University of Houston Small Business Development Center

Step-by-Step Guide: How to Build a Business Recovery Plan

By Tatyana Parham

In the midst of the coronavirus (COVID-19) pandemic, small businesses around the world are experiencing severe operational and economic challenges. In order to embrace small business recovery in such difficult times, business owners must proactively take the steps necessary to develop resilience in the face of a disaster. By creating a detailed business recovery plan geared towards the impacts of the pandemic, leaders are better equipped to respond efficiently and protect their employees, customers, and operations.

What is included in a small business disaster recovery plan? A business recovery plan is a strategic guide that details processes created to prepare, respond, and recover in the event of an emergency. As the COVID-19 pandemic has a unique set of challenges, as compared to other natural disasters such as floods and hurricanes, it calls for a nuanced plan-of-action that will mitigate risks and allow for an expedient recovery.

An effective business recovery plan clearly outlines policies and procedures that highlight key information such as disaster risk and impact, critical stakeholders and operations, communication models, and strategy for business continuity .

Here are some key concepts to consider when creating a disaster recovery plan for your small business:

Prioritize employee health and safety The health, safety, and wellbeing of your employees and customers should always be your top priority. Address any immediate needs and concerns first, including creating guidelines that support sick employees or those with sick family members. Consider expanding flexibility for typical work arrangements, and verify that you have the capacity to support a remote workforce. If telecommuting isn’t possible, ensure you have measures established that align with the current governmental health policies and support a safe working environment.

Identify COVID-19 risks and impact on your business Conduct a risk assessment:  Small business recovery begins with awareness of the potential risks that can adversely affect your business. A part of this may be to consider how operations will change in a worst-case scenario of 35 - 40% of your workforce being out sick, or how to reallocate your budget and preemptively avoid layoffs.

Other risks may include lack of access to public transport for employee commute, additional costs of establishing a remote workforce, national shutdowns prohibiting in-person contact, slowdown in sales, issues in supply chain and manufacturing, and even your business being forced to temporarily close. Prioritize critical business functions that are the most vulnerable, such as employee payroll inventory management, and outline how you can protect them. Once top risks are identified, you can assess which risks will generate the most substantial impact, so you can determine the most efficient use of your resources.

Analyze the impact:  Understand how the identified risks can affect critical business functions, and map out potential impacts this can have on your business. For example, if you have to temporarily stop operations for six weeks, how will that affect your quarterly and yearly financial statements, and how can you minimize financial loss through alternative sources of income? Identify the gaps in your current processes that prevent your business from operating sustainably. This process is called a business impact analysis.

Designate a recovery team After identifying your business’s prime vulnerabilities, designate a team of stakeholders that will be directly involved in recovery efforts. This team of key players should understand the business’s core competencies, and have the ability to consistently make choices that reflect the best outcome for the needs of the business. Be realistic about expectations for each individual, and ensure that you are a top leader throughout recovery in order to maintain employee confidence levels.

Establish transparent communication Consistently focus on transparent and timely communication with all relevant stakeholders to ensure regular support throughout the pandemic, including employees, clients or customers, suppliers, landlords, and investors. Create an employee communication plan specifically intended for the event of a disaster, and consistently provide updates based on CDC guidelines and organizational priorities. Regularly inform customers of any impact on products, services, and delivery, and maintain steady contact with suppliers regarding their continued capability to provide essential materials.

Revise business strategy for continuity As the pandemic progresses, significant shifts in consumer behavior will demand a different approach to sustaining your business. Proactively strategize how to minimize downtime and disruptions to daily operations. Perform a complete audit of your business and marketing plans to pinpoint what’s working, what’s not working, and what will best support your business in a worst-case scenario.

Creatively decide on a plan-of-action that will provide practical cost-effective strategies that reduce the impact of identified risks. Brainstorm how to protect cash flow and monitor utilization of resources, ensuring that you have more than enough to cover future expenses.

Continue to monitor external vulnerabilities that can impact the flow of business as well, including pressures on customers, partners, and suppliers. Devise multiple plans for multiple scenarios of varying intensity, to ensure full preparation for what’s ahead. Assess your wins and losses throughout the recovery process, and devise contingency plans that will enable your business to thrive moving forward. Although crises may have considerable impacts to the detriment of your business, they reveal opportunities for your business to generally improve in value, organization, or efficiency.

Maximize the use of alternative funding and support To support business recovery, stay up to date with available local and federal assistance programs that offer disaster relief. Visit our online hub for COVID-19 resources here .

SBDC Logo

Guide to Creating Your Business Recovery Plan  

Photo of person writing plans in a notebook

This post is part of our 8-part series exploring the role of data in business recovery and planning in the era of COVID-19. Read the rest of the articles here .

A disaster or emergency can threaten the very survival of a business or cause huge damage to customer relationships, profitability, employee well being, and assets.

In order to mitigate these potential fallouts of an unforeseen event, every organization must have a business recovery plan in place. This plan documents a clear course of action to be followed in the event of an emergency. The business recovery plan is created with a view to maintain the critical revenue path of your products or services or at least restore them within the shortest possible time.

You need to develop, deploy, and maintain strategies and procedures that will ensure that critical business processes are resilient. These will enable your business to respond to and recover from possible events or disasters. The underlying approach to planning can be summed up as PPRR - prevention, preparedness, response, and recovery. We can attempt to prevent certain events or incidents, but for those that are beyond our control, we need to focus on our preparedness to respond and recover quickly. 

A study by Gartner found that two out of every five organizations that experienced a disaster went out of business within five years . This finding is a wake-up call to take business recovery planning very seriously. You can ensure that your business will be one that will be counted amongst the other 3 by adopting the following best practices of business recovery planning. 

Plan with data-driven decisions

In a previous post on How to Leverage Data to Create an Effective Business Continuity Plan , we explored the 5 steps towards creating a BCP, namely:

  • Business Impact Analysis
  • Risk Assessment
  • Risk Mitigation Strategy
  • Crisis Management Team
  • Test and Maintain

Planning enables you to put risk mitigation practices in place, by considering each risk to see whether you can avoid or reduce it. Some of these practices may include creating alternate supply chain sources, safeguarding revenue streams, backing up data, purchasing appropriate insurance coverage, and creating a cash reserve fund. 

The effectiveness of the plan depends upon your ability to correctly identify the most critical processes for your business. You need to estimate what the downtime of each of these processes will cost you. You also need to assign probabilities to a variety of possible risks. 

It's important that these decisions are taken based on past data that's available within the organization as well as from external sources such as public health, as seen during the pandemic, or weather centers, during storms and hurricanes. If this data is not properly maintained and analyzed then your plan will be based on gut feel and will not deliver the full value that it should.

Let’s consider potential risks. Businesses face a variety of risks. While some risks are specific to a particular industry or company, others can affect all kinds of businesses. The COVID-19 global pandemic has affected businesses across all sectors and geographies, and other epidemics or pandemics in the future may also wreak such havoc. Natural disasters such as earthquakes, tornadoes, hurricanes, winter storms, wildfires, or floods cause damage in specific locations. Industrial accidents such as chemical explosions, fires, or spillage of hazardous material may also pose a risk to your business. The failure of utilities such as power or water supply can cause disruption to your operations. Then there is the risk of deliberate sabotage by way of information theft or other attacks.

When you need to assess risks,  working with data can provide granular insights about specific risks to facilities, teams, or locations. Data also plays a huge role in ensuring accurate business impact analysis. Scenario analysis based on data can help to consider the outcome of various possible events, and select the right risk mitigation strategies.

Detail the recovery procedure

A detailed business recovery plan is an important part of overall business continuity management . Consider each of the following aspects and define the procedure to be followed when restarting after an incident:

  • Which functions can be restarted and under what conditions?
  • What is the correct sequence for restarting, for example, machinery, servers etc?
  • Which roles will work through the incident, which will restart afterwards, and under what conditions?
  • In case anyone is injured, what is the emergency medical protocol?
  • Is there a need to relocate any facilities, functions or people? What will be the relocation process?
  • Keep an inventory of the essential items that will need to be available. What is needed to meet customer needs? What is essential to maintain communications? Plan for vehicles that will be needed for transportation or relocation. 
  • What happens if your payroll function gets disrupted? How will you take care of your employees’ financial needs?
  • Who will collect the evidence needed to file insurance claims?
  • If there is damage to physical or cyber security, how will you prevent fraud or theft?
  • Who will communicate to external stakeholders - families of staff members, customers, investors, members of the press, and others?
  • Who will manage documentation and evidence to protect you from legal liabilities?

The business recovery plan is created after thinking through each of these questions, and finding solutions that are specific to your business.

Create a continuity mindset

A business recovery planning exercise done once, with the objective of creating a formal plan, will not help your organization to build the necessary resilience, no matter how great the document produced is. Do people across functions know what is expected of them and feel a sense of ownership about the recovery plan? What if the document or file is not accessible when an incident occurs? Will key people still know what they are responsible for? 

Consider these questions carefully and engage team members to actively participate in continuity management. This safeguards the interest of your customers, employees, and their families, supply chain, and investors. It protects your brand, assets, and knowledge.  Company leaders should not believe that business recovery planning is only related to IT systems and data, and is the exclusive responsibility of the IT function. Actually, business recovery should be an enterprise-wide focus and consider the needs of all functions in case of a disaster.

Provide training and conduct drills so that employees are familiar with their responsibilities in the event of a disaster. See that the BCP includes communications processes. You could define a call tree or phone tree that defines a calling sequence to ensure that everyone gets notified quickly. Contact information for employees, suppliers, customers, financial institutions, and other important stakeholders should be known and readily available at all times. Your training for employees could also include instructions about what can be shared on social media during a crisis.

While many plans focus on the crisis management team (CMT), you may choose to create other specialized teams. The recovery management team could be tasked with executing functions related to restarting operations. In addition, you may create teams specifically responsible for legal matters,  damage assessment, PR, data recovery, and so on. 

You can allocate responsibility for various components of the plan by assigning an owner and a reviewer. Stakeholders should be able to see when the plan was published and editing rights should be carefully controlled. 

Most importantly, you must list the people who are authorized to invoke the plan and under what circumstances. 

Review and maintain the business recovery plan

The business recovery plan must be current,  tested, and available to stakeholders for it to be an effective means of building a resilient organization.

Over time, your business can evolve -  people change, locations change, new equipment or facilities get added, and contact information changes. The nature of risks to your business also changes with time. For this reason, a regular review of the business recovery plan is essential . Do schedule an annual review of the BCP. This is the time to update the plan to better reflect the current realities of business. When you conduct exercises and drills,  follow this up with a review to check whether things went well or whether the plan needs to be tweaked, and make changes if needed.

You may choose to invite an external consultant to review your business recovery plan and readiness. In this case, select a consultant who has conducted this exercise in multiple organizations so that you can benefit from the experience.

By following these best practices of business recovery management, you can help the stakeholders of your business achieve a state of readiness to overcome challenges and uncertainty. 

We value your privacy

What you need to include in your small business recovery plan

Hand holding a post-it note

COVID-19 has been hard for everyone, especially small businesses. Thankfully, small business recovery is on the horizon for many. 

As we approach the light at the end of the tunnel, we look at how you can create a strong small business recovery plan. Let’s get started.

How to build your small business recovery plan

1. focus on creating a safe workplace.

As small businesses begin to reopen, your first priority should be health and safety. From limiting the number of people in your store to having masks and hand sanitizer readily available, it’s your responsibility as small business owners to keep your employees and customers safe. 

As part of your small business recovery plan, you need to think about what logistical changes are needed for safe business operations. This could include changes such as: 

  • Increasing sanitization frequency 
  • Implementing curb-side pick up
  • Creating a rotating schedule for in-office employees
  • Continuing to let your team work remotely  

2. Stay up to date on new regulations

While some states are gradually re-opening, others are still sheltering-in-place, and some never closed at all. Regardless of the status of your area, it’s smart to prepare your small business recovery plan as far in advance as possible. 

As you work on your small business recovery plan, it’s important to have your finger on the pulse of any new regulations. Setting up Google alerts or subscribing to updates for your area’s regulations will help you keep you up-to-date on any changes and let you adjust your small business recovery plan as needed. 

3. Re-evaluate your finances

COVID-19 has hit small businesses extremely hard financially. So before you get back to business, it’s important to re-evaluate your finances.

As you prepare your small business recovery plan, you need to take a look at:

  • Costs you can cut
  • Grants you can apply for
  • Loans you can have forgiven  
  • Adjusting your prices
  • Any changes to your tax deadlines

Doing so will let you know exactly where your finances stand and what actions you need to take to recover from COVID-19. 

4. Take stock of inventory

A crucial part of your recovery journey is ensuring that you have the inventory needed to get back to business. Before you re-open, it’s smart to do a full inventory count, so that you know exactly what you have to offer your customers. 

Incorporating inventory management into your small business recovery plan also allows you to:

  • Get ahead of reordering your best-selling products
  • Ensure you don’t lose sales because of a lack of inventory
  • Plan promotions for items you have a surplus of

5. Promote your business

Let’s face it, not every small business made it through COVID-19. You’ve worked hard to stay in the game this long and that’s something to be proud of.

And now is the time to get the word out about your return. 

As part of your small business recovery plan, you’ll want to create a promotional strategy around your re-opening. Whether you share your story of resiliency with local news outlets or launch a social media campaign to let people know that you’re back, it’s never too early to create a buzz around your return. 

Looking forward to small business recovery

Here’s a recap of what you need to do for small business recovery:

  • Create a workplace that’s safe for your employees and customers
  • Stay up to date on changes to business regulations
  • Take stock of your finances and create a plan that will allow for economic recovery 
  • Gain an accurate understanding of the inventory you have on hand
  • Get the word out to existing and potential customers about your business’ return 

In terms of next steps, you’ll want to think about how to handle any follow-up waves of COVID-19 and build a business continuity plan for this situation.

For more tips on small business recovery,

learn how a local landscaper bounced back after the 2008 recession. 

Image credit: Kelly Sikkema via Unsplash

About The Author

' src=

Eilis McCann

Related posts.

A pair of red and white boxing gloves lying on a wooden floor.

3 ways you win with QuickBooks mobile access

Conference Travel Tips to Get You There Energized

Conference Travel Tips to Get You There Energized

Streamline your business with method.

Start your free trial — no credit card, no contract.

PH

  • Billing & Accounts

ML

  • +63 2 8540 0026
  • +61 28039 1900
  • +1 888 723 5470
  • +64 9 887 1785
  • +1 833 280 2093
  • +44 20 8719 0080
  • +65 3159 0583
  • +57 601 786 8748
  • +94 77 713 5876
  • +61 8 8125 9626
  • +60 1546 000 423

Top Talent, Total Care

"There was access to high-quality staff, university-trained people, and experienced workers. The costs of having a team here is very low compared to travel and other associated costs of having it somewhere else."

business recovery plan steps

Rob Alexander Sr. Financial Planner

Philippines →

Get experienced, multi-skilled global professionals from the world’s outsourcing capital.

Tap into an always-available pool of culture-fit talent within the same time zone.

Macedonia →

Work with English-speaking, culturally aligned professionals close to home.

Find the skills you need with one of the world’s deepest and most diverse talent pools.

Sri Lanka →

Expand your capabilities with world-class tech talent at the most affordable rates.

Your Team, Your Brand, Your Way!

"When I searched through the market, we actually didn't find anybody that was competitive to Emapta in a setup that met that our requirements in having a team which you feel that is your own."

5 star rating

Kent Madsen CEO, Netop

  • Bookkeeping
  • Paraplanning
  • Payroll Support
  • Business Development
  • Creative Services/Copywriting
  • Digital Marketing
  • Inbound & Outbound Sales
  • Post Sales/Customer Success
  • Administrative Support
  • Customer Support
  • Data Entry & Transcription
  • HR & Recruitment Services
  • Legal Services
  • Database Administration
  • Web Development
  • Information Security
  • Network Operations Centre
  • Technical Support/Help Desk
  • Architecture & Design
  • Engineering

Quick Access

  • How does it work
  • Customizable workspaces
  • Secure work-from-home solutions
  • Enterprise-grade IT solutions
  • Move an existing team to Emapta

Fully Customised Solutions. Always.

"I'd highly recommend speaking to Emapta because you can build out however much control you want or if you don't want any control at all. It's up to you and how you want to do it - and that's a huge point of difference for me."

Tom Ceasar CEO, Positive Group

  • Finance & Accounting
  • Information Technology
  • Retail & E-commerce
  • Sales & Marketing
  • Development
  • Recruitment
  • Back-office
  • Engineering & Construction
  • Hospitality
  • Our global reach
  • International extension of your brand
  • Remote team management
  • Build your offshore team

Maximum Protection, Minimal Risk

Information security policies aligned with your business, following the highest global standards.

IT

IT Standards & ISO Compliance >

Disaster recovery & business continuity >, risk management >.

  • IT Infrastructure framework
  • International Compliance Policies
  • IT Standards & ISO compliances
  • Risk Management
  • Office Security

What we quote you is what you pay.

No surprises..

pricing-guarantee-simple-ver

  • Loan Processor $8-$13/Hour
  • CSR $7-$10/Hour
  • .NET Developer $9-$25/Hour
  • Data Analyst $8-$16/Hour
  • Bookkeeper $6-$12/Hour
  • Data Entry $7-$12/Hour
  • Graphic Designer $7-$17/Hour
  • Virtual Assistant $8-$12/Hour
  • Accountant $8-$15/Hour
  • SEO Specialist $8-$15/Hour
  • Fee structure
  • Hourly rates
  • Pricing calculator
  • Other benefits you get with Emapta
  • Complete Outsourcing
  • Serviced Offices
  • EMAPTA ANYWHERE™
  • Business Incorporation
  • Move a Team to Emapta
  • Top Workspaces
  • Offshoring Case Studies
  • Emapta Partners

Your Complete Business Recovery Plan for 2022

A complete business recovery plan can be customized to any company’s needs. It should include what the company needs to do to prepare for, evade, and recover from a disaster.

The pandemic has definitely overtaken major headlines all over the world, but it was just one of the many adversities that we collectively faced last year. Political instabilities and natural disasters have rattled markets locally and internationally.

The end of 2021 will not put a stop to these calamities. Fast forward to a new decade, companies should be geared not just for opportunities but also looming risks with a comprehensive plan for business continuity.

In this article, we’ll take you through the basics of building your own business recovery plan applicable to any setup. So whether you’ve recently transitioned most of your operations back in the office or some of your teams remain working remotely, you’ll have a plan that can ensure your business is up and running in spite of disruptive events.

What is a Business Recovery Plan?

A business recovery plan helps companies prepare best measures for unfortunate events to limit effects to the business in general, the workforce, facilities, tools, and operations.

While there is no catch-all business disaster recovery plan, having one ready gives you peace of mind, simplifies the decision-making process, and mitigates the long-term effects of disasters on your business. A business disaster recovery plan also helps you:

• Comply with regulatory or legal requirements • Ensure your finances against high-impact risks • Minimize service interruption and resource costs • Recover faster during and after disasters • Boost client’s trust and confidence in your business • Protect the safety and well-being of your employees

Business Recovery Plan Recovery Strategies

The first part of any effective business recovery strategy is to assess your risks and exposure and impact, followed by a clear communication strategy to all involved stakeholders then plan out your business recovery. Some businesses stop after creating a recovery plan but it’s best to take the opportunity to strategize minimizing future risks and impact on business.

business recovery plan steps

Book a free consultation

1. Assess the risks

Identify potential scenarios that could cause business setbacks. This can range from large-scale events such as natural calamities (typhoon, earthquakes), economic events (recession), to self-contained incidents such as cybersecurity attacks (data leak, hacking) or building accidents (fire, flooding). Having a risk matrix will also help you classify and organise each scenarios into different categories.

The International Labour Organisation (ILO) determines risk scenarios based on four major areas of impact: people, processes, profits, and partnerships. You can list down and organise your risk scenarios depending on their effect on these categories.

business recovery plan steps

2. Conduct a business impact analysis (BIA)

A BIA serves as the framework to gathering all the information you’ll need to develop your business continuance plan. This is where you can list down the possible consequences from high-risk situations, identify business-critical operations along with the resources (talent and tools) and processes needed to keep them operational.

Steps in Conducting a Business Impact Analysis

The contents and length of a BIA report may vary per organisation. Here is a general checklist you can use to ensure that you have the essential elements in your report.

✓ Investigate and collect information ✓ Analyse the consolidated information ✓ Prepare a report to document and presenting your findings

What to Include in Your Business Impact Analysis Report

The contents and length of a BIA report may vary per organisation. The best BIA reports touch on multiple impact points. We have created this checklist that you can use to ensure that you have the essential elements in your report:

business recovery plan steps

3. Prepare a crisis communications strategy for all stakeholders

A crucial part of your business plan is a communication matrix where you should list employees, business partners, customers, suppliers, and external agencies (such as fire departments and police). Ensure you have all the tools (SMS, email, IM) to maintain two-way contact with your stakeholders, and have a hierarchy to identify which ones to contact first to ask for help or check on their safety.

You can create a stakeholder map as an initial guide on communicating to a certain group. Here’s an example of what you can use:

business recovery plan steps

Stakeholder mapping and legend

• Keep Satisfied – Customers Give them reassurance that they could access your services and/or products within a predetermined date in accordance with your allowable outage period.

• Manage Closely – Executives, Partners, and Employees Check on everyone’s status especially for those with business-critical roles and ensure their safety.

• Monitor – External Agencies (Government, Media, Financial Institutions) Reach out to your local emergency response agencies. Monitor updates on mainstream and social media. Contact your insurance agency if applicable.

• Keep Informed – Recovery Team During and after the recovery period, coordinate closely with your designated recovery team to provide them the resources they need.

4. Create department-specific (e.g. IT and Financial) Recovery plans for your business

Prepare resource requirements and recovery procedures wherein your technology infrastructure and other office equipment are compromised physically or digitally. Just like setting up your personal emergency fund, consider how much you’ll allot for purchasing new resources. Your department-specific continuity plan should also be regularly updated with data security and insurance policies.

READ MORE: Bulletproof Enterprise Data Security Measures to Protect Your Remote Team

5. Check for occupational health and safety hazards

Inspect your facilities if they’re equipped with working safety features. If you’re leasing an office space, you can coordinate with the building’s administrator to see their emergency response plan and align it with yours. This sample workplace inspection checklist will give you a quick overview of the key areas that you need to keep in mind when visiting your office:

business recovery plan steps

6. Keep your stakeholders updated

It’s important to be transparent with your investors, employees, and more importantly, your customers, to improve your relationship and uphold accountable service. They’ll also appreciate staying abreast of your restoration efforts in the case of inevitable service disruption or delayed product deliveries.

Plan Better with a Business Continuity Step By Step Guide

Once you’ve gathered all the information and have conducted your BIA report, you can start developing your business recovery plan to fit your current environment and goals.

Aside from your gathered data, use the 4Ps framework to guide you in creating your recovery goals. Each action towards recovery should focus on reducing or eliminating risk to your:

• People: ensuring the safety and wellbeing of your customers and staff. • Processes: maintaining operability with established workflows and usable equipment. • Profits: generating sufficient revenue for business survival and investment. • Partnerships: having a conducive environment for your operations through compliance with regulatory agencies and help from local authorities.

Emapta specializes in helping businesses establish a fool-proof business continuity plan through creating outsourced teams in the Philippines. Our infrastructure and technology ensures that business operations run smoothly 24/7. Speak with one of our outsourcing experts today!

READ MORE: See How World-Class IT Infrastructure Empowers Data Security in Outsourcing

Back Up your BCP with a Contingency Plan

During the pandemic, we’ve learned that it was businesses possessing the flexibility to reshape their structure and operations with haste who successfully survived the rapid changes.

How were they able to do it quickly? In the case of our clients, having an office backup location via our network of 14 BCP-ready sites gave their staff optimal space to continue working that resulted in mitigated downtime. Offshoring has significantly broadened their operations too, such that their remote international teams  can keep productivity at an all-time high and complete work on behalf of local offices that were closed during lockdowns.

If you want to significantly lower the risk of interruption in your key business functions, consider outsourcing some of your operations to proficient international talent as your contingency plan. So that when certain incidents disrupt your local office, your business is flexible enough to let your offshore team is ready to continue your operations.

Explore outsourcing as your fool-proof contingency plan

Creating a contingency plan.

And with the advent of technology and a mature outsourcing industry, transitioning some or all of your back-office processes and other functions has never been easier. Having an offshore team in place can give you much-needed peace of mind that someone has your back in case you need more time to recover from any high-risk events while giving your customers continued access to your products and/or services. Companies have successfully set up their services offshore with us through this 5-step transition plan:

1. Assessment

You can compare your existing facilities to that of your outsourcing partner. Observe if their location, facilities, workspace quality, and back-office support are compatible with your requirements.

2. Preparation

Ensure there’s a room for discussion when it comes to meeting your needs. The right outsourcing partners adjusts to your needs, not the other way around, and gives you the freedom to have full control over your team.

3. Contract

After coming to an agreement on your ideal setup, it’s time to cost it all up. When evaluating your outsourcing provider’s offer, always keep in mind the value of what you’re paying for. Is worth it? Are there any hidden costs?

4. Kick-off

In this phase, your outsourcing partner will take of everything to set you up offshore – hiring talent matched to your required roles, designing an office space conducive for collaboration, while keeping everything transparent with you.

5. Onboarding

As you take charge of aligning your local team and your international office, your outsourcing partner will be there to take care of your offshore team’s day-to-day operations, including back-office processes.

Developing a business continuity plan is one guaranteed way of future-proofing your business, but it’s just the start.

Outsourcing might be your potential fail-safe solution – in cases where your can’t work locally, you’ll always have your international team to carry your business forward. As part of your contingency plan, you have the power to build your office-based dedicated team or add in more flexibility through hiring remote talent.

No matter the uncertainty, it is always better to be prepared than simply being reactive. Keep your business recovery plan at hand so you can be ahead of what’s to come.

Be ready for anything with a reliable outsourcing partner

  • Company Name
  • Company Email *
  • How can we help you? *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

  • Name This field is for validation purposes and should be left unchanged.

Be prepared for anything, outsource with us today!

Outsourcing is a solid business recovery plan you can implement easily with the added benefit of cost-savings and scalability. Get in touch with our expert outsourcing specialists to learn more about our services.

Everything that you need to know to start your own business. From business ideas to researching the competition.

Practical and real-world advice on how to run your business — from managing employees to keeping the books.

Our best expert advice on how to grow your business — from attracting new customers to keeping existing customers happy and having the capital to do it.

Entrepreneurs and industry leaders share their best advice on how to take your company to the next level.

  • Business Ideas
  • Human Resources
  • Business Financing
  • Growth Studio
  • Ask the Board

Looking for your local chamber?

Interested in partnering with us?

Start » strategy, how to build a disaster recovery plan for your small business.

The road to recovery after a disaster doesn’t have to be painful. Learn the six steps you need to take to build an effective recovery plan for your business.

 Business owner standing outside restaurant wearing a mask.

It’s not always possible to avoid the business fallout of a disaster like a pandemic, earthquake, or cybersecurity breach. But you can build a recovery plan to get your business up and running ASAP. Here are six steps you can take to get started.

Review your insurance coverage

Having the right business insurance can be crucial to surviving a disaster. You should regularly review your policies to ensure there are no gaps in your coverage.

For instance, if you live in an area that regularly experiences earthquakes, you want to ensure your policy will protect your business against these risks. You also want to ensure that your insurance will cover the disruption to your company and pay for damages.

[Read more: How to Choose Cyber Insurance ]

Audit your business resources

Next, you want to audit all critical business resources , including:

  • Equipment and other assets.
  • Perishable resources or products.
  • Staff members.
  • Property or real estate.

Once your audit is complete, you’ll know what your business stands to lose if it’s exposed to different types of emergencies. For instance, your business could sustain a lot of physical damage during a flood.

But your business may suffer economic damage during a cybersecurity hack. Auditing your business resources will help you determine which areas of your business to focus on.

Have a plan to backup your data

You must have a reliable data backup plan before disaster strikes. Over 50% of businesses aren’t prepared for a significant data loss, and 60% of those companies end up going out of business within six months.

It’s best to have multiple data backup plans in place. For instance, you could buy and use an external hard drive to back up your company’s data. And you should also backup your data in the cloud so that you can access it from anywhere.

[Read more: What Is the 3-2-1 Backup Rule? ]

Over 50% of businesses aren’t prepared for a significant data loss, and 60% of those companies end up going out of business within six months.

Make a list of key employees

The next step is determining which employees are critical to your business functions. For instance, your IT team would be critical in keeping your electronic processes functioning properly in an emergency, whereas sales reps may not be as necessary.

When an emergency strikes, you should immediately reach out to the employees and internal partners that can help keep your business running. No one can fully recover from a disaster on their own, so utilizing the right people will make your recovery efforts much smoother.

Communicate with your customers

No matter what kind of disaster you encounter, it’s key to have a plan for communicating with your customers. For instance, if your company was the victim of a security breach, you should let your customers know what happened and what steps you’re taking to mitigate the damage.

Make sure your customers know what’s happening and how to get in touch with you. It’s also a good idea to pick one employee to monitor your social media networks and answer questions.

[Read more: 5 Crisis Communication Best Practices Every Small Business Should Know ]

Apply for the Small Business Readiness for Resiliency Program

The U.S. Chamber of Commerce Foundation partnered with FedEx to create the Small Business Readiness for Resiliency (R2R) Program . The R2R program encourages businesses to prepare for natural disasters before they occur and awards grants to businesses in qualifying areas.

You’ll start by downloading FedEx’s Emergency Preparedness Checklist for Small Businesses. This checklist will help you create an Emergency Action Plan for your business.

From there, you’ll apply online and provide more details about your business. If you apply before a disaster strikes in your area, you may be selected to receive a grant to help your business recover.

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

Follow us on Instagram for more expert tips & business owners’ stories.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here .

Next Event: Tax Filing Tips!

Join us on Thursday, February 22, at 12 pm ET for the first episode of our expert series, Ready. Set. Scale.: Smart Tax Tips for a Stress-Free Filing. We will have seasoned leaders offering actionable tips to help minimize the stressors of tax time for small businesses.

Subscribe to our newsletter, Midnight Oil

Expert business advice, news, and trends, delivered weekly

By signing up you agree to the CO— Privacy Policy. You can opt out anytime.

For more business strategies

How to file a beneficial ownership information report for your business, 22 resources for black-owned businesses, 5 quantifiable ways to determine it's time to grow or expand your business.

By continuing on our website, you agree to our use of cookies for statistical and personalisation purposes. Know More

Welcome to CO—

Designed for business owners, CO— is a site that connects like minds and delivers actionable insights for next-level growth.

U.S. Chamber of Commerce 1615 H Street, NW Washington, DC 20062

Social links

Looking for local chamber, stay in touch.

Commonly searched topics:

Article · Jan 28, 2019

9 steps to create a small business disaster recovery plan.

Don’t let a disaster suddenly render your business inoperable. Implement this 9-step disaster recovery plan before it’s too late.

business recovery plan steps

There’s nothing more frustrating than doing everything in your power to be successful, only to see forces out of your control—such as a hurricane, a fire or  cyberattack—suddenly render your business inoperable. What’s worse, disasters can have a devastating impact on small businesses. According to FEMA, between 40-60% of small businesses that suffer a disaster never reopen their doors, and 90% of small businesses that don’t reopen within five days of the catastrophe fail within a year. While larger companies have the time and resources to plan for and survive disasters, many small businesses have no plan in place for such a setback.

Therefore, it’s crucial that small business owners create and regularly update a disaster recovery plan. To avoid a business-breaking catastrophe, think of the following steps as a simple disaster recovery plan template.

1. Create an emergency response plan

When disaster strikes, what’s the first move? What steps should you and/or your employees take in the event of an emergency to stay safe? Once this has been determined, it’s important to decide what employees should do to prevent the loss of assets, inventory, and other property. There should also be a protocol of who to contact and in what order, including the authorities, yourself, and your security team (if you have one). Once you decide on and plan your protocol, assign responsibilities and hold regular training sessions so employees understand their duties.

2. Develop a business continuity plan

As noted above, resuming operations as soon as possible following a disaster should be considered essential.

A business continuity plan typically includes:

  • Business impact analysis (BIA): The goal of a BIA, conducted before a disaster occurs, is to better understand the effects of a disaster on your business. For example, what impact will there be as a result of certain types of disruptions? How will the timing of a disruption affect sales? In other words, a fire in a retail store before the holidays will have a much larger impact than one in February.
  • Recovery strategies: Based on your BIA, identify and document the resources necessary to lessen the impact of a disaster (e.g., data backups, duplicates of important records, contracting with third-party services that provide emergency relief) and conduct a gap analysis to understand what you need compared to what you actually have.
  • Plan development: Develop a framework for your plan, including assigning responsibilities to team members, codifying recovery procedures and developing workarounds for issues that arise as a result of loss of IT infrastructure.
  • Testing: Regular testing of business continuity plans is essential. If testing reveals a weakness in your plan, tweak it and re-test until you’re satisfied that your business will be able to resume operations quickly.

3. Review your insurance coverage

Insurance coverage is a must for any company, but not every kind of business insurance will be helpful in the event of a disaster. Review your current policy and ensure there are no gaps in coverage that could prevent you from collecting. For example, you should have sufficient coverage to pay for the indirect costs of a disaster (such as the disruption to your business) as well as the direct costs such as physical damages.

You can typically purchase additional insurance that protects your business against specific disaster risks in your area, like earthquakes or floods. You can also purchase add-ons that cover damages away from your premises, such as to your key suppliers.

4. Stockpile essential supplies

What will you, your employees, and your business need in the moments immediately following a disaster?

First, create emergency supply kits for your employees to grab in case of a disaster that threatens their physical safety, including bottled water, first aid, cash and device chargers.

Secondly, consider investing in backup systems that can get your business up and running immediately, like a secondary source of power or communications system.

5. Compile important contact information

Don’t wait until a disaster happens to hunt for key people and organizations to contact: Create a list now of who you should call after a disaster, including :

  • Your local emergency management agencies
  • Major clients and customers
  • Insurance agents
  • Insurance company claim representative

6. Create a communications strategy

When it comes to communicating with customers and clients about the state of your business, take every avenue possible. Go both low-tech – post notices outside your business, place a notice in the local paper, contact clients by phone – and high-tech by posting updates on all your social media channels and via your newsletter.

7. Report losses to the SBA

The Small Business Administration offers advice, access to resources, and aid to small businesses across the country – and that includes in the wake of disasters. Businesses of all sizes can borrow up to $2 million to repair or replace damaged or destroyed real estate, machinery or equipment, and inventory. The SBA also offers Economic Injury Disaster Loans up to $2 million to meet working capital needs. 

If your business is in a declared disaster area, you can start the process of applying by visiting the SBA’s website .

8. Discuss logistics with your suppliers and clients

No business exists in a bubble: Your vendors or suppliers could also be affected by a disaster, disrupting your supply chain. Similarly, if you run a B2B business and act as a supplier to another company, your issues could cause problems for your clients.

Communicate with both ends of your supply chain about their own disaster preparedness and identify backup options so no dependent businesses are left high and dry. Unhappy clients may not return when you get back up and running but may be more likely to do so if you offer an alternative replacement supplier ahead of time.

9. Duplicate and backup records and data

You should have up-to-date duplicates of all your important records, contracts, and documents, and keep them off-site in a safe deposit box or secured in the cloud. Additionally, a backup and disaster recovery (BDR) solution can keep data safe from natural disasters as well as cyberattacks or hardware failure – by providing secure, continuous backup and rapid data restoration onsite and via the cloud. This is a good way to always keep your client’s important and sensitive data safe as well.

As a small business, disaster recovery plans can help to protect and insure yourself from the possibility of disaster. If you believe your business is at particular risk for disaster, you may consider enlisting the help of a disaster recovery consultant.

Investing your time and resources against a threat that may never come may feel like a waste – but each minute you spend preparing for a disaster is an hour you’ll save when issues do arise.

Need disaster recovery help?

Need help choosing a solution for your business we can help..

business recovery plan steps

Meredith Wood

Editor-in-Chief at Fundera

Meredith Wood is the Editor-in-Chief at Fundera, an online marketplace for small business financial solutions. Specializing in financial advice for small business owners, Meredith is a current and past contributor to Yahoo!, Amex OPEN Forum, Fox Business, SCORE, AllBusiness and more.

Related content

Managing Carbonite™  Endpoint Backup just became even easier

Sep 28, 2023

Managing Carbonite™ Endpoint Backup just became even easier

As software-as-a-service (SaaS) applications continue to gain popularity, managing users and their credentials becomes more complex, tedious, and time-consuming. Similarly, when employees leave the organization, deprovisioning multiple platforms, applications, and systems is oftentimes inefficient and error-prone—and potentially an open door for disgruntled employees.

Backup and recovery

Easily modernize and migrate your SQL server workloads

Jul 22, 2022

Easily modernize and migrate your SQL server workloads

When businesses hear that “end of support” is approaching for one of their core business systems, it often evokes fear – and a frantic scramble in the IT department to implement a quick fix. On July 12, 2022, Microsoft SQL Server 2012 will reach its end of service – and will reach end of life on July 8, 2025. But fortunately, modernizing your SQL server workloads may be easier than you think!

8 Key Tips for Mastering Migration

Feb 24, 2022

8 Key Tips for Mastering Migration

Migrations can bring costly downtime and data loss when done poorly. That’s just not acceptable for most businesses. But with these 8 key tips, you can ensure a smooth migration experience.

Pro tips for backing up large datasets

Feb 23, 2022

Pro tips for backing up large datasets

Data disruptions and server outages shouldn’t spell disaster for your company. Luckily, backup strategies can help you achieve business continuity and cyber resilience. But before you backup a large dataset, you need to ask yourself these 5 essential questions.

Considering cloning? Combat data bloat with file transfers instead.

Feb 15, 2022

Considering cloning? Combat data bloat with file transfers instead.

Cloning may be a good option for moving your data to a new device. Or it could be a recipe for the same old issues.

Survey: How well do IT pros know AI and machine learning?

Oct 18, 2021

Survey: How well do IT pros know AI and machine learning?

In a survey of hundreds of IT decision makers, we learned a lot about IT professionals’ attitudes toward AI and machine learning technologies.

What a difference a year makes, or does it?

Oct 04, 2021

What a difference a year makes, or does it?

2020 was a year of immense change. One thing is for certain – the world collectively witnessed the increase of digital interconnectivity. We began even more to rely on the internet as a conduit to the world. The rise of remote access to businesses, entertainment and interpersonal connections surged. The death of distance accelerated.

Redundancy for resilience: The importance of layered protection in the cloud

Jul 23, 2021

Redundancy for resilience: The importance of layered protection in the cloud

With so much computing being done in the cloud, having a single point of failure for cloud backups could put a business at risk of a data loss disaster.

Podcast: How to build a cyber resilient business

Jul 02, 2021

Podcast: How to build a cyber resilient business

This podcast discusses the essential components of a well-rounded cybersecurity posture for businesses of any size.

5 Tips to get Better Efficacy out of Your IT Security Stack

Jun 09, 2021

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re in any part of business IT, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, everyone wants better efficacy, but what does that mean? And how do you actually measure and achieve it? Read on for our tips.

U.S. flag

An official website of the United States government

Here’s how you know

world globe

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

business recovery plan steps

Business Continuity Planning

world globe

Organize a business continuity team and compile a  business continuity plan  to manage a business disruption. Learn more about how to put together and test a business continuity plan with the videos below.

Business Continuity Plan Supporting Resources

  • Business Continuity Plan Situation Manual
  • Business Continuity Plan Test Exercise Planner Instructions
  • Business Continuity Plan Test Facilitator and Evaluator Handbook

Business Continuity Training Videos

The Business Continuity Planning Suite is no longer supported or available for download.

feature_mini img

Business Continuity Training Introduction

An overview of the concepts detailed within this training. Also, included is a humorous, short video that introduces viewers to the concept of business continuity planning and highlights the benefits of having a plan. Two men in an elevator experience a spectrum of disasters from a loss of power, to rain, fire, and a human threat. One man is prepared for each disaster and the other is not.

View on YouTube

Business Continuity Training Part 1: What is Business Continuity Planning?

An explanation of what business continuity planning means and what it entails to create a business continuity plan. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about what business continuity planning means to them.

Business Continuity Training Part 2: Why is Business Continuity Planning Important?

An examination of the value a business continuity plan can bring to an organization. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about how business continuity planning has been valuable to them.

Business Continuity Training Part 3: What's the Business Continuity Planning Process?

An overview of the business continuity planning process. This segment also incorporates an interview with a company about its process of successfully implementing a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 1

The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “prepare” to create a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 2

The second of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “define” their business continuity plan objectives.

Business Continuity Training Part 3: Planning Process Step 3

The third of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “identify” and prioritize potential risks and impacts.

Business Continuity Training Part 3: Planning Process Step 4

The fourth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “develop” business continuity strategies.

Business Continuity Training Part 3: Planning Process Step 5

The fifth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should define their “teams” and tasks.

Business Continuity Training Part 3: Planning Process Step 6

The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “test” their business continuity plans. View on YouTube

Last Updated: 12/21/2023

Return to top

At the end of your visit today, would you complete a short survey to help improve our services?

Thanks! When you're ready, just click "Start survey".

It looks like you’re about to finish your visit. Are you ready to start the short survey now?

Create a business recovery plan

A recovery plan will help you respond effectively if an incident or crisis affects your business. It aims to shorten your recovery time and minimise losses.

Definition of business recovery

Business recovery is the return to operations following an incident, crisis, disaster, or significant event.

A business recovery plan is a pre-designed plan that includes:

  • setting timelines to restore critical functions
  • strategies to trade at pre-incident levels as soon as possible

Your recovery plan is part of your business continuity plan that outlines practical strategies to help you manage and stage a recovery from a crisis.

Thumbnail of business continuity planning Word template

Download the business continuity plan template

This template includes a Recovery section.

Use this page to consider how your business can recover from a crisis, then complete the recovery section of the template.

Download the business continuity planning template .

Business recovery planning

In some cases, such as a pandemic, there may be several steps and stages of recovery. For example, a lockdown may occur several times and the business will need to recover operations as quickly as possible after each event.

Unlike an incident response plan, the business recovery plan has a longer-term view.

The business recovery plan covers:

  • strategies to recover from a range of incidents
  • objectives around time-frames to fully recover all business functions
  • a description of key resources, equipment, and staff required
  • checklists to ensure all actions have been done.

The best method to help define recovery times is to conduct a business impact analysis and identify critical business activities. Find out more about identifying and managing risk .

Analyse how long it will take to bring each activity back online or make operational again, for example, restoring backups of critical IT systems on your computers or replacing lost stock. Capture this in the recovery section of your business continuity plan.

Strategies from the small business disaster hub

Natural disasters :

  • cyclone and storm surge
  • severe storm

Major health event :

  • localised outbreaks
  • food poisoning and contamination

Emergency :

  • biosecurity threats (pest and animal disease outbreaks)
  • workplace accidents or deaths
  • dangerous material spills, leaks, or explosions
  • loss of power or infrastructure
  • major transport disasters
  • terrorist or major criminal incidents
  • climate change risks

Information technology (IT) threat

  • cyber-attack or data hacking

Reputation incident :

  • highly negative media or social media coverage
  • rumour-driven crisis
  • inappropriate workplace behaviour (e.g. bullying, harassment)
  • organisational misdeeds and legal action (e.g. fraud, theft)

Designate a recovery team

As with the incident response plan , consider a team to manage business recovery.

Your team may be internal, such as the leader with clear objectives for all critical business functions, or external with advice and support from your accountant, legal representative, or business mentor.

As part of the planning, your team should receive training or advice on incident recovery and any designated tasks. This training could include skills to run the recovery remotely and the use of your emergency kits.

Clarification about who is needed for the recovery team, team training and practice drills are important parts of your preparation.

Past disasters and other incidents show that small businesses:

  • often need and look for external help to aid internal staff with full recovery (e.g. emergency services, banking and finance operators, council, and government assistance)
  • recover in different ways and at different speeds (e.g. external mental health services may form part of your recovery plan)
  • can struggle to make important decisions for many months (i.e. being without a clear recovery plan with achievable actions will slow down progress).

Your team should know about employment requirements and obligations before, during and after an incident or event.

Learn more about employment entitlements during natural disasters and emergencies from the Fair Work Ombudsman.

Communicating during the recovery

The recovery team should communicate as soon as possible with all staff and key stakeholders usually within the first 24–48 hours of the incident.

As the recovery commences and well after the event, it is important to communicate regularly with suppliers, customers, and internal staff. You should provide the current state of progress and any changes that you've implemented to restore operations (e.g. establishing contracts with alternative suppliers or changes to opening hours).

Stages of recovery

Business recovery after an incident may occur in stages.

Initial stage

Activities in the initial stage include:

  • returning to your business site only when safe
  • protecting yourself and your staff when returning to the site
  • staying alert to dangers if the emergency event is not yet resolved
  • monitoring emergency updates and broadcasts
  • working with insurance companies to assist in recovery
  • securing the business site if necessary and safe to do so.

Early stage

Activities in the early stage include:

  • working with professional advisers (e.g. accountant, business mentors to design financial recovery and approach banking or other financial support to maintain cash flow whilst recovering)
  • forecasting cash flow over a prolonged period (e.g. 3–36 months)
  • insurance rectifications to premises and equipment
  • relocation or 'building back better'.

Long-term stage

Activities in the long-term stage include:

  • re-negotiating loans
  • reviewing emergency plans and kits
  • new products and services
  • thanking customers, community and celebrating overcoming the incident with staff.

Learn how to monitor the recovery process using a checklist .

Also consider...

  • Learn how to write a business continuity plan .
  • Read more about preparing an incident response plan .
  • Develop a recovery checklist .
  • Last reviewed: 24 Nov 2022
  • Last updated: 28 Feb 2023

Taking Care of Business: How to Write a Business Recovery Plan

Taking Care of Business: How to Write a Business Recovery Plan

Last time, we looked at how to write recovery plans to protect your organization’s computer systems and applications. In today’s post we’re going to lay out how to write plans to recover your business processes.

Related on MHA Consulting: The Science and Art of Writing an IT/DR Recovery Plan

Protecting Your Business Processes

Two weeks ago we tackled the subject of how to write an IT/DR recovery plan. Today we’re going to look at the other side of the coin by discussing how to write a plan to protect your business processes.

In the current environment, businesses are under several new types of threat, including from the pandemic, extreme weather, the supply crunch, and the rise in ransomware attacks.

Given these conditions, what can companies do to protect their businesses? The answer is, identify their critical business processes and write plans showing how to recover them in the event of an outage. This will minimize downtime and protect the organization’s ability to carry its mission.

The Four Types of Disruption

The first step in devising recovery plans for any department is thinking about the four types of disruption. Your plans need to protect your business processes from the following four types of event:

· Building loss

· Technology loss

· Third-party loss

· Personnel loss

Identifying Threats and Dependencies

Next identify the top four or five threats you face under each of the four types of events. You might have already identified these in conducting your business impact analysis (BIA) or threat and risk assessment (TRA).

Also, think about your dependencies: the things, people, and third parties you need in place for your recovery plans to be executable.

There are four main types of dependencies:

1. Application dependencies. Applications needed for the process (and how will you work if those are not available).

2. Equipment dependencies. The gear that must be available in order for your recovery plans to work.

3. Third-party dependencies. Data pertaining to third parties you might need to execute your plans and recover or sustain your business processes.

4. Relocation dependencies. Centralized alternate work sites and/or work from home requirements.

Taking Action

The next thing to look at in devising your business recovery plans is the actions that must be taken.

Immediate Actions. The actions that must be taken right away to protect people and property. After you are sure everyone is safe, identify and address any issues associated with your business processes that you have to take care of in the next 30 minutes. You might need to contact management, other employees, or some of your vendors or customers.

Containment Actions. Steps that must be taken to reduce further damage or impact from the event.

Recovery Actions. Actions that must be taken to move the department back toward normal operation. Common recovery actions include:

· Establish how people will travel to an alternate site and the first set of actions the recovery team will do when it gets there. Consider what will happen when people are working from home.

· Restore functions in order of importance as dependencies allow.

· Identify and document manual workarounds as needed.

· For each business process, develop recovery steps for the risks you’ve identified, then work out how you’re going to recover that process. Ensure you have identified manual workarounds to use if applications or technology are not available.

· Document any operational or relocation changes.

· Based on the risks and impacts, document specific actions that are going to be taken for each business process.

· Be prepared in case primary staff is unavailable and untrained people are required to perform key recovery tasks. You might need to hold a thirty-minute training session so secondary or tertiary staff will be capable of handling these tasks. Such training sessions should be included in your recovery plans. See below for information on documentation.

· In cases where relocation of operations is necessary, carry out the previously identified tasks needed to achieve this objective, such as changing phone numbers and implementing alternative communication arrangements.

Including Essential Reference Information

The last major element of your business recovery plans is your reference information. This is information you might need that isn’t included elsewhere in your plans. Either provide the information’s location or include a copy in your plan’s appendix.

The following are documents that are typically included in this group of resources:

· Asset List. List of important departmental assets such as laptops, phones, and special printers.

· Process documentation and SOPs. Documents that explain how to perform the department’s primary operations and activities.

· Employee List. List of departmental personnel with contact information. Might include a proposed employee work schedule for use during recovery. Such a schedule would list the various roles at the department and indicate how many employees in that role would be needed and for which times.

· Vendor List. List of names, products or services supplied, contract IDs, and contact information for key vendors.

Taking Care of Business

Protecting your business requires devising plans to recover your key business processes in the event of an outage. In today’s technology-driven environment, many organizations give short shrift to protecting their business processes. Don’t make this mistake. Follow the suggestions above to make sure your company will be able to quickly resume its critical business processes in the event of an emergency.

Further Reading

For more information on writing business continuity recovery plans and other hot topics in BC and IT/disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS:

  • The Science and Art of Writing an IT/DR Recovery Plan  
  • Powering On: How to Be Ready for a Power Outage  
  • The 4-3-3 Rule for Writing Business Recovery Checklists  
  • Sounds Like a Plan: The Elements of a Modern Recovery Plan  
  • Staying Current: Why You Need to Keep Your BCM Plans Up to Date  

business recovery plan steps

Richard Long

Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.

Powering On: How to Be Ready for a Power Outage

A little help: how to select a bcm consultant, you may also like, about time: deciding when to start your rto countdown.

Many organizations lack a clear, recognized understanding of when the metaphorical switch will be flipped to start the recovery time objective (RTO) countdown timer. There are two options, either of which can […]

A Home Away From Home: Crafting a Site Recovery Plan

If a disaster strikes one of your organization’s critical sites, you might need to temporarily shift its operations to a home away from home. To be ready for this eventuality, your organization […]

The Benefits of Stressing Out: Why You Should Stress Test Your Recovery Plans

In everyday life, stress is usually regarded in a negative light, but in business continuity management, stress testing your recovery plans can play a very positive role in improving an organization’s resilience. […]

Learn from the Best

Get insights from almost 30 years of BCM experience straight to your inbox.

We won’t spam or give your email away.

  • In the Community

Business Continuity

Business Continuity

Crisis Management

Crisis Management

Disaster Recovery

Disaster Recovery

BCaaS

Program Augmentation

Training and Awareness

Training and Awareness

Discover our intuitive BCM software.

business recovery plan steps

Learn from the best.

business recovery plan steps

Compliance Confidence

BIA On-Demand

BIA On-Demand

BCM Planner

BCM Planner

BCM One

See Our Software in Action

Schedule a demo.

Theron Long - BCMMETRICS Demo

BCM Services backed by experience

business recovery plan steps

Logo

Business Recovery Plan Template

Business Recovery Plan Template

What is a Business Recovery Plan?

A business recovery plan outlines the steps a business should take in order to respond to a disruption or crisis. It should include strategies and plans that allow a business to quickly recover and continue operations. It should also include contingency plans in case of a prolonged disruption or crisis.

What's included in this Business Recovery Plan template?

  • 3 focus areas
  • 6 objectives

Each focus area has its own objectives, projects, and KPIs to ensure that the strategy is comprehensive and effective.

Who is the Business Recovery Plan template for?

This business recovery plan template is designed for business leaders and teams to create a plan to recover from a business disruption or crisis. It is intended to help business leaders and teams create an effective and efficient plan that covers all aspects of the business.

1. Define clear examples of your focus areas

Focus areas are the areas of the business that you want to prioritize. Examples of focus areas are improving financial security, enhancing customer service, strengthening digital security, or improving operational efficiency. It is important to recognize what areas of the business need attention and prioritize those areas in your plan.

2. Think about the objectives that could fall under that focus area

Objectives are the goals that you want to achieve in each focus area. These should be specific, measurable, and achievable. Objectives should be SMART: Specific, Measurable, Achievable, Relevant, and Time-bound. Examples of some objectives for the focus area of Improve Financial Security could be: Reduce Financial Risk , and Increase Revenue .

3. Set measurable targets (KPIs) to tackle the objective

KPIs, or key performance indicators, are measurable values that help to track the progress of an objective. KPIs should be tracked regularly to ensure that the objectives are being met. Examples of KPIs include revenue targets, cost savings targets, customer satisfaction scores, and more.

4. Implement related projects to achieve the KPIs

Projects are the actions that you take in order to achieve the objectives and KPIs. Projects should be specific and measurable, and they should be linked to the objectives and KPIs in order to ensure that they are effective. Projects should also be designed to be completed within a set timeframe. An example of a project related to Improve Financial Security could be: Increase Cash Reserves .

5. Utilize Cascade Strategy Execution Platform to see faster results from your strategy

The Cascade Strategy Execution Platform is an easy-to-use tool that helps business leaders and teams create, manage, and track strategic plans. It provides all the features necessary to create and manage a business recovery plan, including project management, goal tracking, KPI tracking, and more. The platform also provides real-time updates, allowing you to quickly and accurately track progress on your plan.

Business Recovery Plan- Checklist for Small Businesses

Jin Hyun

Regardless of the business or industry, unforeseen disruptions are unavoidable. In these situations, organizations can rely on their business recovery plans to minimize damage to company finances and reputation. This plan should outline a comprehensive multi-step strategy for companies to follow in the event of an emergency and ensure they can return to operations as smoothly and quickly as possible.

What is a Recovery Plan?

what is a recovery plan 1597998839 6083

Natural disasters, cyber-attacks, and economic breakdowns can all pose unexpected threats to a company. For a small business, disasters can have an especially adverse impact, with up to 60% of small businesses shutting down following a disaster. Though larger companies have more resources to recover from disruptions, it does not mean that they are completely immune. Data has shown that 25% of businesses that close after a disaster never reopen, regardless of their size. This is why recovery plans are essential for businesses to deal with a range of potential operational disruptions. A recovery plan will evaluate a company's exposure to certain threats (natural or otherwise), review insurance plans, create resilience in the supply chain, and formulate a comprehensive strategy.

Disaster Recovery Plan- 10-Step Checklist

disaster recovery plan 10 step checklist 1597998839 3919

  • Impact Analysis - The business impact analysis is conducted before a disaster occurs to understand its potential consequences. How would disruptions impact sales, communications, etc.? This also looks at the different times of the year when a disruption could occur and how the impact will vary based on timing.
  • Strategies for Recovery - The next step is to document the resources necessary to reduce the negative impact (backing up data, duplicate records, insurance, etc.). The company should then determine what is currently accessible and what it needs to enact the strategies in a gap analysis.
  • Plan Development - A planning framework is then developed. This includes role assignments for team members and specific recovery procedures.
  • Training and Testing - Finally, regular training and testing of the plan will reveal any weaknesses and subsequent changes that need to be made for the plan to be effective.

disaster recovery plan 10 step checklist 1597998839 5074

4. Insurance Coverage Review Companies should review their insurance plans to determine which disasters are covered and reveal any gaps in coverage for unique circumstances. Additional insurance plans and add-ons to the current agreement can be purchased to cover specific risks, such as natural disasters and accidents. 5. Essential Supplies Emergency supply kits will be beneficial in the moments following an emergency. These are made up of First Aid supplies, water, cash, device chargers, and more. A company should also consider investing in backup systems like additional power sources or systems of communications. 6. Compile Contact Information Companies will need to create a list of emergency contacts, including authorities, emergency agencies, clients and customers, vendors, insurance agencies, lenders, and more. 7. Communication Strategy Creation After the disruption, communicate with clients and customers to keep them informed on what's happening with your business. Organizations can do this on their social media platforms and website, or by email. It's also beneficial to create physical notices such as posters or directly contact affected consumers by phone. 8. Report Losses The Small Business Administration (SBA) can offer access to resources, advice, and aid to small businesses in the U.S. This organization provides disaster relief efforts and funding to help companies get back up and running.

disaster recovery plan 10 step checklist 1597998839 3053

9. Supplier and Client Logistics If a business is affected by a disaster, it's likely that the vendors and suppliers have been at least indirectly affected as well. Communicate with the supply chain in all directions, especially if it is a B2B business, which can affect clients and their customers down the line. Identify options to deal with potential negative events before they occur, and stay in regular communication as the recovery procedures continue. 10. Backup Records and Data Duplicate all important records, documents, data, and contracts, keeping them stored virtually in the cloud and physically in a file. Businesses can utilize cloud-based technology to prevent data loss following disruptions.

Must-Read Content

business impact analysis guide to uncovering risks in an organization 1597178112 4732

Business Impact Analysis- Guide to Uncovering Risks in an Organization

risk assessment process 6 steps to follow 1597349667 1384

Risk Assessment Process- 6 Steps to Follow

creating business resilience 4 things to remember 1597995964 1797

Creating Business Resilience- 4 Things to Remember

risk mitigation plan 5 strategies to consider 1597995274 9795

Risk Mitigation Plan- 5 Strategies to Consider

the 3 components of reputational risk management 1597997546 6030

The 3 Components of Reputational Risk Management

7 types of business risks and how to counteract them 1598286958 5330

7 Types of Business Risks and How to Counteract Them

  • Business Strategy
  • People Strategy
  • Leadership Development
  • Organizational Excellence
  • White Papers
  • Testimonials

5 Steps to Business Recovery - Starting Now

  

If you lead a business, your mind is likely focused on survival and minimizing your losses, both economic and people-related. There’s another key element to put front and center though — a timely and effective recovery. Take it from one who has led emergency efforts in large organizations: plan now for life on the other side. If you do, you’ll come out better, and in a better market position. Count on it. 

      

The good news is that this work is also part of the healing process, to begin to put in motion steps to return to normal operations. Depending on your business type, there are different ways to plan your business recovery, however we recommend considering a phased return, especially in health emergencies. That allows you to ramp up production and revenues as you have a more consistent workforce presence.  Also, if there are waves of illness over time, you will still have the core workforce to proceed effectively.  Other than that broad recommendation in view of this situation, here are five key steps to guide your project plan for a business recovery: 

1. Adjust your mindset. Look in the mirror, and find the positives around you. Attitude is key to a successful recovery, and that starts from within. What are the new discoveries that you and your team learned through the crisis? How did it help you to advance skills, knowledge or new services? What of those learnings and changes should be continued, or built upon? It’s easy to see the challenges, yet if we look, there are likely a lot of positives too. Positive energy and focus is energizing and engaging. Lead with positivity, and watch the recovery truly begin. Balance every challenge with a positive outcome.  

2. Evaluate your current state. As a leader, you need to set the direction for the company’s future, in full reality of your current position. Survey the damage, and take an honest view of a phased recovery in terms of revenues, market impact and resources. If you have had some workers work out of their home, and it’s working for you and them, can that continue? If you have had to shut down entirely, what are the product or service lines that are strongest, and most in demand, that you should scale back into operations first? Are you marketing now to be top of mind once the recovery is clear? We recommend doing a risk evaluation/assessment of your business and talent strategy, customer relationships, infrastructure/needs, operations & financials. You may also need to evaluate a long-term capital or facility plan. Be clear, honest and confident. If you need a tool to help you objectively evaluate your organization, we can help. 

  Business Recovery Assessment Tool       

3. Update the long term strategy. This may seem counterintuitive, however taking a longer-term view first helps to manage the short-term recovery more effectively. Did you have a business strategy before the crisis? What were the key items that you committed to do? Where are those priority items now? It’s absolutely OK for strategic priorities and objectives to shift. Often they remain, however, there are some interim actions needed to get back on track. Those items need to be added to the implementation action plan, and likely some timeframes need to shift. Engage other key leaders and stakeholders in offering feedback to the plan and changes needed. Broader input helps to reduce blind spots, and gain buy-in, especially if additional steps are needed. Once the long-term plan is set and considers all of the additional learnings and strengths through the crisis, it’s time to move to action. 

4. Identify short-term priorities. Identify the top three things for stage 1 recovery, up to 25% of your business operations. These often fall into a few themes: 

Structure/Infrastructure - what physical changes need to be restored? 

Financial - what accounts payable and accounts receivable need attention, either to support your brand reputation, or cash flow? 

People - what changes have you experienced in your workforce and talent needs? Where are the biggest gaps that you need to fill first? 

Customer care - how are you planning to engage your current, former, and new customers? Have you updated your marketing strategy?  

Operations - have you identified ways to increase efficiencies through the crisis? Can you standardize those modified processes? 

Recognize that you can’t do everything at once. Balance is key to recovery. Create specific priority actions with the goal of achieving 25% of your former monthly operating revenue within 30 days. From there, target a phased increase each month until you’re back on track. 

5. Be visible and show your cultural values. In the midst of a recovery, your team needs to see you, and hear from you often. Even though you have 500 items on your to-do list, the most important one is to connect with your team and your customers. No one else can do that for you, and everyone is watching. If you listen, engage, problem-solve, and reflect trust and transparency in action, your team will rally like never before. They want you to partner with them.  Do it . This truly is a great opportunity to strengthen and align your culture like never before. You’ve just been through a horrendous challenge, and everyone is thankful to be on the path to a mend. You’re leading it, and they need to have confidence and trust that you’ve set the right direction. If you’re present, you can answer questions timely, show respect and gratitude, and learn more about what your customers want and need from your products and services. That builds relationships, and dramatically increases your chance of success with your business recovery strategy!

There are many other relevant best practices for business recovery in specific industry sectors. We serve as trusted advisers to guide the process with you, for the best results. Making mistakes in a recovery process can cost you the future. Make wise choices, and call us to get it right the first time!        

Let's Connect

Your Success is Our Success

Dawn Garcia is Principal and Founder of Pursuit of Excellence LLC, an independent business management consulting firm specializing in service-based businesses; delivering leadership, business and talent strategy, and execution expertise. Experience the Excellence Driven® System and The Predictive Index ®  for your business, and achieve the results you need! Every business needs help at some point; great business leaders actually get help when needed, realizing greater returns. 

When you need help, consult the experts. We're here for you and your business!

  • Starting a Business
  • Growing a Business
  • Business News
  • Science & Technology
  • Money & Finance
  • Subscribers For Subscribers
  • Store Entrepreneur Store
  • Spotlight Spotlight
  • United States
  • Asia Pacific
  • Middle East
  • South Africa

Copyright © 2024 Entrepreneur Media, LLC All rights reserved. Entrepreneur® and its related marks are registered trademarks of Entrepreneur Media LLC

JUST RELEASED: View the 2024 Franchise 500 Ranking

5 Small Business Strategies to Recover, Rebuild and Be Ready Small business owners can adopt these recovery strategies to recover and thrive in unpredictable conditions.

By Zaheer Dodhia • Apr 6, 2021

Opinions expressed by Entrepreneur contributors are their own.

We are living through a very uncertain time — from day to day it seems almost impossible to predict what will come next.

It's easy to see that the rather dramatic occurrences in 2020 have impacted businesses of all sizes, and especially small businesses. One study of 5800 small businesses in the US pointed to the fact that smaller companies tend to be "financially fragile," which only exacerbates the problems that face them during times of national crisis, for instance.

It's impossible to fully predict what will happen in 2021 and beyond, but there are strategies that can help small businesses stabilize and grow. Let's discuss five of them here.

Build multiple revenue streams

Plenty of content has been compiled on multiple revenue streams and how to create them and there are even business experts that tout a variety of revenue streams as the most surefire way to become a millionaire.

Related: A Math Teacher Went From Earning $5,000 a Month to $28,000 Thanks to 6 Strategic Money Decisions

Of course, everyone wants to be a success. So whether your goal is to become a millionaire or not, looking into multiple revenue streams within your small business is worth the effort.

Very few businesses are built around a single product. It's nearly impossible to sustain a business with such a narrow focus. The more products you have to sell, the more likely you are to be a success.

But building multiple streams of revenue is about more than just selling different products — it's also often about marketing from different platforms, to different customers, or creating passive income. Potential revenue streams that could be added to your product line include a variety of ideas, such as:

YouTube videos, possibly centering on how to use your products or on your brand and employees

Complementary products, such as tools that are required in order to use your main product

Consulting services, appealing directly to the people who use your product

Installation and maintenance services that facilitate the use of your product

Think of it in percentages. If your main product makes up 80 percent of your revenue, then if it gets hit by an economic downturn, you've lost 80 percent of your overall income. If you have ten different revenue streams, however, and you lose one, you still have 90 percent coming in. Those are two extremes to illustrate how it can work, but how you put it into practice depends on you.

There's really no limit on the different types of revenue that can be added to your main source. It all depends on the type of business you run, the need in the market, and your own imagination.

2. Find funding before you need it

Every good business owner realizes that there will be good times and bad times for the business. Smart business owners look for enough funding, secured in the right way for the right time, to get through the bad times.

This means accurately assessing your needs as a new business, and keeping a finger on the pulse for what is to come in the future as you grow. Your needs won't just be internal, such as paying for overhead; those financial needs should also continue to change as you create new products, reach new customers, and build your business.

Related: Leadership Is Like Engineering: You Need to Start with Why

Don't wait until the last minute to look for funding. The world's an uncertain place, and having funding will help your company to weather the storms that may come without notice. Keep your funding in place for when it is needed, whether through investors and backers, through small business loan programs, or through your own savings if absolutely necessary.

3. Leverage your branding to build loyalty

One of the most important aspects of a successful business is the loyalty of your customers. If you create a brand that is worthy of loyalty, it will be that much easier to sustain your company in times of economic downturn. Even if your customers can't shop with you as often or as extensively as they might have before, they will still do their best not to turn their back on you. Leverage that loyalty in a number of ways:

Reward your customers for their loyalty now. Put a loyalty program into action; give them rewards for sharing your business with others; and focus on how valuable each one is to your company. Make it personal.

Reach out to your audience on social media. Create conversations that allow them to see your brand as authentic. Around 90 percent of consumers cite authenticity as a deciding factor in the brands they support.

4. Invest in your customer service

Customer service often takes a backseat in terms of strategy. You might assume that customers want to be loyal, especially if you've invested adequate time into building customer relationships, marketing effectively, and reaching out on social media.

Those elements can be treated as the groundwork but do take pains not to disappoint them. Respond to questions or concerns quickly. Don't ever ignore a customer who reaches out.

If customers have only negative things to say about your business, do whatever it takes to make it right. It's far more expensive to have a disgruntled ex-customer spreading their horror story around than it is to make their next product on the house.

One of the best ways to do this is by integrating an excellent customer service system into your website. If you can't have a service agent standing by at all times, use a well-designed chatbot that knows when to bring in a real human. Send acknowledgment messages when you get emails, and always follow up on any correspondence.

Basically, make your customers feel like they matter to you. If they don't matter to you, you won't matter to them when the time comes for support and loyalty.

5. Create a unique identity

The final key for building a small business that will recover from any economic downturn is to create something truly unique. As you build your customer base, pay attention to feedback, gaps in the market, and other indicators to tell you what's missing; if you have a product with a lot of competition, look to what details can make you truly stand out from the rest.

Along with a unique product, create a unique brand identity — harmonize your messaging, visuals, social media presence, and all other aspects to create something that is completely distinguishable from other companies, which draws the attention, and which creates a personal connection with your viewer through each and every aspect.

Ultimately, no one knows what might happen to our economy in the coming year. But following the old adage, "Hope for the best and prepare for the worst," isn't a bad idea. If you make sure that your small business is in a position to recover from any potential economic downturn, you can plan for the future and for the successful growth of your company.

Entrepreneur Leadership Network® Contributor

Founder and CEO of Logo Design

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick Red Arrow

  • Three Buddies Wanted to Have a Better Time at an Outdoor Festival. Their Invention Turned Into a $43 Million Business .
  • Lock This Fun, Flexible Side Hustle Pays $35 an Hour and Gets You Into Exclusive CEO Summits, Music Festivals, and Sports Events
  • 3 Hacks That Can Help You Get High-Quality Matches on Dating Apps , According to the Lead Engineer Behind a Very Exclusive One
  • Lock This Retirement Trend Is Helping People Ease 'Financial Anxieties' and Avoid 'Loss of Purpose,' Workplace Expert Says
  • Lock These 3 Quotes From Jeff Bezos Will Change How You Run Your Business
  • The Job Is Finished, Now What? 7 Lessons and Cautionary Tales About Life After Power From Former Presidents .

Related Topics Red Arrow

Most popular red arrow, these are the highest-paying side hustles for a single day of work.

Earn the most money in the least amount of time.

55 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Mastering the Skill of Convincing Stakeholders to Approve and Execute Ideas

There's a big difference between approval-seeking and being your own biggest advocate.

For Years, This Black Founder Learned an Uncommon But Essential Craft on the Side. Now His Creations Are Beloved By Celebrity Chefs — and Can Sell for More Than $1,000.

A chance encounter with a legendary knifemaker would lead Quintin Middleton, owner of Middleton Made Knives, to follow his long-time passion into business.

TikTok's CEO Is an Honorary Chair at the 2024 Met Gala

Conde Nast's Chief Content Offer, Anna Wintour, made the announcement Thursday.

5 Proven Ways to Maximize Your Profitability as a First-Time Author

Unlock the secrets to turning your debut book into a profitable venture with proven marketing tactics.

Successfully copied link

comscore

A visual representation of a person using digital tools to restore systems after a breach

A disaster recovery plan (DRP) is a detailed document that outlines how an organization will respond to an unplanned incident. Along with business continuity plans (BCPs) and incident response plans (IRPs), DR plans help ensure businesses are prepared to face many different types of disasters, including power outages,  ransomware  and  malware  attacks, natural disasters and much more.

A strong DRP helps quickly and effectively restore connectivity and repair data loss after a disaster. Worldwide, companies are poised to spend USD 219 billion this year alone on  cybersecurity  and solutions, a 12% increase from 2022,  according to a recent report by the International Data Corporation (IDC)  (link resides outside ibm.com).

What is a business continuity plan?

Like a DRP, a business continuity plan (BCP) is a part of the  disaster recovery  process that helps businesses restore normal operations in the event of a disaster. BCPs typically take a broader look at threats and resolution options than DRPs, focusing on what a company will need to restore basic business functions after an incident.

What is an incident response plan?

Incident response plans (IRPs) are a kind of DRP that focus exclusively on cybersecurity and threats to information systems. An IRP clearly outlines an organization’s emergency response from the moment a threat is detected through its mitigation and resolution. An IRP seeks to address the specific damage done by a  cyberattack , and focuses exclusively on preparedness for threats to technology, IT infrastructure, business operations and reputation.

Be better prepared for breaches by understanding their causes and the factors that increase or reduce costs. Explore the comprehensive findings from the Cost of a Data Breach Report 2023.

Subscribe to the IBM newsletter

Disaster recovery plans (DRPs) play a critical role in the development of an overall security plan that helps ensure stakeholders, clients and investors that a business is being run responsibly. Enterprises that don’t take the necessary steps to ensure preparedness face a variety of risks, including costly data loss, operational downtime, financial penalties and reputational damage. 

Here are some of the benefits that businesses who invest in creating a strong DRP can enjoy:

Shorter downtimes:  Many of today’s top businesses rely heavily on technology for normal operations. When an unplanned incident disrupts business as usual, it can cost millions. Additionally, the high-profile nature of cyberattacks and the frequently analyzed length   of their downtimes can result in customers and investors losing confidence. Strong, vigorously tested DRPs help companies get back up and running swiftly and smoothly after an unplanned incident.

Reduced recovery costs:  Recovering from an incident can be expensive. According to IBM’s recent Cost of Data Breach Report , the average cost of a breach in 2023 was USD 4.45 million, a 15% increase over the last 3 years. Enterprises with strong DRPs in place can significantly reduce the costs of business recovery and other fallout from an unplanned incident. The same report found that, on average, organizations that use security AI and automation extensively save USD 1.76 million compared with organizations that don’t.

Lower cyber insurance:  Because of the scale and frequency of cyberattacks, many enterprises rely on cyber insurance to protect them from dangerous security breaches. Many insurers simply won’t ensure an enterprise that doesn’t have a strong DRP in place. DRPs can help reduce your business' overall risk profile with insurers and help keep premiums low.

Less fines in heavily regulated sectors:  Businesses that operate in heavily regulated sectors like healthcare and personal finance face heavy fines and penalties for data breaches. Shortening response and recovery lifecycles is critical in these sectors as the amount of a financial penalty is often tied to the duration and severity of a breach. Put simply, enterprises with robust DRPs in place are in a better position to recover quickly and wholly from an unplanned incident and face fewer fines as a result.

The most effective disaster recovery plans (DRPs) are developed in conjunction with strong business continuity plans (BCPs) and incident response plans (IRPs) that provide crucial support in the event of an incident. Before we go over the steps necessary to create one, let’s look at a few key terms that will be essential in understanding how DRPs work and what to consider when building your own.

Failover/failback:  Failover is a widely used process where IT operations are moved to a secondary system when a primary one fails due to a power outage, cyberattack or other threat. Failback is the process of switching back to the original system once it has been restored. For example, a business could failover from its  data center  onto a secondary site where a redundant system will kick in instantly. If executed properly, failover/failback can create a seamless experience where a user/customer isn’t even aware they are being moved to a secondary system.

Recovery time objective (RTO):  RTO refers to the amount of time it takes to restore business operations after an unplanned incident. Establishing a reasonable RTO is one of the first things businesses need do when they’re creating their DRP. 

Recovery point objective (RPO):  Your business’ RPO is the amount of data it can afford to lose in a disaster and still recover. Some enterprises constantly copy data to a remote data center to ensure continuity in case of a massive breach. Others set a tolerable RPO of a few minutes (or even hours) and know they will be able to recover from whatever was lost during that time.

Disaster Recovery-as-a-Service (DRaaS):  DRaaS is an approach to disaster recovery that’s been gaining popularity of late due to a growing awareness around the importance of data security. Companies that take a DRaaS approach to creating their DRPs are essentially outsourcing their disaster recovery to a third party. This third party hosts and manages the necessary infrastructure for recovery, then creates and manages response plans and ensures a swift resumption of business-critical operations.  According to a recent report by Global Market Insights (GMI)  ( link resides outside ibm.com), the market size for DRaaS was USD 11.5 billion in 2022 and was poised to grow by 22% percent this year.

With the prevalence and rising sophistication of cybercrime, most organizations are focusing their disaster recovery plan (DRP) efforts on their information technology (IT) infrastructure, including critical data backup procedures (both on and offsite) and data protection. Here are a few examples of IT disaster recovery plans that have been tailored to fit a specific threat or business need.

A data center DRP focuses on the overall security of a data center facility and its ability to get back up and running after an unplanned incident. Some common threats to data storage include overstretched personnel that can result in human error, cyberattacks, power outages and difficulty following compliance requirements. Data center DRPs create operational risk assessments that analyze key components, such as physical environment, connectivity, power sources and security. Since data centers face a wide range of potential threats, their IT DRPs tend to be broader in scope than others.

Network DRPs rely on a clear set of steps to help an organization recover from an interruption of network services, including internet access, cellular data, local area networks (LAN) and wide area networks (WAN). Given the importance of many networked services to business operations, an effective network DRP must clearly outline the steps, roles and responsibilities needed to restore services quickly and effectively when a network has been compromised.

A virtualized DRP can dramatically enhance the effectiveness and speed of a recovery effort. Virtualized DRPs rely on  virtual machine  (VM) instances that can be ready to operate within a couple of minutes. Virtual machines are representations, or emulations, of physical computers that provide critical application recovery through high availability (HA), or the ability of a system to operate continuously without failing.

Given the prevalence of  cloud computing  in many enterprise workloads, having a tailored DRP for the restoration of cloud services is becoming more and more common. Cloud DRPs outline a series of steps that ensure cloud data is backed up and apps and systems that rely on the cloud are restored smoothly.

The development of a DRP starts with an analysis of business processes—or business impact analysis (BIA)—as well as risk analysis (RA) and a few clearly defined recovery objectives. While there is no reliable, one-size-fits-all template, there are several steps you can take—regardless of company size or industry—to ensure you have a process in place to face a variety of incidents.   

A business impact analysis (BIA) is a careful assessment of each threat a company could face and what its ramifications might be. A strong BIA examines how a potential threat might impact things like daily operations, communication channels and worker safety. Some examples of potential considerations for a BIA include loss of revenue, cost of downtime, cost of reputational repair (public relations), loss of customers and investors (short and long term) and any incurred penalties from compliance violations.

Different industries and types of businesses face different threats, so risk analysis (RA) is critical to determining how you’ll respond to each one. You can assess each risk separately by considering both its likelihood and potential impact. There are two widely used methods for determining risk: qualitative and quantitative risk analysis. Qualitative analysis is based on perceived risk, while quantitative analysis is performed using verifiable data.

To recover from a cyber incident, it’s important to have a complete picture of the assets your enterprise owns. Doing regular inventory helps identify hardware, software, IT infrastructure, data and other assets that are critical to business operations. You can use the following labels as a starting point to divide your assets into three overarching categories, then assign them more specific labels as needed:

  • Critical: Only label assets as critical if they are required for your normal business operations.
  • Important: Give this label to assets that are used at least once a day and, if disrupted, would have an impact on business operations (but not shut them down entirely).
  • Unimportant: These are assets your business uses infrequently that are not essential for normal business operations.

The roles and responsibilities section of your disaster recovery plan (DRP) is arguably the most important. Without it, no one will know what to do in the event of an unplanned incident. While actual roles and responsibilities will vary greatly depending on the type of business you conduct, here are some typical roles and responsibilities contained in most DRPs:

  • Incident reporting: You should assign an individual (or individuals) in each department whose sole responsibility is communicating with the management team, stakeholders and all relevant authorities when disruptive events occur.
  • DRP management: You should appoint a DRP supervisor to ensure team members are performing the tasks they’ve been assigned, and that the DRP is running smoothly. 
  • Asset protection: You should give someone the job of securing and protecting your most critical assets when a disaster strikes and reporting back on their status to management and stakeholders. 
  • Third party communication: You should make it the responsibility of one person to coordinate with any third-party vendors you’ve hired as part of your DRP. This person should give constant updates on how the DRP is going to any relevant stakeholders. 

To ensure your disaster recovery plan (DRP) unfolds seamlessly during an actual incident, you’ll need to practice it regularly and update it according to any meaningful changes you make to your business. For example, if your company acquires a new asset after your DRP has been formed, you’ll need to incorporate it into your plan to ensure its protected going forward.

Testing and refinement can be broken down into three simple steps.

  • Create an accurate simulation: Try to create an environment as close to the actual scenario your company will face without putting anyone at physical risk.
  • Identify problems: Use the testing process to identify faults and inconsistencies with your plan, then address them in the next iteration of your DRP.  
  • Test your backup and restore capabilities: Seeing how you’ll respond to an incident is vital, but it’s just as important to test the procedures you’ve put in place for restoring your critical systems once the incident is over. Test how you’ll turn networks back on, recover any lost data and resume normal business operations. 

Protect your data with a cloud disaster recovery plan.

Employ a highly durable, scalable, and security-rich destination for backing up your data.

Expand capacity and consolidate data center infrastructure onto an automated and centrally managed software-defined data center with IBM Cloud for VMware Solutions.

Learn about what factors come into play when deciding whether to invest in and manage your on-premises Disaster Recovery (DR) solutions or use Disaster Recovery as a Service (DRaaS) providers.

Learn about technologies and practices for making periodic copies of data and applications, that enable your business to recover in case of a power outage, cyberattack, human error, disaster, or some other unplanned event.

Discover critical similarities and differences between disaster recovery and backup, as well as how these solutions can help you solve your business' most important problems.

SafePass Global

Business Continuity and Recovery Plan

Business continuity and recovery plan.

REVISION 3: 02/12/2021

1. INTRODUCTION 1.1     PURPOSE 1.2     OBJECTIVES 1.3     KEY SAFEPASS ACTIVITIES 1.4     TEAM ROLES AND RESPONSIBILITIES 1.5     BCP COORDINATION TEAM 1.6     BCP RESPONSE TEAM 2. PLAN ACTIVATION PROCEDURES 2.1     WITH WARNING 2.2     WITHOUT WARNING 2.3     IDENTIFICATION OF POTENTIAL DISASTER STATUS 2.4     DIRECTION AND CONTROL 2.5     COMMUNICATIONS PLAN 2.5.1     Staff Communications 2.5.2     Customer Contact 2.5.3     Management and Staff Contact 2.5.4     Suppliers Contact 2.5.5     Media Contact 2.5.6     Other Third Parties 3. CRITICAL BUSINESS FUNCTIONS 3.1     DESCRIPTION OF BUSINESS FUNCTION 3.2     RECOVERY TIME OBJECTIVE (RTO) 3.3     RECOVERY PROCEDURE 3.4     DEPENDENCIES 3.5     OTHER CONSIDERATIONS 4. RECOVERY STEPS APPENDIX A: DISASTER IMPACT ASSESSMENT

1. INTRODUCTION

1.1      purpose.

Business continuity plans are designed to help organizations recover from a disruption in service.  Specifically, this plan provides policy and guidance to ensure SafePass can respond effectively to a disruption and restore essential services to the business as quickly as possible.

1.2      OBJECTIVES

  • Identify advanced arrangements and procedures that will enable SafePass to respond quickly to an emergency event and ensure continuous performance of critical business functions.
  • Reduce employee/contractor injury or loss of life and minimize damage and losses.
  • Protect essential facilities, equipment, vital records, and other assets.
  • Reduce and mitigate disruptions to business operations.
  • Identify managers and other staff who might need to be relocated depending upon the emergency.
  • Identify teams which would need to respond to a crisis and describe specific responsibilities.
  • Facilitate effective decision-making to ensure that SafePass operations are restored in a timely manner.
  • Provide support to employees and employee families during an event so that employees know that the safety of their families has been addressed, and that employees will therefore be available to work and help restore SafePass function.
  • Identify alternative courses of action to minimize and/or mitigate the effects of the crisis and shorten SafePass response time.
  • Quantify the impact of any kind of emergency in terms of dollars, time, services, and work force.
  • Recover quickly from an emergency and resume full service to Customers in a timely manner.

1.3      KEY SAFEPASS ACTIVITIES

  • Provide hardware and software security products
  • Host software systems and infrastructure
  • Technical support for customers

1.4      TEAM ROLES AND RESPONSIBILITIES

BCP Sponsor: SafePass President

Role/Responsibilities:

Assist Coordinator to draft project work plan and draft BIA questionnaire.  Complete BIA questionnaire.  Assign other staff as necessary to complete project.  Send out periodic emails to all staff providing project updates.

BCP Coordinator: SafePass Technical Manager

Draft work plan necessary to develop the BCP.  Draft BIA questions for staff to answer.  Conduct interviews with all staff members.  Compile information and draft BCP.

For emergency contact information for members of all teams, see separate calling tree lists.  These separate lists include cell phone numbers, home phone numbers, home email addresses, as applicable.

1.5      BCP COORDINATION TEAM

This team is responsible for drafting and finalizing SafePass’ business continuity and recovery plan.  This includes developing a project work plan outlining the steps necessary to draft the plan and ensuring that each step is completed.  This team will finalize the questions to be asked as part of the Business Impact Analysis (BIA) process.  Each team member will fill out a BIA questionnaire and will also assign staff within his/her own division to answer BIA questions, as necessary.  This team will meet periodically to review project progress, will revise work plan as necessary, and will edit and approve the final plan.

1.6      BCP RESPONSE TEAM

This team is responsible for responding in the event of a disaster.  This includes assessing potential damage to SafePass assets.  This also includes taking lead responsibility for ensuring that SafePass can function effectively during a crisis and can resume business operations as quickly as possible.

2. PLAN ACTIVATION PROCEDURES

2.1         with warning.

It is expected that in some cases, SafePass will receive a warning at least a few hours prior to an event.  This will normally enable the plan to be enacted with an orderly notification and evacuation of staff.

2.2      WITHOUT WARNING

The ability to execute this plan following an event with little or no warning will depend on the severity of the emergency and the number of SafePass personnel who have been affected by the event.

  • Non-Duty Hours:   Although SafePass assets may be rendered inoperable, it is likely that the majority of SafePass staff could be alerted and deployed as needed.
  • Duty Hours:   If possible, this plan will be activated, and the pre-designated available staff will be deployed.

2.3      IDENTIFICATION OF POTENTIAL DISASTER STATUS

Criteria for determining whether a particular emergency situation requires that emergency actions be taken or the BCP be enacted include:

  • Is there an actual or potential threat to human safety?
  • Is there likely to be a need to involve emergency services?
  • Is there an actual or potential serious threat to buildings or equipment?
  • Is there an actual or potential loss of IT/network?
  • Is there an actual or potential loss of workforce?

2.4      DIRECTION AND CONTROL

  • Lines of succession will be maintained by all managers reporting to ensure continuity of essential functions.  If possible, successions should be provided to a depth of at least three staff where policy and directional functions are involved.
  • SafePass President or designated back-up (successor) may order activation of SafePass business continuity plan.

2.5      COMMUNICATIONS PLAN

During a crisis situation, communication with all affected parties – from staff to customers to media – is vital.  The information provided to all audiences must be accurate and timely to:

  • Help prevent loss of life and property
  • Warn and inform people in danger about the threat, and tell them what they can do to reduce their risk
  • Improve appropriate Customer response to future emergencies and disasters through education.

In particular, any estimate of the timing to return to normal working operations should be announced with care.  It is also very important that only authorized personnel deal with media inquiries.

2.5.1           Staff Communications

If a staff member learns of a potential crisis situation, the staff person should immediately contact SafePass President or communications director.

If the building structure is in question, staff should not enter the building.

2.5.2           Customer Contact

The communication director or designee will develop an official statement for customers.  Depending upon the type and severity of the event, the statement may be issued in the following ways:

  • Through local media
  • Scheduled customers may be called or e-mailed
  • Notice may be posted at the affected facility or facilities

SafePass President will record a message on SafePass’ main phone line briefly explaining the crisis and directing callers to the SafePass web site (if available) for additional information and updates.

2.5.3           Management and Staff Contact

SafePass President or designee will develop an official statement for managers and staff.

If the event happens during work hours, and depending upon the severity of the event:

  • Staff may be sent home
  • Staff may be asked to assist in implementing work-around procedures

If the event happens after work hours, or becomes a multi-day event, staff will be contacted through:

  • Employee call trees
  • A call-in number for information about which types of employee positions are to report to work
  • Information posted to SafePass web site

In general, the employee call tree involves the following; SafePass President calls all members of the Management Team and shall leave a voice mail message at cell and home phone numbers instructing employees on the status of SafePass offices and where to report.  Staff should be instructed to refer all media inquiries to the communications director.  

2.5.4           Suppliers Contact

The contracts and procurement manager will be the sole contact with suppliers during the business recovery phase.  The facilities manager will use emergency procurement procedures and receive authorization for emergency purchases from SafePass President or designee.

2.5.5           Media Contact

Once an event occurs, the communications director will develop official “Customer statements” to respond to questions frequently asked by the media and Customers.  The communications director will provide these statements to SafePass President or designee for review and approval before providing the statements to any external parties.

The communications director will develop statements to respond to the following questions:

  • What happened?
  • When did it happen?
  • How is state government affected by this incident?
  • How much damage was done to the building?
  • How many people work in the building (including other agencies, if applicable)?
  • Did you have to evacuate the building?  What time?  Was it a total or partial evacuation?
  • What corrective measures are being taken to ensure that this doesn’t happen again?
  • When can employees come back to work?
  • How will this event affect SafePass’ service to Customers?

Depending on the nature of the crisis, determine if a technical expert or a Customer official with specific jurisdiction is required to provide clarity to the situation and/or disseminate information to the media.

If anyone other than the communications director will communicate with the media (e.g., technical expert, field office manager), the communications director will provide those people with the following:

  • Spokesperson guidelines
  • List of potential questions
  • Appropriate statements and responses
  • Communications director’s cell phone and home phone numbers

If necessary, the communications director shall also:

  • Select and acquire a “media briefing center.”  Ensure that the briefing center is large enough for one-on-one interviews.
  • Acquire updates regarding the event occurrence and status of injured employees.
  • Arrange interviews and press conferences, as required.
  • Coordinate with other agencies to disseminate information to external parties, if appropriate.

The communications director shall also develop “media kits”/press releases containing the following information for distribution to various newspapers, television stations, and radio stations:

  • Location of event
  • General description of event (stated as positively as possible)
  • Corrective measures being taken
  • Description of impacts (non-monetary and stated positively)
  • Media contact made

Finally, the communications director shall ensure that media and internal response information is recorded/documented for the duration of the recovery effort.

2.5.6           Other Third Parties

The communications director shall be primarily responsible for all contact with other third parties.  If appropriate, after consulting with SafePass director, the communications director will provide information to other staff to assist in responding to these requests for information.

3. CRITICAL BUSINESS FUNCTIONS

3.1      description of business function.

Ensure that Customer funds are properly accounted for, spent in accordance with legal requirements, and used to the best advantage.  The President conducts audits by completing the following processes:

  • Management of databases info/network security
  • Business office functions
  • Computer support/helpdesk
  • Financial audits
  • Management of library and reference materials

3.2      RECOVERY TIME OBJECTIVE (RTO)

72 hours – this plan is based on the assumption that any potential disruption occurs in critical timeframes during peak volume.  Working with this assumption, 40% of business processes must be recovered within 72 hours, 65% within 1 week, and 85% of business processes must be recovered within 1 month.

The timing of this disruption, more than anything else, will determine the RTO for specific processes.  A disruption during non-peak timeframes will allow RTOs to be more lenient.

3.3      RECOVERY PROCEDURE

The recovery procedure will depend largely upon how quickly access to computers can be restored.  If remote computer access is functional, pre-identified staff will be asked to work remotely until an alternate site is available.  Communication will be conducted by phone until computer systems are installed, or restored, to allow email communication.  If computer systems will not be available at the alternate site for more than 1 week, we will implement use laptops and electronic forms, if available, to perform this critical business function.

When computer systems are available, work will continue at the alternate location until the headquarters office is again available.

The recovery procedure also depends upon the length of time the power is anticipated to be out.  If we anticipate power will return in two days or less, we will use the call tree to let employees know not to report to work until further notice, unless they will be reporting to a remote worksite that is unaffected by the outage.

If we anticipate the power will be out longer than two days, the recovery procedure consists of implementing manual procedures at a third-party location to coordinate the conduct of audits.  Communication will be conducted by phone until computer systems are installed, or restored, to allow e-mail communication.  If computer systems will not be available at the alternate site for more than 1 week, we will implement a paper process.  When computer systems are available, business functions will be completed at the alternate location until the headquarters office is again available.

The recovery procedure consists of working with IT to restore normal systems.  After an emergency declaration we may purchase outside of contract if necessary to expedite recovery.  We may need temporary IT assistance to reconfigure and restore the system in a timely fashion.

The recovery procedure depends upon the length of time the computer system is anticipated to be out.  If we anticipate restoration in two days or less, we will complete those processes that do not require the affected computer systems.

If we anticipate the network or computer failure will exceed two days, our plan consists of implementing manual procedures at our main office until computer systems become available.

When computer systems are available, all business processes will continue as normal, and all manual/paper work will need to be recorded in the computer systems retroactively.

3.4      DEPENDENCIES

This plan is dependent upon having the designated alternate worksite available during the time that our facility is inaccessible.  If a wide-scale disaster is the cause of the loss, our alternate site may not be available.

This plan is dependent upon having the designated alternate worksite available, and with power, during the time that the facility is without power.  This plan is dependent on power being restored no later than 30 days after a disaster has been declared.

This plan is dependent on the functionality of remote access to allow staff to work from remote sites.  This plan is dependent on the availability of new equipment and the timeliness of delivery.

3.5      OTHER CONSIDERATIONS

If a wide scale disaster and/or power outage is the cause of the loss, we will revert to paper-based methods whenever possible.  In addition, we will contact our customers to let them know of potential services delays.

Depending upon the amount of downtime, we may need to use temporary staff to assist us in both the manual process and the process of entering all manual work into the computer system once access is restored.

4. RECOVERY STEPS

q        Step 1 – Contact BCP Response Team and arrange for a meeting.

q        Step 2 – BCP Response Team meets and reviews plan steps.

q        Step 3 – Assess damage to SafePass facility and systems.

q        Step 4 – Alert alternate site location to begin setting up for incoming staff.

q        Step 5 – Contact Phones to redirect phone lines.

q        Step 6 – Contact utility services.

q        Step 7 – Meet with Alternate Site management to review operating procedure.

q        Step 8 – Contact Alternate site staff and IT staff with directions for deployment.

q        Step 9 – Contact IT and determine when computer services will be available.

q        Step 10 – Contact customers, vendors, etc. and inform them of possible delays.

q        Step 11 – Announce relocation to media outlets.

q        Step 12 – Establish communication with customers at Alternate Site.

q        Step 13 – Complete priority business processes at Alternate Site.

q        Step 14 – Relocate remaining staff as needed, as space and capability become available, to complete the function at the Alternate Site.

q        Step 15 – Notify and update users as systems become available.

q        Step 16 – Resume normal operations.

APPENDIX A:  DISASTER IMPACT ASSESSMENT

THE FOLLOWING STATUS LEVELS SHOULD BE APPLIED:

Click here to add your own text

Latest News

business recovery plan steps

11801 Domain Blvd. Suite 300 Austin, TX 78758

E-mail: [email protected]

Mon – Fri: 8 AM – 5 PM Sat – Sun: CLOSED

business recovery plan steps

5 Steps for Building a Data Disaster Recovery Plan (Free Disaster Recovery Template)

Learn what it takes to make an effective disaster recovery plan and the crucial steps involved. Don’t lose your business after the loss of data.

What is a disaster recovery plan?

Generally speaking, a disaster recovery plan is a document that outlines what a business will do to recover after a disaster. But more specifically for the IT world, a data disaster recovery plan outlines an effective strategy to return your business to operating capabilities after a loss or breach of data due to a disaster.

Disaster recovery plan steps detail how data will be recovered and IT infrastructure rebuilt to bring your business back online and operational. A good disaster recovery plan should be effective, strategic, well-thought-out, and also manageable. It should include goals, including recovery time and recovery point objectives so that it’s clear what everyone will be working toward if the plan is ever implemented.

What could cause a data disaster?

Nearly all businesses today rely on data as a primary or secondary resource for their operations. Interconnectedness is at an all-time high, but cybercrime is also at its peak across the globe. Therefore, several threats to your data can be planned for. Disaster causes can include:

  • Hacker or malware attacks
  • Natural events (earthquakes, flooding, fires, volcanic eruptions, storms, etc.)
  • War and other violent conflicts
  • Power failures
  • Hardware or software failures
  • Network failures

In some instances, even new legislation could cause a disaster for your business if it restricts the flow or ownership of data.

No one knows when a disaster could strike, but having a plan in place will help your business get back on its feet as efficiently as possible.

How to develop a disaster recovery plan: 5 essential steps to include

Developing a disaster recovery plan involves some time and resources but is more manageable than you might think. It’s important to ask whether you can afford not to create a plan that will help your business survive in the event of a data disaster.

The goals of creating your plan are simple. It should set out a strategy that will help minimize delays and provide a sense of security for your organization. A good plan also should help you take action to ensure you have reliable standby and backup systems in place. And it should lay out choices to make so that a limited number of decisions have to be made under the stress and duress of the disaster so as not to make matters worse. If you want to know how to plan for disaster recovery, look at these five important steps to include in your plan.

1. Have a response team ready and assign duties

This is arguably the most important of all the disaster recovery plan steps. Having a team ready with pre-arranged duties is the best way to ensure everyone knows who will do what. Systems operate in set ways under set parameters, but humans don’t, and the stress of a disaster situation is sure to affect how people in your business react. That’s why this part of the planning is so crucial because it takes a lot of the human error element out of the equation. At the same time, if no one was assigned duties, nothing might get done at all, so people are, of course, still needed.

Team members should be selected based on their skills and areas of knowledge, but also their ability to be present and work during a crisis. This means that remote workers or people who are away for travel frequently may be poor choices. The response team should be composed of enough people to tackle the necessary tasks and can be broken down into smaller teams, such as a software team, data storage team, facilities team, computer restoration team, etc., as needed.

But more than selecting a team and assigning duties is needed to be prepared. The team should also be trained on their roles and run through practice scenarios to gain practical experience.

2.  Set clear objectives and timelines

All good plans, be they database disaster recovery plans or otherwise, require clear objectives to succeed. These objectives must be clearly stated and agreed upon so that everyone involved knows their shared goals. They should also be practical and attainable in a disaster situation. “Get everything back online within one hour” is an optimistic goal but not one that will be attainable for most businesses under most circumstances.

Because time is of the essence in data management, it’s crucial that your objectives are also time-oriented. Timelines can be made for the expected steps of the disaster recovery process, and sticking to these timelines should be made of paramount importance.

One way of setting clear, timely goals is to set RTOs and RPOs.

Your RTOs or recovery time objectives represent how long your business can manage to have an application offline before being negatively affected. You may have different RTOs for different aspects of your business, depending on how crucial speed is to each component. Lower RTOs apply to systems that can’t be down for more than a few seconds, while higher RTOs apply to systems that can be down for weeks without negative impacts. One example is email. If IT is continuously backing up employees’ emails, and someone deletes an email, because of the granular backup and recovery, this would have an RTO of only several minutes.

RPOs, on the other hand, are recovery point objectives. Rather than a measure of time, this is the amount of data that your business can afford to lose before a negative impact is felt. It can therefore indicate the frequency with which your data needs to be backed up. For example, a very short RPO of 10 to 30 seconds, means that data must be backed up frequently. Having this set will allow you to know if your infrastructure is sufficient to protect your data needs in case of a disaster.

3.  Gather the necessary preliminary information

Disaster recovery planning depends on being prepared, and here knowledge is definitely power. Gathering information to create your plan can include many different activities and the more clear information you can collect, the better.

One excellent way to manage this information is to create a blueprint of your entire network. And you’d be surprised how many organizations actually don’t already have one. This will help you identify flows of data that could be at risk and, therefore, both plan for prevention and recovery. It can also be worthwhile to speak with workers to determine their data needs and usage patterns. And, of course, gathering this information will help you figure out which of your data assets are most valuable so you know which ones need to receive the most attention.

Finally, the past always informs the future. Looking into any past data disaster events can give you much insight into how to both prevent and recover from potential future ones.

4. Identify what the most serious threats are

Is your business active in the flow of finance? Do you handle a vast medical information database? If so, your primary threats might be hackers and malware trying to gain access to your data. As such, an effective dr plan will include disaster recovery procedures related to leaks or data piracy.

What about the physical location of your business and servers – is there any specific risk of flooding, storms, or earthquakes in your specific region? If you’re located near a fault line, a river, or a volcano, your planning might be different. Instead, or perhaps in addition to cybercrime, your system disaster recovery plan may focus on getting back on your feet in case that specific natural disaster hits.

5. Document the entire disaster recovery process

As a part of your data recovery plan, it’s important to include reporting. This can take the form of checklists of forms to fill out when steps are completed, including room to give praise or criticism to what works and what doesn’t.

Preparing a documentation process as a part of your plan will ensure that valuable information about the steps taken isn’t lost and, instead, can contribute to any future planning that might take place.

Implement a disaster recovery plan today

Data recovery plan implementation can be a daunting task, especially for businesses that have never gone through this procedure before. However, with ransomware, malware, and natural disasters looming in just about every corner of the business world, a disaster recovery plan is becoming less of an option and more of a necessity for most businesses.

Disaster recovery plan steps include selecting a team, setting goals, gathering information, risk assessment, testing, and creating documentation processes to create a comprehensive strategy for your business. Data storage companies like Corodata can help with many of these planning stages and offer multiple storage solutions to protect your data and get you back on track if a disaster ever strikes.

Reach out to Corodata to learn more about building a disaster recovery plan and protecting your data today.

Disaster Recovery Plan - Download the Free Template Today

Reduce the business impact of disasters with our Disaster Recovery Plan template. The goal of a disaster recovery plan is to respond to disasters or emergencies impacting information systems while minimizing business disruption.

business recovery plan steps

Do you know what documents you are supposed to be shredding?

Get our what to shred poster and hang it around the office so your employees are informed.

What To Shred

Your privacy is respected

Read more on our privacy policy

Privacy Overview

Backup & Recovery

High availability and disaster recovery: key differences and where they connect.

Avatar photo

The difference between high availability and disaster recovery

High availability mitigates risks involved with relatively small disruptions that are likely to occur more frequently, while disaster recovery provides a safety net against unique and infrequent system outages like natural disasters that occur less frequently or, ideally, never. Disaster recovery takes over when high availability falls short. Using them in combination, your organization can be assured of resilience in the face of most problems that will befall your IT landscape.

However, both high availability and disaster recovery play a role in business continuity planning, each with a different focus and applicability.

High availability

As noted above, the focus of high availability is on maximizing productive uptime by keeping services, applications and entire systems always running. In spite of occasional problems and low-severity outages, the goal of high availability is to maintain user access to IT services.

Typical elements in high-availability architecture include failover, so that a backup system can be activated in case of failure, and redundancy, to eliminate single points of failure. They also include the ability to load-balance, or distribute workloads, across multiple systems (usually servers) to reduce congestion.

Which kinds of service disruptions does high availability address? Its main value lies in scenarios like short-term power outages, device failures, server crashes and problems with network throughput.

Disaster recovery

With the goal of keeping your business afloat, disaster recovery is designed to return your users to productivity promptly after a large disruption.

Your disaster recovery strategy and practices extend to the software you use to back up your data and applications regularly and to restore them when needed. Since disaster can render your primary IT infrastructure unusable, your strategy includes a fallback location elsewhere and readiness for long-term reliance on that fallback location.

Organizations turn to disaster recovery in circumstances such as fire, flooding, devastating cyberattacks, earthquakes and extended periods without electricity.

How high availability and disaster recovery support and reinforce each other

As part of considerations in your business continuity strategy, disaster recovery and high availability are interwoven in several ways:

  • Relationship – It is advisable to think of high availability as part of a disaster recovery strategy, with a smooth transition from the former to the latter.
  • Crossover – Get the best of both worlds. High-availability systems are not designed for full recovery, but they usually incorporate failover techniques and redundancies that can shorten recovery time in the wake of a disaster.
  • Complementary effects – High availability is a way to lower the operational costs of overcoming frequent, limited disruptions. That dovetails with the way disaster recovery reduces downtime and keeps the business from succumbing to large-scale outages.
  • Data protection – Similarly, both approaches protect your data from loss . High availability keeps data and applications in sync across redundant systems, prepared for replication and quick recovery in a disaster scenario.
  • Raised consciousness – Planning for availability and disaster recovery heightens the organization’s awareness about risk and business continuity, setting the tone for resilience with all users.
  • Constant vigilance – When correctly implemented, both high availability and disaster recovery call for periodic testing, which keeps related infrastructure accessible and ready when needed.
  • Preparedness in layers – Because each approach is suited to different scenarios, they afford layered management of the risk that data will be lost. That strengthens your overall defense and reduces your exposure.

Building for high availability and disaster recovery

The line between high availability and disaster recovery is not always cut and dry.

When you think about high availability, the things that come to mind include your servers, your storage and your data. But of those, your data is the most important thing, so disaster recovery has to make your data available again as quickly as possible. Therefore, you might build into your high availability system a method of handling disaster recovery.

The goal is to make your system so resilient that no single point of failure at a production site should give you any major problems. And if you do have major problems at a production site, your disaster recovery should go hand in hand with your high availability. It might take a little bit longer to get going and it may cost you more. But if you’re not willing to invest in high availability, you had better not expect prompt recovery from a disaster.

Example high availability and disaster recovery use cases

Suppose your company has two fully replicated data centers. One of them fails due to flooding and the other takes over. Even though you’ve characterized the flooding as a disaster, it’s your high availability that’s keeping your users productive. It’s not really disaster recovery, because you’ve not had to stop production and take action.

Should your disaster recovery be built into your high availability plans so that you never have to stop production and shift to disaster recovery mode? No backup is of any use to you until you can restore it, so as a matter of business continuity, you need to make sure that you can restore the backup.

The problem with keeping data highly available is that you’re constantly discarding data that you’ve replicated in real time. Then what do you do? You have to go to your backup and restore an earlier copy of the data. But at what point do you want to shift to disaster recovery? It’s probably a disaster if a whole data center goes offline, but is it a disaster if one server goes down? As soon as you’ve lost data in your highly resilient system and need to restore it, then you’ve shifted to disaster recovery mode to get that data back.

So is there a crossover? Certainly. Do they go hand in glove? Yes, your disaster recovery planning should include highly available systems because you’re building an entire insurance policy across everything: your service, storage, platform, applications and data. You don’t want to lose a minute of uptime. But if you do, you have to invoke a different part of your plan, which is to restore from backups.

That’s why an important element of your data protection strategy is to define “disaster” for your business.

Considerations to keep in mind when walking the line between high availability and disaster recovery

Define “disaster” for your business.

Imagine that one of your databases stops responding to your enterprise resource planning (ERP) application. Is it that a table has become corrupted, or is your entire suite of SQL Servers down? If the former, your high-availability solution will probably suffice because it protects against smaller outages. If the latter, you may need disaster recovery because it protects against larger-scale outages.

But what does the business itself consider a disaster? Along the spectrum between a broken coffee maker and a fire in the data center, what rates as a disaster in your organization?

It’s a matter of different levels of severity. If, for instance, a network router goes down, in most organizations that doesn’t call for disaster recovery. Sure, the effects can be so widespread that you couldn’t call it anything except a disaster, but it’s more likely a lack of availability at a single point of failure. In some cases, the lack of high availability would entail as much risk and generate as many headaches as most disaster scenarios.

Take a look at your business insurance requirements

It’s not uncommon for insurance carriers to require that you meet certain levels of data protection, without which they will either demand higher premiums or decline to insure you. Why? Because data is now another asset, like a building or a furnace.

Carriers expect you to qualify for insurance not only by having a backup of your data, but also that you keep multiple copies, encrypt them and use immutable backups . They ask pointed questions about business continuity and your disaster recovery plan.

Document your disaster recovery plan

To fulfill those insurance requirements, it’s prudent to build out and document a plan for the steps you’ll follow for each type and severity of disruption you face. What will you do if multiple users accidentally delete important email, or if 50 virtual machines are suddenly corrupted or lost? When you set out your procedures in advance, you leave yourself valuable guidance for when things go sideways. Plus, it’s easier to contemplate recovery from one relatively small disruption at a time than to wrap your head around recreating your entire IT landscape.

Create your plan with an eye to the relative importance of the data involved. For example, email may seem like the highest priority, but what about the database behind your ecommerce website? It holds all your transactions that are of real value to the business, so wouldn’t that be more important to your bottom line? Examine each data set and ask, “What if that went wrong?” You apply a disaster recovery process to that, implement high availability across multiple servers and back up the data set regularly as well. That gives you a plan for that system, so you move on to the next system and create a plan for it.

Once you have the small-scale plans in place, you can establish an order for executing them in case of a large-scale disruption.

Most of all, creating and documenting your plan in this way ensures that the entire library of institutional knowledge is not locked inside one administrator’s head.

Enforce change control

As high availability and disaster recovery plans are being put in place, make sure that change control processes are solid and compatible with the potential growth of organizational systems. System changes – including updates, patches and upgrades – almost always introduce problems, and with robust change control you can anticipate the effects of those changes.

We’ve seen a small percentage of companies that are appropriately rigorous about change control. They establish rules that prohibit the roll-out of any new production applications or data sets unless backup and data protection have been provided for.

That’s prudent, because it’s normally the other way around. Much more often, we see IT teams with jam-packed task lists, rolling a new workload into production before they’ve figured out how to back it up. Too late they realize that their current backup software isn’t well suited to it, so they have to buy a new backup product for that alone. Worse yet, they may procrastinate – “We’ll sort that out later” – and the application or data set never gets backed up. That’s an example of a change that needs control wrapped around it.

Your first task is to evaluate each of your workloads for data protection and answer three main questions:

  • Do we need to make it highly available?
  • Does it need disaster recovery?
  • Do we need to back it up?

As you establish priorities, you’ll realize that some workloads and endpoints are more important than others. Print servers, for example, may be important during business as usual, but business isn’t usual when you’re recovering from a disaster, so emphasize data protection where it most counts.

When you combine the small-disruption focus of high availability with the large-outage focus of disaster recovery, you equip IT for the resilience and the continuity planning businesses need to thrive.

9 steps to building a business-oriented disaster recovery plan

About the author.

Avatar photo

Adrian Moir

Related articles.

High availability architectures

High availability architecture: Considerations and techniques to achieve five 9s

Learn how high availability architecture keeps systems operational during outages and aims to reach five 9s of availability.

  • Data Operations

Disaster recovery data loss

Disaster recovery strategies to reduce downtime and data loss

Disasters come in all shapes and sizes - learn how to develop your own strategy for disaster recovery data loss and how to reduce downtime.

Data resiliency

9 practical data resiliency steps organizations should consider

Data resiliency ensures data availability and usability despite disruptions. Follow these 9 tips to improve your data resilience.

Subscribe for Quest blog updates

Please turn off your ad blocker and refresh the page to subscribe.

You may withdraw your consent at any time. Please visit our Privacy Statement for additional information

CDC plans to drop five-day covid isolation guidelines

business recovery plan steps

Americans who test positive for the coronavirus no longer need to routinely stay home from work and school for five days under new guidance planned by the Centers for Disease Control and Prevention.

The agency is loosening its covid isolation recommendations for the first time since 2021 to align it with guidance on how to avoid transmitting flu and RSV, according to four agency officials and an expert familiar with the discussions.

CDC officials acknowledged in internal discussions and in a briefing last week with state health officials how much the covid-19 landscape has changed since the virus emerged four years ago, killing nearly 1.2 million people in the United States and shuttering businesses and schools. The new reality — with most people having developed a level of immunity to the virus because of prior infection or vaccination — warrants a shift to a more practical approach, experts and health officials say.

“Public health has to be realistic,” said Michael T. Osterholm, an infectious-disease expert at the University of Minnesota. “In making recommendations to the public today, we have to try to get the most out of what people are willing to do. … You can be absolutely right in the science and yet accomplish nothing because no one will listen to you.”

The CDC plans to recommend that people who test positive for the coronavirus use clinical symptoms to determine when to end isolation. Under the new approach, people would no longer need to stay home if they have been fever-free for at least 24 hours without the aid of medication and their symptoms are mild and improving, according to three agency officials who spoke on the condition of anonymity to share internal discussions.

Here is the current CDC guidance on isolation and precautions for people with covid-19

The federal recommendations follow similar moves by Oregon and California . The White House has yet to sign off on the guidance that the agency is expected to release in April for public feedback, officials said. One agency official said the timing could “move around a bit” until the guidance is finalized.

Work on revising isolation guidance has been underway since last August but was paused in the fall as covid cases rose. CDC director Mandy Cohen sent staff a memo in January that listed “Pan-resp guidance-April” as a bullet point for the agency’s 2024 priorities.

Officials said they recognized the need to give the public more practical guidelines for covid-19, acknowledging that few people are following isolation guidance that hasn’t been updated since December 2021. Back then, health officials cut the recommended isolation period for people with asymptomatic coronavirus from 10 days to five because they worried essential services would be hobbled as the highly transmissible omicron variant sent infections surging. The decision was hailed by business groups and slammed by some union leaders and health experts.

Covid is here to stay. How will we know when it stops being special?

The plan to further loosen isolation guidance when the science around infectiousness has not changed is likely to prompt strong negative reaction from vulnerable groups, including people older than 65, those with weak immune systems and long-covid patients, CDC officials and experts said.

Doing so “sweeps this serious illness under the rug,” said Lara Jirmanus, a clinical instructor at Harvard Medical School and a member of the People’s CDC, a coalition of health-care workers, scientists and advocates focused on reducing the harmful effects of covid-19.

Public health officials should treat covid differently from other respiratory viruses, she said, because it’s deadlier than the flu and increases the risk of developing long-term complications . As many as 7 percent of Americans report having suffered from a slew of lingering covid symptoms, including fatigue, difficulty breathing, brain fog, joint pain and ongoing loss of taste and smell, according to the CDC.

The new isolation recommendations would not apply to hospitals and other health-care settings with more vulnerable populations, CDC officials said.

While the coronavirus continues to cause serious illness, especially among the most vulnerable people, vaccines and effective treatments such as Paxlovid are available. The latest versions of coronavirus vaccines were 54 percent effective at preventing symptomatic infection in adults, according to data released Feb. 1, the first U.S. study to assess how well the shots work against the most recent coronavirus variant. But CDC data shows only 22 percent of adults and 12 percent of children had received the updated vaccine as of Feb. 9, despite data showing the vaccines provide robust protection against serious illness .

Coronavirus levels in wastewater i ndicate that symptomatic and asymptomatic infections remain high. About 20,000 people are still hospitalized — and about 2,300 are dying — every week, CDC data show. But the numbers are falling and are much lower than when deaths peaked in January 2021 when almost 26,000 people died of covid each week and about 115,000 were hospitalized.

The lower rates of hospitalizations were among the reasons California shortened its five-day isolation recommendation last month , urging people to stay home until they are fever-free for 24 hours and their symptoms are mild and improving. Oregon made a similar move last May.

California’s state epidemiologist Erica Pan said the societal disruptions that resulted from strict isolation guidelines also helped spur the change. Workers without sick leave and those who can’t work from home if they or their children test positive and are required to isolate bore a disproportionate burden. Strict isolation requirements can act as a disincentive to test when testing should be encouraged so people at risk for serious illness can get treatment, she said.

Giving people symptom-based guidance, similar to what is already recommended for flu, is a better way to prioritize those most at risk and balance the potential for disruptive impacts on schools and workplaces, Pan said. After Oregon made its change, the state has not experienced any disproportionate increases in community transmission or severity, according to data shared last month with the national association representing state health officials.

California still recommends people with covid wear masks indoors when they are around others for 10 days after testing positive — even if they have no symptoms — or becoming sick. “You may remove your mask sooner than 10 days if you have two sequential negative tests at least one day apart,” the California guidance states.

It’s not clear whether the updated CDC guidance will continue to recommend masking for 10 days.

Health officials from other states told the CDC last week that they are already moving toward isolation guidelines that would treat the coronavirus the same as flu and RSV, with additional precautions for people at high risk, said Anne Zink, an emergency room physician and Alaska’s chief medical officer.

Many other countries, including the United Kingdom, Denmark, Finland, Norway and Australia, made changes to isolation recommendations in 2022. Of 16 countries whose policies California officials reviewed, only Germany and Ireland still recommend isolation for five days, according to a presentation the California public health department gave health officials from other states in January. The Singapore ministry of health, in updated guidance late last year, said residents could “return to normal activities” once coronavirus symptoms resolve.

Even before the Biden administration ended the public health emergency last May, much of the public had moved on from covid-19, with many people having long given up testing and masking, much less isolating when they come down with covid symptoms.

Doctors say the best way for sick people to protect their communities is to mask or avoid unnecessary trips outside the home.

“You see a lot of people with symptoms — you don’t know if they have covid or influenza or RSV — but in all three of those cases, they probably shouldn’t be at Target, coughing, and looking sick,” said Eli Perencevich, an internal medicine professor at the University of Iowa.

Coronavirus: What you need to know

New covid variant: The United States is in the throes of another covid-19 uptick and coronavirus samples detected in wastewater suggests infections could be as rampant as they were last winter. JN.1, the new dominant variant , appears to be especially adept at infecting those who have been vaccinated or previously infected. Here’s how this covid surge compares with earlier spikes .

Covid ER visits rise: Covid-19, flu and RSV are rebounding in the United States ahead of the end-of-year holidays, with emergency room visits for the three respiratory viruses collectively reaching their highest levels since February.

New coronavirus booster: The Centers for Disease Control and Prevention recommends that anyone 6 months or older get an updated coronavirus shot , but the vaccine rollout has seen some hiccups , especially for children . Here’s what you need to know about the new coronavirus vaccines , including when you should get it.

  • CDC plans to drop five-day covid isolation guidelines February 13, 2024 CDC plans to drop five-day covid isolation guidelines February 13, 2024
  • Is this covid surge really the second biggest? Here’s what data shows. January 12, 2024 Is this covid surge really the second biggest? Here’s what data shows. January 12, 2024
  • Covid kills nearly 10,000 in a month as holidays fuel spread, WHO says January 11, 2024 Covid kills nearly 10,000 in a month as holidays fuel spread, WHO says January 11, 2024

business recovery plan steps

Uber hits record high after unveiling first-ever $7 bln share buyback

Logo of Uber is seen at a temporary showroom during the World Economic Forum in Davos

Reporting by Yuvraj Malik and Samrhitha Arunasalam in Bengaluru; Editing by Shounak Dasgupta

Our Standards: The Thomson Reuters Trust Principles. , opens new tab

The Apple logo is seen hanging at the entrance to the Apple store on 5th Avenue in Manhattan

Advisory firm Ankura launches generative AI tool crafted with ChatGPT developer

Advisory and forensic accounting firm Ankura Consulting said on Friday it had launched a custom, generative Artificial Intelligence (AI) tool developed in partnership with Microsoft-backed firm and ChatGPT creator OpenAI.

Small toy figures are seen in front of Google logo in this illustration picture

IMAGES

  1. Three New Steps For Business Recovery Plan Process

    business recovery plan steps

  2. Business Continuity & Disaster Recovery 101

    business recovery plan steps

  3. How to create an effective business continuity plan?

    business recovery plan steps

  4. What is a Disaster Recovery Plan (DRP) and How Do You Write One?

    business recovery plan steps

  5. Your Complete Business Recovery Plan for 2022

    business recovery plan steps

  6. Tips for Successful Business Continuity and Disaster Recovery Planning

    business recovery plan steps

COMMENTS

  1. Five Strategic Steps Toward Business Recovery

    A key aspect of business recovery is creating a solid strategy with actionable steps to turn things around. This starts with a clear vision, defined objectives and realistic targets. Once you've ...

  2. Step-by-Step Guide: How to Build a Business Recovery Plan

    Here are some key concepts to consider when creating a disaster recovery plan for your small business: Prioritize employee health and safety. The health, safety, and wellbeing of your employees and customers should always be your top priority. Address any immediate needs and concerns first, including creating guidelines that support sick ...

  3. PDF Business Recovery Plan

    A business recovery plan is a critical component of any company's survival strategy, and the fact that you're crafting one demonstrates a high level of commitment ... and determine next steps. A recovery phase—implementing the requirements for operating within a non-business-as-usual scenario. Once the response phase is over, tasks in ...

  4. Recover from disasters

    Planning is one of the most important elements of recovery. Writing and implementing a business continuity plan will help you minimize financial loss when your business faces a disaster. Your business continuity plan should: Identify and document critical business functions and processes. Organize a business continuity team.

  5. Guide to Creating Your Business Recovery Plan

    Plan with data-driven decisions. In a previous post on How to Leverage Data to Create an Effective Business Continuity Plan, we explored the 5 steps towards creating a BCP, namely: Business Impact Analysis. Risk Assessment. Risk Mitigation Strategy. Crisis Management Team. Test and Maintain.

  6. Business continuity plan (BCP) in 8 steps, with templates

    Develop a business continuity plan (BCP), and include or add an IT disaster recovery plan (DRP) and incident response plan (IRP). These plans should include information on what situations trigger the plan's activation. For example, the DRP is typically activated if IT infrastructure (hardware or software) is affected.

  7. Small business recovery plan: What to include

    As part of your small business recovery plan, you need to think about what logistical changes are needed for safe business operations. This could include changes such as: Increasing sanitization frequency. Implementing curb-side pick up. Creating a rotating schedule for in-office employees.

  8. Your Complete Business Recovery Plan for 2022

    A business recovery plan helps companies prepare best measures for unfortunate events to limit effects to the business in general, the workforce, facilities, tools, and operations. While there is no catch-all business disaster recovery plan, having one ready gives you peace of mind, simplifies the decision-making process, and mitigates the long ...

  9. Business recovery and continuity: planning for multiple scenarios

    Step 2: Identify the most likely scenarios and develop strategic postures for each. As you build your portfolio of scenarios, solidify how you can best implement the scenarios given the assets you have. Consider which assets you need to focus on and develop further. The ideal number of scenarios is three.

  10. How to Build a Disaster Recovery Plan for Your Small Business

    But you can build a recovery plan to get your business up and running ASAP. Here are six steps you can take to get started. Become an integral voice in the world's largest business organization when you join the U.S. Chamber of Commerce as a small business member.

  11. 9-step disaster recovery plan for your small business

    Implement this 9-step disaster recovery plan before it's too late. There's nothing more frustrating than doing everything in your power to be successful, only to see forces out of your control—such as a hurricane, a fire or cyberattack—suddenly render your business inoperable. What's worse, disasters can have a devastating impact on ...

  12. Company Recovery Strategies

    Retrenchment strategies are generally short-term-focused to fix a crisis situation. 2. Turnaround Strategies. Turnaround strategies are more revenue-oriented. These strategies focus on improving the long-term vitality of a company. Some examples include introducing new pricing models or developing new products.

  13. Business Continuity Planning

    Business Continuity Training Part 3: Planning Process Step 1. The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should "prepare" to create a business continuity plan. View on YouTube.

  14. Create a business recovery plan

    Business recovery planning. In some cases, such as a pandemic, there may be several steps and stages of recovery. For example, a lockdown may occur several times and the business will need to recover operations as quickly as possible after each event. Unlike an incident response plan, the business recovery plan has a longer-term view.

  15. Taking Care of Business: How to Write a Business Recovery Plan

    There are four main types of dependencies: 1. Application dependencies. Applications needed for the process (and how will you work if those are not available). 2. Equipment dependencies. The gear that must be available in order for your recovery plans to work. 3. Third-party dependencies.

  16. Quick Start Guide to Business Continuity and Data Recovery

    When developing a BCP, it is important to identify the critical, nice to haves, and wants of the business. Disaster Recovery Plan, for the point of the Quick Start Guide, includes step by step recovery plans for applications, vendor contact information, and recovery prioritization of the system that support the business. Initiation of the plan ...

  17. Business Recovery Plan Template

    What is a Business Recovery Plan? A business recovery plan outlines the steps a business should take in order to respond to a disruption or crisis. It should include strategies and plans that allow a business to quickly recover and continue operations. It should also include contingency plans in case of a prolonged disruption or crisis.

  18. Business Recovery Plan- Checklist for Small Businesses

    Disaster Recovery Plan- 10-Step Checklist. To avoid going out of business or to reduce the recovery time following an event, business owners should create and regularly update a disaster recovery plan. The following ten steps outline the general process of establishing a comprehensive plan. 1. Risk Evaluation.

  19. 5 Steps to Business Recovery

    Positive energy and focus is energizing and engaging. Lead with positivity, and watch the recovery truly begin. Balance every challenge with a positive outcome. 2. Evaluate your current state. As a leader, you need to set the direction for the company's future, in full reality of your current position. Survey the damage, and take an honest ...

  20. 5 Small Business Strategies to Recover, Rebuild and Be Ready

    Basically, make your customers feel like they matter to you. If they don't matter to you, you won't matter to them when the time comes for support and loyalty. 5. Create a unique identity. The ...

  21. What is a disaster recovery plan?

    A disaster recovery plan (DRP) is a detailed document that outlines how an organization will respond to an unplanned incident. Along with business continuity plans (BCPs) and incident response plans (IRPs), DR plans help ensure businesses are prepared to face many different types of disasters, including power outages, ransomware and malware attacks, natural disasters and much more.

  22. Business Continuity and Recovery Plan

    RECOVERY STEPS. q Step 1 - Contact BCP Response Team and arrange for a meeting. q Step 2 - BCP Response Team meets and reviews plan steps. q Step 3 - Assess damage to SafePass facility and systems. q Step 4 - Alert alternate site location to begin setting up for incoming staff.

  23. 5 Steps for Building a Data Disaster Recovery Plan

    1. Have a response team ready and assign duties. This is arguably the most important of all the disaster recovery plan steps. Having a team ready with pre-arranged duties is the best way to ensure everyone knows who will do what. Systems operate in set ways under set parameters, but humans don't, and the stress of a disaster situation is sure ...

  24. High availability and disaster recovery: The differences

    Disaster recovery takes over when high availability falls short. Using them in combination, your organization can be assured of resilience in the face of most problems that will befall your IT landscape. However, both high availability and disaster recovery play a role in business continuity planning, each with a different focus and applicability.

  25. CDC plans to drop five-day covid isolation guidelines

    While the coronavirus continues to cause serious illness, especially among the most vulnerable people, vaccines and effective treatments such as Paxlovid are available. The latest versions of ...

  26. Uber hits record high after unveiling first-ever $7 bln share buyback

    Uber Technologies shot to a record high on Wednesday after announcing its first-ever buyback of $7 billion worth of company shares after a strong recovery in ride-share revenue and healthy demand ...