data. Attacks may stay dormant for weeks or months, allowing malware to propagate throughout the system. Even after an attack is detected, it can be extremely difficult to remove malware that is so prevalent throughout an organization.
Business disruption due to a cyber attack can have a devastating impact on an organization. For instance, cyber outage at a package delivery company can disrupt operations across its supply chain, leading to financial and reputational loss. In today’s digitally dependent world, every second of that disruption counts.
Why is a DR plan important?
The compelling need to drive superior customer experience and business outcome is fueling the growing trend of hybrid multicloud adoption by enterprises. Hybrid multicloud, however, creates infrastructure complexity and potential risks that require specialized skills and tools to manage. As a result of the complexity, organizations are suffering frequent outages and system breakdown, coupled with cyber-attacks, lack of skills, and supplier failure. The business impact of outages or unplanned downtime is extremely high, more so in a hybrid multicloud environment. Delivering resiliency in a hybrid multicloud requires a disaster recovery plan that includes specialized skills, an integrated strategy and advanced technologies, including orchestration for data protection and recovery. Organizations must have comprehensive enterprise resiliency with orchestration technology to help mitigate business continuity risks in hybrid multicloud, enabling businesses to achieve their digital transformation goals.
Other key reasons why a business would want a detailed and tested disaster recovery plan include:
•To minimize interruptions to normal operations.
•To limit the extent of disruption and damage.
•To minimize the economic impact of the interruption.
•To establish alternative means of operation in advance.
•To train personnel with emergency procedures.
•To provide for smooth and rapid restoration of service.
To meet today's expectation of continuous business operations, organizations must be able to restore critical systems within minutes, if not seconds of a disruption.
How are organizations using disaster recovery plans?
Many organizations struggle to evolve their disaster recovery plan strategies quickly enough to address today’s hybrid-IT environments and complex business operations. In an always-on, 24/7-world, an organization can gain a competitive advantage –or lose market share –depending on how quickly it can recover from a disaster and recover core business services.
Some organizations use external disaster recovery and business continuity consulting services to address a company’s needs for assessments, planning and design, implementation, testing and full resiliency program management.
There are proactive services to help businesses overcome disruptions with flexible, cost-effective IT DR solutions.
With the growth of cyber attacks, companies are moving from a traditional/manual recovery approach to an automated and software-defined resiliency approach. Other companies turn to cloud-based backup services provide continuous replication of critical applications, infrastructure, data and systems for rapid recovery after an IT outage. There are also virtual server options to protect critical servers in real-time. This enables rapid recovery of your applications to keep businesses operational during periods of maintenance or unexpected downtime.
For a growing number of organizations, the solution is with resiliency orchestration, a cloud-based approach that uses disaster recovery automation and a suite of continuity-management tools designed specifically for hybrid-IT environments and protecting business process dependencies across applications, data and infrastructure components. The solution increases the availability of business applications so that companies can access necessary high-level or in-depth intelligence regarding Recovery Point Objective (RPO) , Recovery Time Objective (RTO) and the overall health of IT continuity from a centralized dashboard.
In today’s always-on world, your business can’t afford downtime, which can result in revenue loss, reputational damage, and regulatory penalties. Learn how Kyndryl can help transform your IT recovery management through automation to simplify disaster recovery process, increase workflow efficiency, and reduce risk, cost, and system testing time.
How is a disaster recovery (DR) plan used in industry?
Hyundai Heavy Industries (HHI) was faced with that harsh reality when a 5.8 magnitude earthquake struck in 2016. Since the company’s backup center was located near headquarters in Ulsan City, Korea, the earthquake served as a wake-up call for HHI to examine its disaster recovery systems and determine preparedness for a full range of potential disruption. In 2016 an earthquake showed just how close a natural disaster could come to damaging Hyundai's mission critical IT infrastructure. The IT leadership responded quickly, working with Kyndryl Business Resiliency Services to implement a robust disaster recovery solution with a remote data center.
What are the key steps of a disaster recovery (DR) plan?
The objective of a disaster recovery (DR) plan is to ensure that an organization can respond to a disaster or other emergency that affects information systems –and minimize the effect on business operations. Kyndryl has a template for producing a basic DR plan. The following are the suggested steps as found in the DR template. Once you have prepared the information, it is recommended that you store the document in a safe, accessible location off site.
- Major goals: The first step is to broadly outline the major goals of a disaster recovery plan.
- Personnel: Record your data processing personnel. Include a copy of the organization chart with your plan.
- Application profile: List applications and whether they are critical and if they are a fixed asset.
- Inventory profile: List the manufacturer, model, serial number, cost and whether each item is owned or leased.
- Information services backup procedures: Include information such as: “Journal receivers are changed at ________ and at ________.” And: “Changed objects in the following libraries and directories are saved at ____.”
- Emergency response procedures to document the appropriate emergency response to a fire, natural disaster, or any other activities in order to protect lives and limit damages.
- Backup operations procedures to ensure that essential data processing operational tasks can be conducted after the disruption.
- Recovery actions procedures to facilitate the rapid restoration of a data processing system following a disaster.
- DR plan for mobile site: The plan should include a mobile site setup plan, a communication disaster plan (including the wiring diagrams) and an electrical service diagram.
- DR plan for hot site: An alternate hot site plan should provide for an alternative (backup) site. The alternate site has a backup system for temporary use while the home site is being reestablished.
- Restoring the entire system: To get your system back to the way it was before the disaster, use the procedures on recovering after a complete system loss in Systems management: Backup and recovery.
- Rebuilding process: The management team must assess the damage and begin the reconstruction of a new data center.
- Testing the disaster recovery and cyber recovery plan: In successful contingency planning, it is important to test and evaluate the DR plan regularly. Data processing operations are volatile in nature, resulting in frequent changes to equipment, programs and documentation. These actions make it critical to consider the plan as a changing document.
- Disaster site rebuilding: This step should include a floor plan of the data center, the current hardware needs and possible alternatives –as well as the data center square footage, power requirements and security requirements.
- Record of plan changes: Keep your DR plan current. Keep records of changes to your configuration, your applications and your backup schedules and procedures.
- IT Help Desk
- Remote IT Support
- On-Site IT Support
- Server Administration and Management
- Network Monitoring and Management
- Backup and Disaster Recovery
- IT Procurement
- Employee Onboarding and Offboarding
- Co-Managed IT Services
- Cybersecurity Risk Assessment Services
- Virtual CISO Services & Solutions
- Multi Factor Authentication Managed Services
- Endpoint Detection & Response Services
- Intrusion Detection & Response Services
- Phishing Prevention Training Services
- Vulnerability Testing & Assessment Services
- Professional Dark Web Monitoring
- IT Strategy & Consulting
- Cloud & Data Migration Services
- IT Assessment Services
- Managed Cloud Infrastructure
- Managed Cloud Security
- Governance, Risk & Compliance
- Microsoft 365 Business Voice
- Microsoft Teams
- Microsoft Azure
- Microsoft OneDrive
- Microsoft SharePoint
- Apple Technology
- Business Communications
- Private Equity/M&A
- Manufacturing
- Mergers & Acquisitions
- Press Releases & News
- Trust & Security
- Cybersecurity Lunch & Learns
- Microsoft Lunch & Learns
- Guides, Briefs, and E-Books
- Case Studies
- IT Services Buyers Guide
- Book a Consultation
10 Essential Elements of an IT Disaster Recovery Plan
The challenges of recent years have proven that every business needs an IT disaster recovery plan when things go wrong — which as we've learned, they will. It’s never too early to plan disaster recovery, and IT disaster recovery plans (IT DRPs) are essential for rescuing systems. With these things in mind, here is an IT disaster recovery plan template to help you prepare for the worst (so you can hope for the best with more confidence).
What is a disaster recovery plan?
A disaster recovery plan is a documented process detailing a disaster recovery strategy and a list of well-thought-out disaster recovery procedures, designed to help protect your business from expensive disasters.
For your disaster recovery plan template, we've outlined the 10 essential elements of a disaster recovery plan to help get you started!
Many businesses, for various reasons, think they don't need a disaster recovery plan (IT DRP), but one simple fact explains why the DRP is essential: the majority of IT disasters (big and small) are caused by human error .
Simply put, your employees are the number one reason why your organization needs to have an IT disaster recovery plan (also referred to as DRP or IT DR) in place.
It’s not that you need to guard against disgruntled workers sabotaging critical systems, although that does sometimes happen.
The more common risk comes from your people just being … people, clicking on a bad link, or opening a malware-infected file attached to an email.
Humans are fallible, so the disaster recovery planning process needs to pay special attention to your business’ most well-meaning but inevitably fallible asset. The DRP will minimize the risk of human error, helping to prevent hackers, viruses, or ransomware attacks from having an easy ride.
Other risks exist too, so your plan will need to mitigate against:
- Hardware failures
- Criminal acts
- Power surge/outage
- Natural disasters
- Loss of communication systems
Before you jump into building the information technology side of your business continuity strategies, you need to have an idea of the most critical elements.
Let's get started — here are 10 essential elements to include disaster recovery planning.
1. Assessment
2. Strategy
3. Training
4. Response Teams
7. Air Gapping
8. Encryption
9. Retention
10. Testing
Top Ten Essential Elements of a Disaster Recovery Plan (DRP)
.png?width=770&name=Disaster%20Recovery%20LIST(1).png "disaster recovery plan for technology")
1. Do A Thorough IT Assessment and Inventory
In order to put a reliable disaster recovery plan into action, you first need to do a thorough inventory of your IT assets. This will include on-site hardware and software, and also all the cloud-based systems and services that your business operations rely on.
This assessment and risk analysis is generally conducted by your IT provider and, depending upon the size of your company and the complexity of business processes, your DRP assessment can take some time.
If the DRP assessment is not done or is incomplete, an organization may find it difficult to recover critical processes or data in the event of an IT disaster.
As part of your disaster recovery planning, a managed security service provider can play a key role in ensuring that your security and compliance requirements are being met, regardless of your industry.
2. IT Backup Management Strategy under the DR Plan
Once you've done a thorough assessment of your IT assets — data, systems, hardware, cloud — it's time to get to work on an IT disaster plan.
With disaster recovery planning, the formal strategy generation process begins when an IT engineer takes the information from the assessment and examines it to see what tools and tactics will work best for your scenario and business operations.
DR planning varies because every organization is unique in its reliance upon and use of data, applications, on-site assets, and cloud-based options.
The most cost-effective technology disaster recovery plan option for a business may be to migrate to the cloud instead of maintaining physical off-site data centers (known as disaster recovery sites) for DR plans.
These ironclad facilities have their own enterprise-level protections, so rest assured that the data center disaster recovery plan is your ultimate guarantee of safety within your own DR plan.
An internal disaster recovery site might be a better fit for the recovery strategy when companies have greater information requirements and aggressive recovery time requirements.
The strategy stage of the business continuity/disaster recovery (BCDR) process is where the IT specialists use their experience and expertise to fine-tune the recovery plan that will work for your business.
3. Proper Backup Management Requires Employee Training
In order to be effective, disaster recovery strategies must be championed by top management and adopted throughout the organization.
Each member of the management team and all staff must understand their role in keeping processes within the umbrella of protection provided by the IT disaster recovery plan.
If, for example, an employee decides to make their job "easier" by downloading software from the internet without talking to IT support, they are effectively taking a part of both the company’s data and its operations outside the protection afforded by business continuity planning and the disaster recovery plan.
As part of disaster recovery management, an organization must invest in training employees both in cybersecurity awareness and in their individual roles (the steps they should take) if disaster strikes.
4. Create Disaster Response Teams
Best practice for a disaster recovery plan includes having an emergency response team that determines to what extent the disaster recovery plan must be invoked.
Once the roles and responsibilities are assigned, this team then contacts and assembles the disaster recovery team that includes IT specialists as well as key staff from the main business departments who focus on business recovery.
It's critical to create and test the plan with disruption rehearsals in which delegated staff respond to disaster recovery plan examples. Practice makes perfect, and also embeds the subject into work culture so that nobody will ever ask “What is a disaster recovery?” ever again.
Under the disaster recovery policy, team members need to have the contact information of third parties including key customers, suppliers, insurance, media outlets, and even family members to respond in cases of natural disasters or personal injury.
The recovery plan template will also include a financial assessment that evaluates disaster-related costs and the cost of restoring normal operations.
5. Ensure Your Backups Include Data and Workflow
Perhaps the cornerstone of any IT disaster recovery plan is data backup to prevent data loss. However, it's important to note that not all backup solutions are created equal.
Something to consider when you create a disaster recovery plan is the knowledge that many consumer-grade and "business-lite" backup solutions only back up data files — not your entire system. Without access to BOTH your data and your applications and operating systems, your company could have trouble with restoration.
To prevent data loss and limit the risk to operations, Ntiva follows enterprise-class, image-based cloud backup procedures that mirror (back up) your entire system — not just individual files. That’s why it should be one of the highest placed items on your disaster recovery plan checklist.
As part of the IT disaster recovery plan template, we leverage the 3-2-1 rule of data backup to help make sure you always have a copy of your data available for retrieval from a recovery point.
What is the 3-2-1 rule?
- 3 copies of your data files, operating system, and applications
- 2 types of storage media for your backups (We recommend one on-site backup appliance and one cloud-hosted backup destination.)
- 1 offsite location for storage of backed up resources.
Under disaster recovery plans, your emergency backups need to be regular, automatic and verified at each stage of the backup process.
6. Know What Metrics to Consider in a Disaster Recovery Plan
One of the things you will discuss with your IT provider when setting up a disaster recovery plan is metrics. Questions may include:
- What is the recovery time objective (RTO)?
- What is the desired recovery point objective (RPO)?
- How quickly can your team transition from the failed "live" system to the recovery solution?
Often, the question we get from business management is, "Can we get up and running within XXX hours?"
The answer to that RTO-related question is always, "Yes," but that "Yes" may come with a higher price tag.
Cost factors can inevitably affect your network disaster recovery plan. Whether or not an organization has migrated to the cloud, how often digital assets are backed up, and how quickly you need to restore normal operations, will all be reflected in the price.
With these metrics, it’s always wise to have a conversation about the costs versus benefits. Business disaster recovery is obviously crucial but there’s a sensible balance to be struck with any DR plan.
7. Ensure You're Using Air Gapped Backups
Ntiva procedures create air-gapped backups, keeping cybercriminals from jumping laterally from your live systems to your backups if they enter your network and instigate a disaster in the active data center.
We accomplish this by either having a separate backup that isn't connected to the network by LAN or we utilize a backup appliance running a different operating system (with different security access) than the one used by the server and devices on the network.
This ensures an organization can recover its data within the range of its RPO.
8. Backup Encryption is a MUST
Encryption of your backups is a critical step in keeping the information in your files and applications away from prying eyes.
When data is encrypted both in transit and at rest it is useless to a criminal. Although your team can retrieve and use the data, it appears as gibberish to any unauthorized user.
9. Know Your Backup Retention and Compliance Standards
Under recovery plans, part of the encryption conversation is compliance requirements .
Many of the industry-standard and legislative compliance protocols mandate data encryption. Disaster recovery plans detail the algorithm used for data encryption in the data center and recovery procedures to meet RTO and RPO targets.
Retention of files — especially email correspondence — is a big deal for companies in regulated industries. Part of any IT disaster recovery plan is the inclusion of policies and corresponding IT protocols that ensure that data retention expectations are met.
10. Plan for Disaster Recovery Testing Exercises
Recovery plans are only effective if people test them and everyone knows what their role is when the plan is enacted.
At least once a year, a "tabletop" testing exercise must be performed by your IT provider and key internal stakeholders to make certain that disaster recovery processes are working as they should and that everyone knows what to do in the event of an IT disaster.
Because disaster recovery plans are only as good as your staff can make them, each member of your recovery team should be involved in the testing each year and everyone should know what’s expected of them in the event of an actual IT disaster.
Answer questions for employees like:
- Where to go?
- How to log in?
- Where to get instructions and information?
Your business disaster recovery plan should include all of these questions (and possibly many more). The answers should be easily accessible so that team members avoid chaos and lost time, and you avoid lost revenue.
Looking to set up or revise your company's Business Continuity and Disaster Recovery Plan? The Ntiva team is here to help. Let's get started.
Tags: Managed IT
You May Also Like These Articles
Certified Apple Managed Service Provider for Business: Ntiva
Topics: Managed IT
Benefits Of Using Flutter For Mobile App Development
Managed IT Services NYC: 2023 Guide
Subscribe to the ntiva blog.
Subscribe to our blog to stay informed!
- Managed IT Services
- Managed Security
- IT Consulting
- Cloud Solutions
- Microsoft 365 Services
- Founder's Story
- Press Releases
- Washington, DC
- New York, NY
- Ronkonkoma, NY
- Chicago, IL
- Bethesda, MD
- Colorado Springs, CO
7900 Westpark Drive, Suite A100, McLean, VA 22102 [email protected] 1-888-996-8482
Cloudian Products
The object storage buyer’s guide.
Technical/financial benefits; how to evaluate for your environment.
HyperIQ Observability & Analytics
Watch 2-min Intro
Evaluator Group Webinar
Skills Shortage? Ease the Storage Management Burden. Watch On-Demand
Scaling Object Storage with Adaptive Data Management
Get White Paper
Solutions
Industries , 2021 enterprise ransomware victims report.
Don’t Be a Victim
Scalable S3-Compatible Storage, On-Prem with AWS Outposts
Trending topic: on-prem s3 for data analytics.
Watch Webinar
Ransomware 2021: A Conversation with Veeam CISO Gil Vega
Hear His Thoughts
How a Private Cloud Addresses the Kubernetes Storage Challenge
Free White Paper
Data Security & Compliance: 3 ?s Every CIO Should Ask
Ask the Right ??s
5 Things Every MSP Should Know About Sovereign Cloud
Get Free eBook
TCO Report: NAS File Tiering
Learn how object storage can dramatically reduce Tier 1 storage costs
Get TCO Analysis
Satellite Application Catapult Deploys Cloudian for Scalable Storage
Replaces conventional NAS, saves 75%
Read Their Story
On-Demand Webinar
Veeam & Cloudian: Office 365 Backup – It’s Essential
Blog: How to Grow Your Storage and Not Your CAPEX Spend
Pay as you grow, starting at 1.3 cents/GB/month
Read the Blog
Why the FBI Can’t Stop Cybercrime and How You Can
Register Now
8 Reasons to Choose Cloudian for State & Local Government Data
Get 8 Reasons
Cloudian HyperStore SEC17a-4 Cohasset Assessment Report
Read the Assessment
Hybrid Cloud for Manufacturers
Tape: does it measure up, customer testimonial: university of leicester.
Hear from Mark
Public Health England: Resilient IT Infrastructure for an Uncertain Time
Watch On-Demand
How to Accelerate Genomics Data Analysis Pipelines by 10X
Hear from Weka
How MSPs Can Build Profitable Revenue Streams with Storage Services
Get IDC’s Take
Technology Partners
Get scalable storage on-prem for aws outposts.
Hear from AWS
Lock Ransomware Out with Commvault & Cloudian
Cribl stream with cloudian hyperstore s3 data lake, why object storage is best for advanced analytics apps in greenplum.
Explore Solution
Customer Video: NTT Communications
Hear from NTT
How to Store Kasten Backups to Cloudian
Klik.solutions delivers world-class backup-as-a-service with lenovo & cloudian.
Why They Chose Us
Modernize SQL Server with S3 Data Lake
Find Out How
How to Run Cloudian on OpenShift as a Container
Immutable object storage for european smbs from rnt rausch and cloudian, backup/archive to cloudian with rubrik nas cloud direct, on-premises object storage for snowflake analytics workloads.
Get the Details
Splunk, ClearShark, and Cloudian discuss Federal Industry Storage Trends
Teradata & cloudian: modern data analytics for hybrid and multi-cloud, 1-step to data protection: all you need to know about veeam v12 + cloudian.
Step up to Cloudian
Modernize Your Enterprise Archive Storage with Cloudian and Veritas
Read About It
Unified Analytics Data Lake Platform with Vertica and Cloudian HyperStore
Vmware cloud providers: get started in cloud storage, free..
Get Started
Weka + Cloudian: High-Performance, Exabyte-Scalable Storage for AI/ML
Customers , cloudian enables leading swiss financial institution to retain and analyze more big data.
Read Case Study
Indonesian Financial Services Company Replaces NAS With Cloudian
State of california selects storage-as-a-service offering powered by cloudian, cloudian provides utah state agencies with rubrik-compatible backup target, cuts costs by 75 percent, australian genomic sequencing leader accelerates research with cloudian, swiss education non-profit achieves scale and flexibility of public cloud on-prem with cloudian, indonesia ministry of education deploys cloudian object storage to keep up with data growth, leading german paper company meets growing data backup needs with cloudian, vox media automates archive process to accelerate workflow by 10x, wgbh boston builds a hybrid cloud active archive with cloudian hyperstore, large german retailer consolidates primary and secondary storage to cloudian, how a sovereign cloud provider succeeds in cloud storage services.
View On-Demand
IT Service Provider Drives Business Growth with Cloudian-based Offering
Calcasieu parish sheriff deploys hybrid cloud for digital evidence data, montebello bus lines mobile video surveillance with cloudian object storage, resources , storage guides , ransomware protection buyer’s guide.
Get Free Guide
Company
Cloudian named a gartner peer insights customers’ choice for distributed file systems and object storage.
Read Reviews
IT Disaster Recovery Plan
The easy way to create your own it disaster recovery plan.
Disaster recovery is a critical process that can help an organization survive and recover in case of disaster – whether a natural disaster, accidental data loss, or malicious cyberattack. The IT disaster recovery plan allows an organization to focus, prioritize its risks and assets, establish a data protection strategy, and determine the best way to recover normal operations. Learn the typical structure of an IT disaster recovery plan and how you should go about creating one for your organization.
In this article you will learn:
• What is a disaster recovery plan? • 7 typical chapters of an IT DR plan • Basic steps to creating a plan for your organization • How to protect your data with Cloudian storage devices
What is a Disaster Recovery Plan?
A disaster recovery (DR) plan is a document that helps an organization react to a disaster and take action to prevent damages, and quickly recover operations. IT disaster recovery is a subset of disaster recovery, which focuses on IT aspects of DR, such as minimizing downtime of servers, databases and employee workstations, and bringing critical systems back online. An IT disaster recovery plan enumerates the tools and procedures to make this happen.
7 Chapters of an IT Disaster Recovery Plan
Here is the typical structure of a DR plan:
- Goals – what the organization aims to achieve in a disaster, including the Recovery Time Object (RTO), the maximum downtime allowed for each critical system, and the Recovery Point Object (RPO), the maximum amount of acceptable data loss.
- Personnel – who is responsible for executing the DR plan.
- IT inventory – list hardware and software assets, their criticality, and whether they are leased, owned or used a service.
- Backup procedures – how and where (exactly on which devices and in which folders) each data resource is backed up, and how to recover from backup .
- Disaster recovery procedures – emergency response to limit damages, last-minute backups, mitigation and eradication (for cybersecurity threats).
- Disaster recovery sites – a robust DR plan includes a hot disaster recovery site – an alternative data center in a remote location that has all critical systems, with data replicated or frequently backed up to them. Operations can be switched over to the hot site when disaster strikes.
- Restoration – procedures for recovering from complete systems loss to full operations.
Basic Steps to Creating Your IT Disaster Recovery Plan
Building a disaster recovery plan is not as simple as writing a document. You need to do careful research to understand the needs of your organization and the risks it faces. You also need to carefully coordinate the plan with all stakeholders, test it to make sure it works, and continuously update it to make sure it stays relevant.
Follow these steps to create a working disaster recovery plan:
- Map out your assets – identify what you need to protect, including network equipment, hardware, software, cloud services, and most important, your critical data. For each item note its physical or virtual location, relation to other assets, vendor and version, networking parameters, etc.
- Identify criticality and context – understand how your assets are used and their importance to the business. Classify assets into high impact, medium impact and low impact, by identifying how likely they are to disrupt business operations.
- Risk assessment – identify which threats are likely to face the business as a whole and specific assets. Interview the staff who work on critical systems and ask them what are the most likely causes of service interruption.
- Define recovery objectives – consult with senior management and operations staff to understand what would be the impact of interruption to each critical system for one minute, one hour, one day, or more. Use this information to define your RTO and RPO.
- Select disaster recovery setup and tooling – using your knowledge of assets to be protected, risks and required RTO/RPO, envision your final disaster recovery setup. Will you have a hot DR site? Where will it be located, and will it be cloud-based or self-hosted? Which backups or replicas will you maintain? Where will they be located? Select the software or hardware, cloud services or partners that can help you achieve the required setup.
- Budgeting – as important as disaster recovery is to your business, you will have a limited budget. Present several options to management, each with a progressively higher price tag but better RTO/RPO and/or support for more critical services. Allow them to decide on the right balance between risk and investment in DR technology.
- Approval – put together an agreed draft of your DR plan based on feedbacks from management and get final sign off on the plan.
- Communicate the plan – circulate your document to the disaster recovery team, to senior management, and to anyone else who will be involved with or affected by DR procedures.
- Test and review – test the plan by conducting a realistic disaster drill, and seeing if and how staff act according to the plan. Learn from the test and modify the plan and procedures accordingly. You should periodically review the plan – at least every six months – to ensure it is still relevant and reflects the current organizational structure and IT setup.
Protecting Data Effortlessly with Cloudian
If you need to backup data to on-premises storage, Cloudian offers low-cost disk-based storage with capacity up to 1.5 Petabytes. You can also set up a Cloudian appliance in a remote site and save data directly to the remote site using our integrated data management tools.
Alternatively, you can use a hybrid cloud setup. Backup data to a local Cloudian appliance, and configure it to replicate all data to the cloud. This allows you to access data locally for quick recovery, while keeping a copy of data on the cloud in case a disaster affects the on-premise data center.
Learn more about Cloudian’s data protection solutions.
Get Started With Cloudian Today
Request a Demo
Join a 30 minute demo with a Cloudian expert.
Download a Free Trial
Try Cloudian in your shop. Run on any VM, even your laptop.
Receive a Cloudian quote and see how much you can save.
- 860.610.2200
- Client Login
- Managed IT Support
- IT Services For Enterprise
- Strategic IT Consulting Services
- Business Continuity & Disaster Recovery
- Data Center Services
- Network & Wireless
- Cybersecurity
- NIST 800-171 Compliance
- CMMC Compliance
- The Way We Work
- Success Stories
- Meet The Team
- Kelser Foundation
- In the Media
- Interactive Tools
- Videos and Webinars
- Assessments
- For Business Owners
- For IT Executives and Managers
- Managed IT Pricing
- Credit Application
- Talk with an advisor
- Managed Services
- Data Center
- Business Continuity
- Disaster Recovery
- IT Lifecycle Management
Back to the Learning Center
By: Lisa Carroll on July 23, 2022
Print/Save as PDF
10 Steps To Include In Your IT Disaster Recovery Plan
Business Continuity | Disaster Recovery
Editor's note: This article was originally published in 2019, but has been updated to include the latest, most comprehensive information.
Most business leaders don’t relish the idea of the possibility that disaster will strike their organization. Whether it’s a natural or man-made disaster, the ramifications can be equally damaging. At a minimum, disasters of either kind can cause downtime, damage to your reputation, and financial loss .
Like many business owners, you may simply brush aside the topic of business continuity and disaster recovery, assuming that since you haven’t been affected yet you won’t be a victim of such devastation in the future.
Or, you may think that you don’t have the financial and staffing resources necessary to prepare for a future event that may or may not happen.
At Kelser Corporation, businesses often come to us for services after suffering a damaging event. We are not writing this article to sell Kelser’s services, but rather to provide the information that business leaders like you need to protect your organization .
You see, we believe firmly that it’s better to prepare for an event than struggle to recover from one. We’ve seen the damage that can be caused and we want to help businesses avoid falling victim.
In this article, I’ll outline a 10-step IT disaster recovery plan you can implement with or without external help . I’ll explain the critical elements and what you can do now to prepare .
What Is An IT Disaster Recovery Plan?
An IT disaster recovery plan is a well-thought-out, strategic, systematic document that companies can use to recover from a disaster (natural or otherwise).
It involves a step-by-step process for restarting work after an unplanned (and sometimes devastating) event.
While having an overall disaster recovery plan for the entire organization is important, there should be a separate IT disaster recovery plan that focuses on the IT infrastructure.
Disaster recovery plans are only effective if they are in place long before a disaster ever happens .
Why Is An IT Disaster Recovery Plan Important?
Most companies would be hard-pressed to operate without their IT infrastructure. Everything from customer orders to scheduling to employee communication would grind to a halt without IT.
A quick internet search shows that between 25 and 40 percent of businesses never recover from a natural disaster.
In addition, the Council of Insurance Agents & Brokers estimates that 60 percent of small businesses are unable to withstand the six months following a cyber-attack due to the massive costs of recovery including damaged reputation, loss of data and revenue, instability, and reduced employee productivity.
The good news is that there are steps you can take to lessen the risks during and after a disaster.
10 Things Every IT Disaster Recovery Plan Must Include
Creating an IT disaster recovery plan will ensure that you can focus more on the other things on your plate. Here are 10 topics every IT disaster recovery plan should cover:
1. IT Inventory
Make sure you have a list of exactly which IT resources —systems, hardware, and software— are used to run the business .
Ask employees how their work would be impacted if certain systems or networks were unavailable for a period of time . Identify which applications and data are critical to your business. Take extra measures to protect them.
It can also be helpful to add different scenarios to your IT disaster recovery plan so that you understand which systems would be affected in the event of a flood, hurricane, fire, power outage, or another disaste r on your premises.
2. Data Backup & Verification
If you don’t have one already, develop a way to regularly back up your essential data off-site . (Data that is static and unchanging may not need to be backed up more than once.) You may decide to use a physical data center located in a different geographical region or the cloud, for example.
Many organizations don’t consider the risk of maintaining backups physically on-premises in the event of a natural disaster .
Once you establish a regular backup procedure and schedule , test it often to make sure that it works. The last thing you need to realize mid-emergency is that your backups haven’t been working.
Both physical and cloud backups have risks. Figure out which makes the most sense for your organization.
If are considering migrating your data to the cloud, read this article for answers: Cloud Migration: What It Means, How It Works (6 Questions To Ask)
3. Recovery Timeline
Outline acceptable recovery goals and timeframes by which certain IT systems need to be back in operation. Industries such as healthcare may have a recovery timeline of mere minutes, while other industries may be able to tolerate longer timelines.
Be sure your IT disaster recovery plan includes a well-defined Recovery Time Objective (RTO) and Recovery Point Objective (RPO) .
The RTO outlines the maximum amount of time that should pass before your IT systems recover. The RPO defines the maximum amount of time permissible since the most recent data backup.
Use this downtime cost calculator tool to evaluate your RTO and RPO and get an estimated cost of downtime for your organization.
4. Detailed Responsibility
Get buy-in from key stakeholders .
Be sure the team understands which IT operations could be affected, how that could affect different business functions, what would happen next, and who would be responsible for resolving the issues.
Be sure to include a plan for communicating with employees in the event of a power or internet outage.
5. Physical Damage
Physical damage to your plant could affect your on-site IT equipment as well. Everything from servers to devices could be affected. Some of these damages can be mitigated by moving your operations to the cloud, but anticipate how you will respond to physical damage that may impact IT resources .
6. Insider Threats
Humans can also be a source of disaster, whether malicious or unintentional.
One way to lower your risk is to lock down administrative rights on your IT systems.
Employees and third-party vendors should only have access permissions to the systems and data they need.
There are countless stories of companies that have been breached by third-party vendors that were given inappropriate access to vulnerable systems. And, your internal salespeople don’t need access to the payroll and benefits information of other employees.
Another way to reduce risk is to provide employee security awareness training on a regular basis, This training will keep your staff abreast of the latest cyber threats. Experts agree that 80-90 percent of cyber attacks are caused by human error.
Effective employee security awareness training can reduce your risk.
Questions? Read this article: Employee Security Awareness Training: An Honest Cost-Benefit Analysis .
Wondering what security awareness training should include? We spell it out in this article: 3 Topics Every Cybersecurity Awareness Training Must Include .
7. Insurance
If you are concerned about the costs of recovery, there are insurance policies out there that cover natural disasters and cyber incidents . This coverage can include the cost of replacing IT equipment, and compensating for broader losses that result from a disaster .
If you invest in these types of plans, be sure the details are included in your IT disaster recovery plan for easy access.
8. Validation
IT disaster recovery plans should be tested at least once (or preferably twice) per year . One of our clients didn’t test their plan for several years, only to find out that when they did a test all of their drives failed when trying to restore them.
If this had occurred during a real disaster, the data would have been lost forever.
Gaps identified during these tests should be documented extensively so that you can start fixing them .
9. Business Continuity
Business continuity (BC) refers to the organization’s strategy for maintaining essential business operations as much as possible during and after a catastrophe . Create and test a full BC plan in order to be confident that you can meet any unexpected event head-on.
This plan, which goes hand-in-hand with the IT and organizational disaster recovery plans, should also be tested and kept current. It is an essential part of the organization’s overall BCDR efforts.
10. Updates
Disaster recovery isn’t something that you can set and forget; it needs to be actively maintained over time . Update your IT disaster recovery plan with new procedures, technologies, and equipment.
Business needs and staff changes, make sure to update and communicate the relevant changes to everyone involved in executing the plan.
Are You Ready To Implement Your IT Disaster Recovery Plan?
Building a strong, resilient disaster recovery plan is essential. After reading this article, you know the topics to include in your plan: IT inventory, data backup & verification, recovery timeline, detailed responsibility, physical damage, insider threats, insurance, validation, business continuity plan, and updates.
Honestly evaluate your ability to implement the steps outlined in this article . Maybe you can do all or some of them on your own. Organizations with a full complement of IT professionals on staff can likely implement this 10-Step IT Disaster Recovery plan on their own.
Organizations with a small IT staff (or IT staff), may need help from an outside IT provider.
If you decide that working with an outside provider is the best solution, be sure to compare a number of providers so that you get the best fit. Here is a list of questions to consider asking IT providers you are considering.
While we know Kelser isn’t the right fit for everyone, we encourage you to check out our managed IT support , which includes business continuity and disaster recovery services.
Or read this article: What Is Managed IT? What’s Included? What Does It Cost?
No matter how you choose to proceed, it’s imperative that you move forward to protect your organization from disaster before you are affected.
![Managed IT Support Page Link CTA [BANNER]](https://no-cache.hubspot.com/cta/default/473091/145e5931-9d76-4738-872f-3d6ecf3794e1.png "disaster recovery plan for technology")
About Lisa Carroll
Lisa is Kelser's VP of Revenue who works at the intersection of business and technology to help Kelser’s clients jump on growth opportunities.
- Connect with Lisa Carroll
Suggested Posts
Does My Small Business Need Managed IT Support Services?
Editor's note: This article was originally posted in 2018, but has been updated to include the most current information.
Read More »
What Is A Business Continuity Plan? Disasters & More
Editor's note: This article was originally published in 2019, but has been updated to reflect the latest information.
Data Backups Are Key To Disaster Recovery
Editor’s note: This article was originally posted in 2017 with the title How to Make Sure You Have Disaster-Ready Data Backups, but has been updated...
IMAGES
VIDEO
COMMENTS
Businesses should develop an IT disaster recovery plan. It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and
It is applied to the aspects of an organization that depend on a functioning information technology (IT) infrastructure. A DRP aims to help an organization
Introduction: The Technology Recovery Plan (TRP) is a sub-set of the state entity's Business Continuity Plan. The TRP is activated immediately after a
A disaster recovery (DR) plan is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such
Department of Information Technology Office ... This IT Disaster Recovery Plan presents the requirements and the steps that will be taken in.
1. Do A Thorough IT Assessment and Inventory · 2. IT Backup Management Strategy under the DR Plan · 3. Proper Backup Management Requires Employee
An IT disaster recovery plan is the lynchpin of an overall business continuity strategy. ... Appendix A – Technology Disaster Recovery Plan .
Information Technology Disaster Recovery Plan. On a regular basis, the IT Director shall: 1). Ensure IT employees are familiar with the Emergency Response
Basic Steps to Creating Your IT Disaster Recovery Plan · Map out your assets · Identify criticality and context · Risk assessment · Define recovery objectives
10 Things Every IT Disaster Recovery Plan Must Include · 1. IT Inventory · 2. Data Backup & Verification · 3. Recovery Timeline · 4. Detailed