• Bahasa Indonesia
  • Sign out of AWS Builder ID
  • AWS Management Console
  • Account Settings
  • Billing & Cost Management
  • Security Credentials
  • AWS Personal Health Dashboard
  • Support Center
  • Expert Help
  • Knowledge Center
  • AWS Support Overview
  • AWS re:Post
  • What is Cloud Computing?
  • Cloud Computing Concepts Hub

What is Disaster Recovery?

Disaster recovery is the process by which an organization anticipates and addresses technology-related disasters. The process of preparing for and recovering from any event that prevents a workload or system from fulfilling its business objectives in its primary deployed location, such as power outages, natural events, or security issues. Disaster recovery targets are measured with Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO). The failures handled by disaster recovery tend to be rarer than those covered by high availability and are larger scale disaster events. Disaster recovery includes an organization's procedures and policies to recover quickly from such events.

Why is disaster recovery important?

A disaster is an unexpected problem resulting in a slowdown, interruption, or network outage in an IT system. Outages come in many forms, including the following examples:

  • An earthquake or fire
  • Technology failures
  • System incompatibilities
  • Simple human error 
  • Intentional unauthorized access by third parties

These disasters disrupt business operations, cause customer service problems, and result in revenue loss. A disaster recovery plan helps organizations respond promptly to disruptive events and provides key benefits.

Ensures business continuity

When a disaster strikes, it can be detrimental to all aspects of the business and is often costly. It also interrupts normal business operations, as the team’s productivity is reduced due to limited access to tools they require to work. A disaster recovery plan prompts the quick restart of backup systems and data so that operations can continue as scheduled. 

Enhances system security

Integrating data protection, backup, and restoring processes into a disaster recovery plan limits the impact of ransomware, malware, or other security risks for business. For example, data backups to the cloud have numerous built-in security features to limit suspicious activity before it impacts the business. 

Improves customer retention

If a disaster occurs, customers question the reliability of an organization’s security practices and services. The longer a disaster impacts a business, the greater the customer frustration. A good disaster recovery plan mitigates this risk by training employees to handle customer inquiries. Customers gain confidence when they observe that the business is well-prepared to handle any disaster. 

Reduces recovery costs

Depending on its severity, a disaster causes both loss of income and productivity. A robust disaster recovery plan avoids unnecessary losses as systems return to normal soon after the incident. For example, cloud storage solutions are a cost-effective data backup method. You can manage, monitor, and maintain data while the business operates as usual. 

How does disaster recovery work?

Disaster recovery focuses on getting applications up and running within minutes of an outage. Organizations address the following three components.

To reduce the likelihood of a technology-related disaster, businesses need a plan to ensure that all key systems are as reliable and secure as possible. Because humans cannot control a natural disaster, prevention only applies to network problems, security risks, and human errors. You must set up the right tools and techniques to prevent disaster. For example, system-testing software that auto-checks all new configuration files before applying them can prevent configuration mistakes and failures. 

Anticipation

Anticipation includes predicting possible future disasters, knowing the consequences, and planning appropriate disaster recovery procedures. It is challenging to predict what can happen, but you can come up with a disaster recovery solution with knowledge from previous situations and analysis. For example, backing up all critical business data to the cloud in anticipation of future hardware failure of on-premises devices is a pragmatic approach to data management.

Mitigation is how a business responds after a disaster scenario. A mitigation strategy aims to reduce the negative impact on normal business procedures. All key stakeholders know what to do in the event of a disaster, including the following steps.

  • Updating documentation
  • Conducting regular disaster recovery testing
  • Identifying manual operating procedures in the event of an outage
  • Coordinating a disaster recovery strategy with corresponding personnel

disaster recovery planning for a company's computer system usually focuses on

What are the key elements of a disaster recovery plan?

An effective disaster recovery plan includes the following key elements. 

Internal and external communication

The team responsible for creating, implementing, and managing the disaster recovery plan must communicate with each other about their roles and responsibilities. If a disaster happens, the team should know who is responsible for what and how to communicate with employees, customers, and each other. 

Recovery timeline

The disaster recovery team must decide on goals and time frames for when systems should be back to normal operations after a disaster. Some industries’ timelines may be longer than others, while others need to be back to normal in a matter of minutes. 

The timeline should address the following two objectives.

Recovery time objective 

The recovery time objective (RTO) is a metric that determines the maximum amount of time that passes before you complete disaster recovery. Your RTOs may vary depending on impacted IT infrastructure and systems.

Recovery point objective

A recovery point objective (RPO) is the maximum amount of time acceptable for data loss after a disaster. For example, if your RPO is minutes or hours, you will have to back up your data constantly to mirror sites instead of just once at the end of the day.

Data backups

The disaster recovery plan determines how you back up your data. Options include cloud storage, vendor-supported backups, and internal offsite data backups. To account for natural disaster events, backups should not be onsite. The team should determine who will back up the data, what information will be backed up, and how to implement the system.

Testing and optimization 

You must test your disaster recovery plan at least once or twice per year. You can document and fix any gaps that you identify in these tests. Similarly, you should update all security and data protection strategies frequently to prevent inadvertent unauthorized access.

How can you create a disaster recovery team?

A disaster recovery team includes a collaborative team of experts, such as IT specialists and individuals in leadership roles, who will be crucial to the team. You should have somebody on the team who takes care of the following key areas.

Crisis management

The individual in charge of crisis management implements the disaster recovery plan right away. They communicate with other team members and customers, and they coordinate the disaster recovery process. 

Business continuity

The business continuity manager ensures that the disaster recovery plan aligns with results from business impact analysis. They include business continuity planning in the disaster recovery strategy. 

Impact recovery and assessment

Impact assessment managers are experts in IT infrastructure and business applications. They assess and fix network infrastructure, servers, and databases. They also manage other disaster recovery tasks, such as the following examples.

  • Application integrations
  • Data consistency maintenance
  • Application settings and configuration

What are the best disaster recovery methods?

When disaster recovery planning, businesses implement one or several of the following methods.

Backing up data is one of the easiest methods of disaster recovery that all businesses implement. Backing up important data entails storing data offsite, in the cloud, or on a removable drive. You should back up data frequently to keep it up to date. For example, by backing up to AWS , businesses get a flexible and scalable infrastructure that protects all data types. 

Data center disaster recovery

In the event of certain types of natural disasters, appropriate equipment can protect your data center and contribute to rapid disaster recovery. For example, fire suppression tools help equipment and data survive through a blaze, and backup power sources support businesses’ continuity in case of power failure. Similarly, AWS data centers have innovative systems that protect them from human-made and natural risks.

Virtualization 

Businesses back up their data and operations using offsite virtual machines (VMs) not affected by physical disasters. With virtualization as part of the disaster recovery plan, businesses automate some processes, recovering faster from a natural disaster. The continuous transfer of data and workloads to VMs like Amazon Elastic Compute Cloud (Amazon EC2) is essential for effective virtualization. 

Disaster recovery as a service

Disaster recovery services like AWS Elastic Disaster Recovery can move a company’s computer processing and critical business operations to its own cloud services in the event of a disaster. Therefore, normal operations can continue from the provider’s location, even if on-premises servers are down. Elastic Disaster Recovery also protects from Regions in the cloud going down. 

In the event of a natural disaster, a company moves its operations to another rarely used physical location, called a cold site. This way, employees have a place to work, and business functions can continue as normal. This type of disaster recovery does not protect or recover important data, so another disaster recovery method must be used alongside this one.    

How can AWS help with disaster recovery?

Elastic Disaster Recovery is a disaster recovery service that reduces downtime and data loss with the fast, reliable recovery of on-premises and cloud-based applications. It can decrease your RPO to seconds and RTO to just a few minutes. You can quickly recover operations after unexpected events, such as software issues or data center hardware failures. It is also a flexible solution, so you can add or remove replicating servers and test various applications without specialized skill sets.

Elastic Disaster Recovery includes the following benefits.

  • Reduces costs by removing idle recovery site resources, so you pay for the full disaster recovery site only when needed
  • Converts cloud-based applications to run natively on AWS
  • Restores applications within minutes, at their most up-to-date state, or from a previous point in time in case of security incidents

Get started with disaster recovery on AWS by creating an AWS account today. 

Next steps on AWS

disaster recovery planning for a company's computer system usually focuses on

Ending Support for Internet Explorer

  • Español – América Latina
  • Português – Brasil

What is a Disaster Recovery Plan?

Disaster recovery (DR) is an organization’s ability to restore access and functionality to IT infrastructure after a disaster event, whether natural or caused by human action (or error). DR is considered a subset of business continuity, explicitly focusing on ensuring that the IT systems that support critical business functions are operational as soon as possible after a disruptive event occurs.

Today, disaster recovery planning is crucial for any business, especially those operating either partially or entirely in the cloud. Disasters that interrupt service and cause data loss can happen anytime without warning—your network could have an outage, a critical bug could get released, or your business might have to weather a natural disaster. Organizations with robust and well-tested disaster recovery strategies can minimize the impact of disruptions, achieve faster recovery times, and resume core operations rapidly when things go awry.   

Learn more about Google Cloud backup and disaster recovery features and products and how they can be used to build the right DR solution for your business.

IT disaster recovery defined

IT disaster recovery is a portfolio of policies, tools, and processes used to recover or continue operations of critical IT infrastructure, software, and systems after a natural or human-made disaster.

The first and foremost aspect of a disaster recovery plan is cloud. The cloud is considered the best solution for both business continuity and disaster recovery. The cloud eliminates the need to run a separate disaster recovery data center (or recovery site). 

What is a disaster recovery site? 

It’s a second, physical data center that’s costly to build and maintain—and with the cloud, made unnecessary.

What is considered a disaster?

Dr planning and strategies focus on responding to and recovering from disasters—events that disrupt or completely stop a business from operating..

While these events can be natural disasters like a hurricane, they can also be caused by a severe system failure, an intentional attack, or even human error. 

Types of disasters can include: 

  • Natural disasters (for example, earthquakes, floods, tornados, hurricanes, or wildfires)
  • Pandemics and epidemics
  • Cyber attacks (for example, malware, DDoS, and ransomware attacks)
  • Other intentional, human-caused threats such as terrorist or biochemical attacks
  • Technological hazards (for example, power outages, pipeline explosions, and transportation accidents)
  • Machine and hardware failure 

Importance of disaster recovery

Technology plays an increasingly important role in every aspect of business, with applications and services enabling companies to be more agile, available, and connected. This trend has contributed to the widespread adoption of cloud computing by organizations to drive growth, innovation, and exceptional customer experience. 

However, the migration to cloud environments—public, private, hybrid, or multicloud—and the rise of remote workforces are introducing more infrastructure complexity and potential risks. Disaster recovery for cloud-based systems is critical to an overall business continuity strategy. A system breakdown or unplanned downtime can have serious consequences for enterprises that rely heavily on cloud-based resources, applications, documents, and data storage to keep things running smoothly. 

In addition, data privacy laws and standards stipulate that most organizations are now required to have a disaster recovery strategy. Failure to follow DR plans can result in compliance violations and steep regulatory fines. 

Every business needs to be able to recover quickly from any event that stops day-to-day operations, no matter what industry or size. Without a disaster recovery plan, a company can suffer data loss, reduced productivity, out-of-budget expenses, and reputational damage that can lead to lost customers and revenue. 

How disaster recovery works

Disaster recovery relies on having a solid plan to get critical applications and infrastructure up and running after an outage—ideally within minutes..

An effective DR plan addresses three different elements for recovery: 

  • Preventive: Ensuring your systems are as secure and reliable as possible, using tools and techniques to prevent a disaster from occurring in the first place. This may include backing up critical data or continuously monitoring environments for configuration errors and compliance violations. 
  • Detective: For rapid recovery, you’ll need to know when a response is necessary. These measures focus on detecting or discovering unwanted events as they happen in real time. 
  • Corrective: These measures are aimed at planning for potential DR scenarios, ensuring backup operations to reduce impact, and putting recovery procedures into action to restore data and systems quickly when the time comes. 

Typically, disaster recovery involves securely replicating and backing up critical data and workloads to a secondary location or multiple locations—disaster recovery sites. A disaster recovery site can be used to recover data from the most recent backup or a previous point in time. Organizations can also switch to using a DR site if the primary location and its systems fail due to an unforeseen event until the primary one is restored.

Types of disaster recovery

The types of disaster recovery you’ll need will depend on your it infrastructure, the type of backup and recovery you use, and the assets you need to protect..

Here are some of the most common technologies and techniques used in disaster recovery: 

  • Backups: With backups, you back up data to an offsite system or ship an external drive to an offsite location. However, backups do not include any IT infrastructure, so they are not considered a full disaster recovery solution. 
  • Backup as a service (BaaS): Similar to remote data backups, BaaS solutions provide regular data backups offered by a third-party provider. 
  • Disaster recovery as a service (DRaaS): Many cloud providers offer DRaaS, along with cloud service models like IaaS and PaaS . A DRaaS service model allows you to back up your data and IT infrastructure and host them on a third-party provider’s cloud infrastructure. During a crisis, the provider will implement and orchestrate your DR plan to help recover access and functionality with minimal interruption to operations.  
  • Point-in-time snapshots: Also known as point-in-time copies, snapshots replicate data, files, or even an entire database at a specific point in time. Snapshots can be used to restore data as long as the copy is stored in a location unaffected by the event. However, some data loss can occur depending on when the snapshot was made. 
  • Virtual DR: Virtual DR solutions allow you to back up operations and data or even create a complete replica of your IT infrastructure and run it on offsite virtual machines (VMs). In the event of a disaster, you can reload your backup and resume operation quickly. This solution requires frequent data and workload transfers to be effective. 
  • Disaster recovery sites: These are locations that organizations can temporarily use after a disaster event, which contain backups of data, systems, and other technology infrastructure.

Benefits of disaster recovery

Stronger business continuity.

Every second counts when your business goes offline, impacting productivity, customer experience, and your company’s reputation. Disaster recovery helps safeguard critical business operations by ensuring they can recover with minimal or no interruption. 

Enhanced security

DR plans use data backup and other procedures that strengthen your security posture and limit the impact of attacks and other security risks. For example, cloud-based disaster recovery solutions offer built-in security capabilities, such as advanced encryption, identity and access management, and organizational policy. 

Faster recovery

Disaster recovery solutions make restoring your data and workloads easier so you can get business operations back online quickly after a catastrophic event. DR plans leverage data replication and often rely on automated recovery to minimize downtime and data loss.

Reduced recovery costs

The monetary impacts of a disaster event can be significant, ranging from loss of business and productivity to data privacy penalties to ransoms. With disaster recovery, you can avoid, or at least minimize, some of these costs. Cloud DR processes can also reduce the operating costs of running and maintaining a secondary location.

High availability

Many cloud-based services come with high availability (HA) features that can support your DR strategy. HA capabilities help ensure an agreed level of performance and offer built-in redundancy and automatic failover, protecting data against equipment failure and other smaller-scale events that may impact data availability. 

Better compliance

DR planning supports compliance requirements by considering potential risks and defining a set of specific procedures and protections for your data and workloads in the event of a disaster. This usually includes strong data backup practices, DR sites, and regularly testing your DR plan to ensure that your organization is prepared. 

Planning a disaster recovery strategy

A comprehensive disaster recovery strategy should include detailed emergency response requirements, backup operations, and recovery procedures. DR strategies and plans often help form a broader business continuity strategy, which includes contingency plans to mitigate impact beyond IT infrastructure and systems, allowing all business areas to resume normal operations as soon as possible. 

When it comes to creating disaster recovery strategies, you should carefully consider the following key metrics: 

  • Recovery time objective (RTO): The maximum acceptable length of time that systems and applications can be down without causing significant damage to the business. For example, some applications can be offline for an hour, while others might need to recover in minutes.
  • Recovery point objective (RPO) : The maximum age of data you need to recover to resume operations after a major event. RPO helps to define the frequency of backups. 

These metrics are particularly useful when conducting risk assessments and business impact analysis (BIA) for potential disasters, from moderate to worst-case scenarios. Risk assessments and BIAs evaluate all functional areas of a business and the consequences of any risks, which can help define DR goals and the actions needed to achieve them before or after an event occurs. 

When creating your recovery strategy, it’s useful to consider your RTO and RPO values and pick a DR pattern that will enable you to meet those values and your overall goals. Typically, the smaller your values (or the faster your applications need to recover after an interruption), the higher the cost to run your application. 

Cloud disaster recovery can greatly reduce the costs of RTO and RPO when it comes to fulfilling on-premises requirements for capacity, security, network infrastructure, bandwidth, support, and facilities. A highly managed service on Google Cloud can help you avoid most, if not all, complicating factors and allow you to reduce many business costs significantly. 

For more guidance on using Google Cloud to address disaster recovery, you can read our Disaster recovery planning guide or contact your account manager for help with creating a DR plan.

Solve your business challenges with Google Cloud

What is disaster recovery used for, ensure business resilience.

No matter what happens, a good DR plan can ensure that the business can return to full operations rapidly, without losing data or transactions.

Maintain competitiveness

When a business goes offline, customers are rarely loyal. They turn to competitors to get the goods or services they require. A DR plan prevents this.

Avoid regulatory risks

Many industries have regulations dictating where data can be stored and how it must be protected. Heavy fines result if these mandates are not met.

Avoid data loss

The longer a business’s systems are down, the greater the risk that data will be lost. A robust DR plan minimizes this risk.

Keep customers happy

Meeting customer service level agreements (SLAs) is always a priority. A well-executed DR plan can help businesses achieve SLAs despite challenges.

Maintain reputation

A business that has trouble resuming operations after an outage can suffer brand damage. For that reason, a solid DR plan is critical.

Related products and services

Google offers many products that can be used as building blocks when creating a secure and reliable DR plan, including Cloud Storage .

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Start your next project, explore interactive tutorials, and manage your account.

  • Need help getting started? Contact sales
  • Work with a trusted partner Find a partner
  • Continue browsing See all products
  • Get tips & best practices See tutorials

U.S. flag

An official website of the United States government

Here’s how you know

world globe

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

disaster recovery planning for a company's computer system usually focuses on

IT Disaster Recovery Plan

world globe

IT Recovery

Data backup.

Data Backup Plan

Businesses large and small create and manage large volumes of electronic information or data. Much of that data is important. Some data is vital to the survival and continued operation of the business. The impact of data loss or corruption from hardware failure, human error, hacking or malware could be significant. A plan for data backup and restoration of electronic information is essential.

An information technology disaster recovery plan (IT DRP) should be developed in conjunction with the business continuity plan . Priorities and recovery time objectives for information technology should be developed during the business impact analysis . Technology recovery strategies should be developed to restore hardware, applications and data in time to meet the needs of the business recovery.

Priorities for IT recovery should be consistent with the priorities for recovery of business functions and processes that were developed during the business impact analysis . IT resources required to support time-sensitive business functions and processes should also be identified. The recovery time for an IT resource should match the recovery time objective for the business function or process that depends on the IT resource.

Recovery strategies should be developed to anticipate the loss of one or more of the following system components:

  • Computer room environment (secure computer room with climate control, conditioned and backup power supply, etc.)
  • Hardware (networks, servers, desktop and laptop computers, wireless devices and peripherals)
  • Connectivity to a service provider (fiber, cable, wireless, etc.)
  • Software applications (electronic data interchange, electronic mail, enterprise resource management, office productivity, etc.)
  • Data and restoration

Developing an IT Disaster Recovery Plan

Businesses should develop an IT disaster recovery plan. It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and wireless devices), software applications and data. The plan should include a strategy to ensure that all critical information is backed up.

Identify critical software applications and data and the hardware required to run them. Using standardized hardware will help to replicate and reimage new hardware. Ensure that copies of program software are available to enable re-installation on replacement equipment. Prioritize hardware and software restoration.

Document the IT disaster recovery plan as part of the business continuity plan . Test the plan periodically to make sure that it works.

Businesses generate large amounts of data and data files are changing throughout the workday. Data can be lost, corrupted, compromised or stolen through hardware failure, human error, hacking and malware. Loss or corruption of data could result in significant business disruption.

Data backup and recovery should be an integral part of the business continuity plan and information technology disaster recovery plan. Developing a data backup strategy begins with identifying what data to backup, selecting and implementing hardware and software backup procedures, scheduling and conducting backups and periodically validating that data has been accurately backed up.

Developing the Data Backup Plan

Identify data on network servers, desktop computers, laptop computers and wireless devices that needs to be backed up, along with other hard copy records and information. The backup plan should include regularly scheduled backups from wireless devices, laptop computers and desktop computers to a network server. Data on the server then can be backed up. Backing up hard copy vital records can be accomplished by scanning paper records into digital formats and allowing them to be backed up along with other digital data.

Data should be backed up frequently. The business impact analysis should evaluate the potential for lost data and define the “recovery point objective.” Data restoration times should be confirmed and compared with the IT and business function recovery time objectives.

Resources for Information Technology Disaster Recovery Planning

  • Computer Security Resource Center - National Institute of Standards and Technology (NIST), Computer Security Division Special Publications
  • Contingency Planning Guide for Federal Information Systems - NIST Special Publication 800-34 Rev. 1
  • Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities – NIST Special Publication 800-84
  • Building An Information Technology Security Awareness and Training Program - NIST Special Publication 800-50

Last Updated: 09/07/2023

Return to top

10 Best Practices for Disaster Recovery Planning (DRP)

DRP helps an organization resume work after the loss of data or IT equipment. Click here to learn about 10 DRP best practices in 2021.

Disaster recovery planning is defined as the process of creating a comprehensive plan that helps your organization resume work after the loss of data or IT equipment due to natural or human-made disasters. A good disaster recovery plan will make sure that this is done with minimal business disruption. This article introduces you to disaster recovery planning, key steps involved in creating it, and ten best practices to develop and implement a DRP template.

Table of Contents

What is a disaster recovery plan (drp), 8 key steps for a disaster recovery plan, top 10 best practices to create and implement a disaster recovery plan (drp) in 2021.

A disaster recovery plan is defined as a well-defined set of actions that helps an organization recover its technology and operations based on its business policies. It is a component of security planning and a subset of business continuity planning.  

If there is anything 2021 has taught the world, it is that disaster strikes with no warning. Come pandemic or wildfires, businesses must be equipped to provide the services it has committed to, with zero to little disruption. One way of doing this is planning — figuring out which resources are essential and how they can be protected and backed up.

Importance of having a stable DRP:

  • Disaster management: No business can run successfully without substantial tech-based infrastructure. To put things in perspective, a 2018 BCI Survey Report says that the top supply chain disruptors are IT outages, cyberattacks, and transport network disruption, which are caused by natural or human-made disasters such as hurricanes, floods, wildfires, cyberattacks, power outages, and even acts of terrorism.
  • Cost of disruption: According to Dell’s 2021 GDPI snapshot , cyberattacks and disruptive events are rising meteorically. 82% of the organizations reported an unplanned disruption in the last one year, a number which was only 76% in 2018. In fact, these disruptions cost an estimated total of $810,018 — up from $526,845 the previous year. Hefty figures aside, business continuity is also a matter of reputation and trust for customers and stakeholders. 

Now that it is clear why every business needs a disaster recovery plan, let us take a look at the steps involved in creating a viable disaster recovery plan template.

Also Read: What Is Disaster Recovery? Definition, Cloud and On-premise, Benefits and Best Practices

Let’s look at the step-by-step breakdown of the tasks required to build a robust and adaptive DRP.

1. Gather a team of experts and stakeholders

Creating a disaster recovery plan is not a one-person job. It involves input from various internal employees and external vendors. A good DRP team consists the following roles: 

  • Infrastructure SMEs : Creating a DRP requires an in-depth knowledge of all hardware, software, data, and network connectivity . This means that the corresponding domain experts from the organization’s IT department should be a part of the DRP team.
  • Individual department heads : While every business unit has its set of critical assets and functionalities, these are governed by compliance and legal regulations. It is, therefore, important to have someone representing each business unit.
  • Senior management : Since DRP is a part of business continuity planning (BCP) , the organization’s business objectives and strategies are essential to setting DRP goals. Senior management must be involved to make these policy-level decisions.
  • Human resources : An HR representative must be present to enable smooth internal communication in case of work disruption.
  • Public relations officers : Having PROs in the team would be a plus for positive media outreach. This is important for keeping customers and stakeholders informed. 

Apart from these internal members, property managers, law enforcement contacts, and emergency responders must be added to the final disaster recovery plan. These are variables that need to be constantly updated at regular intervals.

2. Take inventory and analyze business impact

Business impact analysis (BIA) is the foundation of good DRP. In this step, the business is broken down into individual assets, services, and functions. Each asset and service is then evaluated based on how long the company can run without facing financial losses , reputational losses, or regulatory penalties if this asset fails. 

Inventory typically includes individual assets that drive the functioning of the organization. These include assets such as:

  • SaaS services  

This step produces an inventory list along with cost, legal and regulatory requirements, details such as operating systems, configuration settings, version numbers, license keys, and criticality of each. Mission-critical assets — the breakdown of which can bring significant services of the company to a halt — are marked. 

Also Read: Top 8 Disaster Recovery Software Companies in 2021

3. Identify the disaster recovery planning metrics

Once the BIA is done, the business’s IT infrastructure and processes are broken down and quantified in terms of the cost of downtime and criticality. We can create formal and tangible goals of recovery for each function of the business.

  • Goal 1 — Determine the recovery time objective (RTO)

This is the amount of time a particular service can be offline without a significant business impact. For example, for an e-commerce website, the ‘Add to Cart’ functionality cannot be down for more than a few minutes. But the ‘Customer Care chat history’ option can be down for a couple of hours without significant impact.

  • Goal 2 — Determine the recovery point objective (RPO)

When we talk about addressing vulnerabilities during disasters, we are usually talking about security changes or data backup. The best way to prevent data loss would be to back up critical information into tiered servers or the cloud. The RPO determines how frequently this needs to be done for each asset or function. This essentially tells you how outdated your data can afford to be when an unplanned incident occurs.

For example, marketing and sales data can be more than 24 hours old without causing any real damage. But banking transactions need to be as recent as five minutes ago.

Keep in mind that these metrics do not depend on just business impact alone. Industry regulations need to be taken into account too. For instance, hospitals that lose patient electronic health records are subject to HIPAA penalties.

4. Conduct a risk assessment and identify the scope of the DRP

The BIA stage takes stock of what the business has to lose. The risk assessment stage looks into possible reasons for the loss. During risk assessment, make sure that you: 

  • Analyze all potential threats to the functioning of the business. These threats include natural disasters, national emergencies and shutdowns, regional disasters, regulatory changes, application failures, data center disasters , communication breakdowns, and cyberattacks. To tackle these, make sure your contingency management includes hardware and other maintenance, protection from power outages, and security from ransomware.
  • Evaluate business vulnerability for each threat. Quantify each threat with the time and resources it would take to address each threat. The potential cost of leaving each risk unaddressed must also be considered.
  • Upgrading hardware and software
  • Putting security controls in place
  • Improving security policies
  • Create a risk management plan based on associated costs and potential losses. Also, consider the frequency and probability of each threat. One way of documenting risk assessment is by using the risk assessment matrix. This strategy allows you to rank each disaster based on the likelihood of occurrence, how much it would impact business, and how prepared you are to face it. Based on these numbers, you can prioritize which risks to focus on while creating your disaster recovery plan template. 

Also Read: 5 Step Guide to Business Continuity Planning (BCP) in 2021

5. Decide on the type of disaster recovery plan

All businesses cannot use a one-size-fits-all disaster recovery plan template. Based on the results of the previous steps and the DRP budget, you can opt for one of the following types of DRP:

  • Datacenter disaster recovery plan: A data center DRP involves investing in and maintaining a whole other data center building as a backup. This is usually called a disaster recovery site . When the primary operation goes down, this site is expected to be fully operational and kick in without delay. There are three types of data recovery sites: 
  • Cold site: Cold sites are infrastructural backups — office spaces with power, cooling, and communication systems. They do not house any hardware or have a network configured. In the case of primary system failure, the operational teams will need to migrate servers and set everything up from scratch. It is the least expensive option. However, it requires extra labor after the fact and may not meet the organization’s RTO goals if not executed properly.
  • Hot site: A hot site is the exact copy of the primary data center setup. It has all the necessary hardware, software, and network configured. Data is backed up based on RPO goals. In case of outages, the operations connect to the hot site without delay and continue with minimal downtime. Since this requires a constantly functioning setup, this is the most expensive option. It is also the most effective.
  • Warm site: A warm site is one that houses the necessary hardware with some pre-installed software and network configuration. Only mission-critical assets are backed up at less frequent intervals. This is a good option for organizations with less critical data and higher RPOs. A cost-benefit analysis may be required to decide between a hot site and a warm site. 

2. Virtualization based DRP: Virtualization based DRP works with virtual machines rather than actual hardware and recovery sites. Images of the primary infrastructure are stored and updated at regular intervals. A virtual machine can be that of the database, server, or application setup. While virtualization-based DRPs are considerably cheaper than the first option, a recovery strategy is essential for it to work. Identifying recovery software and the backup medium is crucial. This type of DRP requires extensive testing. 

3. Cloud-based DRP: Cloud-based DRP involves backing up critical assets or even the entire primary setup with a cloud provider. This type of planning requires extensive coordination with the cloud managers in terms of security, testing, and meeting the RTO and RPO goals. It is best to pick a cloud provider that allows you to pick the location of the physical and virtual servers. This option is cheaper than data center recovery planning but can be more expensive than virtualization-based DRP.

4. Disaster recovery as a service (DRaaS): If an organization lacks the expertise and resources to create their own DRP, they can enlist the services of a third-party service provider. These providers are referred to as DRaaS companies. It is important to make sure that the service level agreement (SLA) with these companies is in line with the organization’s DRP vision. DRaaS costs vary based on disaster recovery planning goals. Some DraaS solutions also offer artificial intelligence , machine learning, and predictive analysis based disaster recovery plan templates. These help with pre-emptive strikes by automatically detecting ransomware, predicting data loss, hardware failure, and application downtime in case of disaster. 

Also Read:  Will Extreme Weather Events Affect Your Business? Lessons From the Texas Winter Storm

6. Create a disaster recovery playbook

A disaster recovery plan must consist of an RTO and RPO for each service and a step by step recovery plan based on the type of disaster recovery plan chosen. A completed disaster recovery playbook doesn’t just end with that. Other mandatory information includes:

  • List of employees in charge of each service, along with their contact information.
  • Information packets for each person in charge, with required passwords, access grants , and other configuration information gathered during inventory analysis.
  • Point of contact who oversees the smooth transition of operations after the disaster occurs, and for troubleshooting the DRP in case of issues.
  • Contact information of software vendors and third party services. In case a DRaaS vendor is involved, including their contact information and steps to trigger their services.
  • Information about Emergency Responders
  • Contact information of facility owners and property managers.
  • In case of data center DRP, a diagram of the entire IT infrastructure , with recovery sites and directions to access them.
  • In case of virtualization-based DRP, information of the VMs’ storage medium and recovery steps.

7. Test the disaster recovery plan

By this stage, the first draft of the disaster recovery plan is ready. A good DRP is defined by how well-tested it is. Considering the magnitude of this operation, this can be tricky and time-consuming. It might also be an expensive affair, so make sure to include this while budgeting for your DRP efforts.

There are many ways of testing a disaster recovery plan:

  • Walk-through test: Sit with the DRP team members and stakeholders, and just read through the playbook. Make any corrections or updates necessary. This does not disrupt existing business operations in any way.
  • Simulation test: Simulate the disaster and see how well the DRP executes. This does not disrupt existing operations either.
  • Parallel test: Recreate the setup for the key services using the backed-up assets and see if they process real-world transactions. This is done in parallel to the actual system, which continues to process data as normal.
  • Full interruption test: This test assumes that the primary system is completely down, and all of the incoming load is directed to the failover systems created as part of the DRP. This completely disrupts the existing system by making it go offline.

Like every other testing activity, DRP testing must be carried out at regular, scheduled intervals. Keep in mind that all of these tests need to be carried out in every testing cycle. Different tests can be carried out at different points of time in the cycle.

It is also not necessary to test the entire system in every cycle. Individual components can be tested based on any changes made in the system or routine maintenance. Make sure the person in charge is in the loop. Combining multiple components for a narrow test run is also an option.

Success metrics are how you conclude if a DRP was a success or failure. A successful test isn’t just a playbook implementation that runs without errors. Any holes captured during the testing and marked to be fixed without delay are considered successes too. Success metrics need to be detailed in the DRP too. In the case of DRaaS, testing frequency and success metrics are included in the SLAs.

Also Read: Offsite Data Replication: A Great Way To Meet Recovery Time Objectives

8. Establish a communication plan

Apart from automated tests, employee awareness training sessions must be conducted by the HR department. The people in charge of different services in the DRP must be walked through the different scenarios covered in the playbook at different intervals. Their contact information and their roles and responsibilities must be readily available in case of emergencies. Disaster recovery exercises and drills need to be carried out at regular intervals.

Since an outage can cause panic and outrage, it is prudent to have a PR team in place. Exact information about how long it would take for the system to come up and the cause of failure will be easy to gather, thanks to the DRP. This makes stakeholder appeasement easier.

Following these 10 steps will definitely result in a fail-proof disaster recovery plan. There are multiple checklists available online to make sure that you do not skip over any of them. Remember — a good DRP focuses on managing the crisis, restoring business-critical functions, and recovering, all while communicating with your stakeholders, as explained by Tom Roepke and Steven Goldman in the Disaster Recovery Journal. 

Best Practices To Create and Implement a Disaster Recovery Plan (DRP) in 2021

1. Focus on the assets and vulnerabilities, rather than the disaster

Picking particular disasters and focusing only on risks associated with them can draw attention away from other threats. A better approach would be to identify core assets and services and then working up to the associated vulnerabilities .

2. Keep iterating the process

Disaster recovery planning is not a one-time process. Business requirements keep changing, new infrastructure is added every day and industry regulations are updated all the time. This means that the DRP also needs to keep changing. It is best to have scheduled sessions, ideally three to four times a year. It can also be based on certain milestones or triggers — like adding a new service or making major changes in an existing one. A good DRP grows with the business.

3. Maintain a readily accessible disaster recovery playbook

A Disaster recovery playbook is meant for multiple stakeholders at different business levels and professions. It must be written in a clear and concise language understood by all. Once a playbook has been approved and tested, a hard copy must be placed in a readily accessible area, while a soft copy is loaded onto the cloud or a portable medium. A DRP must also be easily modifiable since it is subject to change with every iteration. Any changes made in the plan must be reflected in all storage and communicated to all stakeholders and team members.

Also Read: What Is Password Management? Definition, Components and Best Practices

4. Do not forget the processes

DRP is not just about the hardware and the software. There are people and processes involved in each step too. It is important to make sure that the recovery team has a backup work location to operate from. If employees are logging in from home, do they have secure access points to reach your systems? Remember to include these work-process solutions in the playbook.

5. Have a testing schedule and stick to it

A disaster recovery plan is only as good as its testing schedule. A 2014 Global Benchmark Study showed that poor planning, testing, and technological deficiencies led to more than a $5 million loss by critical application failure, data center outages, and data loss. An untested plan leads to a false sense of security. Usually, DRP tests are scheduled three to four times a year, though some bigger enterprises with complex systems carry them out monthly.

6. Create comprehensive post-test reports

A testing activity must always result in a comprehensive report detailing the following points:

  • The type of tests carried out
  • Frequency of testing
  • Success Factors — predetermined details that help evaluate the testing. A successful test isn’t just one that comes up error-free. A successful test is also one that catches an error that might have made it to the final cut.
  • Test procedures followed
  • Post-test analytics

Also Read: 10 Best Password Managers for 2021

7. Keep up employee awareness, training, and drills

All concerned people must always be kept in the loop, and DRP drills need to become part of the company culture, just like fire drills. Training must be frequent and contact information updated.

8. Supplement your DRP with security and data protection solutions

Replicating a whole new secondary setup means replicating security concerns as well. Any cyberattacks or ransomware demands must be curtailed within the primary system and cannot permeate the WAN while duplicating data for backup.

9. Protect the everyday software

Any SaaS applications used, like MS Office or Salesforce, need to be considered in the inventory logging stage. While they might not directly be involved with the company’s services, losing contact information with potential clients might have a long term effect. Even email suites come into play here because the loss of important communication can be a major business impediment.

10. Ensure good reporting

On-ground reporting is just as, if not more, important than test reports. When a disaster actually strikes, and the DRP is set in motion, provisions must be made for documenting each step. It is the best way to figure out what works best and what needs tweaking.

With the number of natural and human-made threats increasing daily, creating, adopting, and maintaining a well-thought-out disaster recovery plan makes good business sense. A good DRP goes a long way in creating a confident and resilient business.

Did this article help your research for a disaster recovery plan that suits your business? Tell us on LinkedIn Opens a new window , Twitter Opens a new window , or Facebook Opens a new window . We would love to hear from you!

Share This Article:

IT Specialist

Take me to Community

Recommended Reads

No More Business As Usual: Vulnerability Management Focused On Managing Risk

No More Business As Usual: Vulnerability Management Focused On Managing Risk

How Leaders Can Protect Supply Chains Against Cyber Risks

How Leaders Can Protect Supply Chains Against Cyber Risks

The Vulnerabilities of Traditional Patch Management

The Vulnerabilities of Traditional Patch Management

Fry the Phish this Valentine’s Day: How to Thwart Online Scammers Using AI

Fry the Phish this Valentine’s Day: How to Thwart Online Scammers Using AI

Looking for a Bug Bounty Program: 13 Signs of a Successful One

Looking for a Bug Bounty Program: 13 Signs of a Successful One

Hackers Set Their Sights on the C-Suite

Hackers Set Their Sights on the C-Suite

2023 AWS Global Storage Partner of the Year | 2023 AWS Global Storage PoY | Schedule a meeting

Disaster Recovery Plan

Disaster recovery plan definition.

What is a disaster recovery plan? A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and more generally promote recovery.

The purpose of a disaster recovery plan is to comprehensively explain the consistent actions that must be taken before, during, and after a natural or man-made disaster so that the entire team can take those actions. A disaster recovery plan should address both man-made disasters that are intentional, such as fallout from terrorism or hacking, or accidental, such as an equipment failure.

What is a disaster recovery plan ?

Organizations of all sizes generate and manage massive amounts of data, much of it mission critical. The impact of corruption or data loss from human error, hardware failure, malware, or hacking can be substantial. Therefore, it is essential to create a disaster recovery plan for the restoration of business data from a data backup image.

It is most effective to develop an information technology (IT) disaster recovery plan in conjunction with the business continuity plan (BCP). A business continuity plan is a complete organizational plan that consists of five components:

1. Business resumption plan 2. Occupant emergency plan 3. Continuity of operations plan 4. Incident management plan (IMP) 5. Disaster recovery plan

Generally, components one through three do not touch upon IT infrastructure at all. The incident management plan typically establishes procedures and a structure to address cyber attacks against IT systems during normal times, so it does not deal with the IT infrastructure during disaster recovery. For this reason, the disaster recovery plan is the only component of the BCP of interest to IT.

Among the first steps in developing such adisaster recovery strategy is business impact analysis, during which the team should develop IT priorities and recovery time objectives. The team should time technology recovery strategies for restoring applications, hardware, and data to meet business recovery needs.

Every situation is unique and there is no single correct way to develop a disaster recovery plan. However, there are three principal goals of disaster recovery that form the core of most DRPs:

  • prevention, including proper backups, generators, and surge protectors
  • detection of new potential threats, a natural byproduct of routine inspections
  • correction, which might include holding a “lessons learned” brainstorming session and securing proper insurance policies

What should a disaster recovery plan include?

Although specific disaster recovery plan formats may vary, the structure of a disaster recovery plan should include several features:

Goals A statement of goals will outline what the organization wants to achieve during or after a disaster, including the recovery time objective (RTO) and the recovery point objective (RPO). The recovery point objective refers to how much data (in terms of the most recent changes) the company is willing to lose after a disaster occurs. For example, an RPO might be to lose no more than one hour of data, which means data backups must occur at least every hour to meet this objective.

Recovery time objective or RTO refers to the acceptable downtime after an outage before business processes and systems must be restored to operation. For example, the business must be able to return to operations within 4 hours in order to avoid unacceptable impacts to business continuity.

Personnel Every disaster recovery plan must detail the personnel who are responsible for the execution of the DR plan, and make provisions for individual people becoming unavailable.

IT inventory An updated IT inventory must list the details about all hardware and software assets, as well as any cloud services necessary for the company’s operation, including whether or not they are business critical, and whether they are owned, leased, or used as a service.

Backup procedures The DRP must set forth how each data resource is backed up – exactly where, on which devices and in which folders, and how the team should recover each resource from backup.

Disaster recovery procedures These specific procedures, distinct from backup procedures, should detail all emergency responses, including last-minute backups, mitigation procedures, limitation of damages, and eradication of cybersecurity threats.

Disaster recovery sites Any robust disaster recovery plan should designate a hot disaster recovery site. Located remotely, all data can be frequently backed up to or replicated at a hot disaster recovery site — an alternative data center holding all critical systems. This way, when disaster strikes, operations can be instantly switched over to the hot site.

Restoration procedures Finally, follow best practices to ensure a disaster recovery plan includes detailed restoration procedures for recovering from a loss of full systems operations. In other words, every detail to get each aspect of the business back online should be in the plan, even if you start with a disaster recovery plan template. Here are some procedures to consider at each step.

Include not just objectives such as the results of risk analysis and RPOs, RTOs, and SLAs, but also a structured approach for meeting these goals. The DRP must address each type of downtime and disaster with a step-by-step plan, including data loss, flooding, natural disasters, power outages, ransomware, server failure, site-wide outages, and other issues. Be sure to enrich any IT disaster recovery plan template with these critical details.

Create a list of IT staff including contact information, roles, and responsibilities. Ensure each team member is familiar with the company disaster recovery plan before it is needed so that individual team members have the necessary access levels and passwords to meet their responsibilities. Always designate alternates for any emergency, even if you think your team can’t be affected.

Address business continuity planning and disaster recovery by providing details about mission-critical applications in your DRP. Include accountable parties for both troubleshooting any issues and ensuring operations are running smoothly. If your organization will use cloud backup services or disaster recovery services, vendor name and contact information, and a list of authorized employees who can request support during a disaster should be in the plan; ideally the vendor and organizational contacts should know of each other.

Media communication best practices are also part of a robust disaster recovery and business continuity plan. A designated public relations contact and media plan are particularly useful to high profile organizations, enterprises, and users who need 24/7 availability, such as government agencies or healthcare providers. Look for disaster recovery plan examples in your industry or vertical for specific best practices and language.

Benefits of a disaster recovery plan

Obviously, a disaster recovery plan details scenarios for reducing interruptions and resuming operations rapidly in the aftermath of a disaster. It is a central piece of the business continuity plan and should be designed to prevent data loss and enable sufficient IT recovery.

Beyond the clear benefit of improved business continuity under any circumstances, having a company disaster recovery plan can help an organization in several other important ways.

Cost-efficiency Disaster recovery plans include various components that improve cost-efficiency. The most important elements include prevention, detection, and correction, as discussed above. Preventative measures reduce the risks from man-made disasters. Detection measures are designed to quickly identify problems when they do happen, and corrective measures restore lost data and enable a rapid resumption of operations.

Achieving cost-efficiency goals demands regular maintenance of IT systems in their optimal condition, high-level analysis of potential threats, and implementation of innovative cybersecurity solutions. Keeping software updated and systems optimally maintained saves time and is more cost-effective. Adopting cloud-based data management as a part of disaster recovery planning can further reduce the costs of backups and maintenance.

Increased productivity Designating specific roles and responsibilities along with accountability as a disaster recovery plan demands increases effectiveness and productivity in your team. It also ensures redundancies in personnel for key tasks, improving sick day productivity, and reducing the costs of turnover.

Improved customer retention Customers do not easily forgive failures or downtime, especially if they result in loss of sensitive data. Disaster recovery planning helps organizations meet and maintain a higher quality of service in every situation. Reducing the risks your customers face from data loss and downtime ensures they receive better service from you during and after a disaster, shoring up their loyalty.

Compliance Enterprise business users, financial markets, healthcare patients, and government entities, all rely on availability, uptime, and the disaster recovery plans of important organizations. These organizations in turn rely on their DRPs to stay compliant with industry regulations such as HIPAA and FINRA.

Scalability Planning disaster recovery allows businesses to identify innovative solutions to reduce the costs of archive maintenance, backups, and recovery. Cloud-based data storage and related technologies enhance and simplify the process and add flexibility and scalability.

The disaster recovery planning process can reduce the risk of human error, eliminate superfluous hardware, and streamline the entire IT process. In this way, the planning process itself becomes one of the advantages of disaster recovery planning, streamlining the business, and rendering it more profitable and resilient before anything ever goes wrong.

Ways to develop a disaster recovery plan

There are several steps in the development of a disaster recovery plan. Although these may vary somewhat based on the organization, here are the basic disaster recovery plan steps:

Risk assessment First, perform a risk assessment and business impact analysis (BIA) that addresses many potential disasters. Analyze each functional area of the organization to determine possible consequences from middle of the road scenarios to “worst-case” situations, such as total loss of the main building. Robust disaster recovery plans set goals by evaluating risks up front, as part of the larger business continuity plan, to allow critical business operations to continue for customers and users as IT addresses the event and its fallout.

Consider infrastructure and geographical risk factors in your risk analysis. For example, the ability of employees to access the data center in case of a natural disaster, whether or not you use cloud backup, and whether you have a single site or multiple sites are all relevant here. Be sure to include this information, even if you’re working from a sample disaster recovery plan.

Evaluate critical needs Next, establish priorities for operations and processing by evaluating the critical needs of each department. Prepare written agreements for selected alternatives, and include details specifying all special security procedures, availability, cost, duration, guarantee of compatibility, hours of operation, what constitutes an emergency, non-mainframe resource requirements, system testing, termination conditions, a procedure notifying users of system changes, personnel requirements, specs on required processing hardware and other equipment, a service extension negotiation process, and other contractual issues.

Set disaster recovery plan objectives Create a list of mission-critical operations to plan for business continuity, and then determine which data, applications, equipment, or user accesses are necessary to support those functions. Based on the cost of downtime, determine each function’s recovery time objective (RTO). This is the target amount of time in hours, minutes, or seconds an operation or application can be offline without an unacceptable business impact.

Determine the recovery point objective (RPO), or the point in time back to which you must recover the application. This is essentially the amount of data the organization can afford to lose.

Assess any service level agreements (SLAs) that your organization has promised to users, executives, or other stakeholders.

Collect data and create the written document Collect data for your plan using pre-formatted forms as needed. Data to collect in this stage may include:

  • lists (critical contact information list, backup employee position listing, master vendor list, master call list, notification checklist)
  • inventories (communications equipment, data center computer hardware, documentation, forms, insurance policies, microcomputer hardware and software, office equipment, off-site storage location equipment, workgroup hardware, etc.)
  • schedules for software and data files backup/retention
  • procedures for system restore/recovery
  • temporary disaster recovery locations
  • other documentation, inventories, lists, and materials

Organize and use the collected data in your written, documented plan.

Test and revise Next, develop criteria and procedures for testing the plan. This is essential to ensure the organization has adopted compatible, feasible backup procedures and facilities, and to identify areas that should be modified. It also allows the team to be trained, and proves the value of the DRP and ability of the organization to withstand disasters.

Finally, test the plan based on the criteria and procedures. Conduct an initial dry run or structured walk-through test and correct any problems, ideally outside normal operational hours. Types of business disaster recovery plan tests include: disaster recovery plan checklist tests, full interruption tests, parallel tests, and simulation tests.

The recovery point objective, or RPO, refers to how much data (in terms of the most recent changes) the company is willing to lose after a disaster occurs. For example, an RPO might be to lose no more than one hour of data, which means data backups must occur at least every hour to meet this objective.

The RPO answers this question: “How much data could be lost without significantly impacting the business?”

Example: If the RPO for a business is 20 hours and the last available good copy of data after an outage is 18 hours old, we are still within the RPO’s parameters.

In other words, the RTO answers the question: “How much time after notification of business process disruption should it take to recover?”

To compare RPO and RTO , consider that RPO means a variable amount of data that would need to be re-entered after a loss or would be lost altogether during network downtime. In contrast, RTO refers to how much real time can elapse before the disruption unacceptably impedes normal business operations.

It is important to expose the gap between actuals and objectives set forth in the disaster recovery plan. Only business disruption and disaster rehearsals can expose actuals—specifically Recovery Point Actual (RPA) and Recovery Time Actual (RTA). Refining these differences brings the plan up to speed.

Strategies and tools for a disaster recovery plan

The right strategies and tools help implement a disaster recovery plan.

Traditional on-premises recovery strategies The IT team should develop disaster recovery strategies for IT applications, systems, and data. This includes desktops, data, networks, connectivity, servers, wireless devices, and laptops. Identify IT resources that support time-sensitive business processes and functions so their recovery times match.

Information technology systems require connectivity, data, hardware, and software. The entire system may fail due to a single component, so recovery strategies should anticipate the loss of one or more of these system components:

  • Secure, climate-controlled computer room environment with backup power supply
  • Connectivity to a service provider
  • Hardware such as desktop and laptop computers, networks, wireless devices and peripherals, and servers
  • Software applications such as electronic mail, electronic data interchange, enterprise resource management, and office productivity

Data and restoration For business applications that cannot tolerate downtime, actual parallel computing, data mirroring, or multiple data center synchronization is possible yet costly. Other solutions for mission critical business applications and sensitive data include cloud backup and cloud-native disaster recovery, which reduce the need for expensive hardware and IT infrastructure.

Internal recovery strategies Some enterprises store data at multiple facilities and configure hardware to run similar applications from data center to data center when needed. Assuming off-site data backup or data mirroring are taking place, processing can continue and data can be restored at an alternate site under these circumstances. However, this is a costly solution, and one that demands an internal solution that is itself infallible.

Cloud-based disaster recovery strategies Cloud-based vendors offer Disaster recovery as a service (DRaaS), which are essentially “hot sites” for IT disaster recovery hosted in the cloud. DRaaS leverages the cloud to provide fully configured recovery sites that mirror the applications in the local data center. This allows users a more immediate response, allowing them the ability to recover critical applications in the cloud, keeping them ready for use at the time of a disaster.

Vendors can host and manage applications, data security services, and data streams, enabling access to information via web browser at the primary business site or other sites. These vendors can typically enhance cybersecurity because their ongoing monitoring for outages offers data filtering and detection of malware threats. If the vendor detects an outage at the client site, they hold all client data automatically until the system is restored. In this sense, the cloud is essential to security planning and disaster recovery.

Does Druva offer a cloud disaster recovery plan ?

With Druva’s cloud-native disaster recovery plan, workloads on-premises or in the cloud back up directly to the Druva Cloud Platform, built on AWS. This eliminates recovery complexities by enabling automated runbook execution and one-click disaster recovery. Druva’s cloud-native disaster recovery includes failover and failback, either back to on-premises systems or to any AWS region or account without hardware, a managed DR site, or excessive administration.

Watch the video below for a demo, and discover Druva's innovative one-click solutions for on-premises and cloud workloads on the disaster recovery page of the website .

Related Terms

Now that you’ve learned about the disaster recovery plan, brush up on these related terms with Druva’s glossary:

  • What is cyber resilience?
  • What is an RPO?
  • What is an RTO?
  • Generative AI
  • Business Operations
  • IT Leadership
  • Application Security
  • Business Continuity
  • Cloud Security
  • Critical Infrastructure
  • Identity and Access Management
  • Network Security
  • Physical Security
  • Risk Management
  • Security Infrastructure
  • Vulnerabilities
  • Software Development
  • Artificial Intelligence
  • United States
  • United Kingdom
  • Newsletters
  • Foundry Careers
  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Member Preferences
  • About AdChoices
  • E-commerce Links
  • Your California Privacy Rights

Our Network

  • Computerworld
  • Network World

Neal Weinberg

Business continuity and disaster recovery planning: The basics

Good business continuity plans will keep your company up and running through interruptions of any kind: power failures, IT system crashes, natural disasters, pandemics and more.

storm disaster recovery disruption rain umbrella tornado challenge weather

Editor’s note: This article, originally published on March 27, 2014, has been updated to more accurately reflect recent trends.

Wildfires in California. A snowstorm in Texas.  Windstorms across the Midwest. Floods in Hawaii. Hurricanes in Florida and Louisiana. Russian hackers and ransomware attacks. And let’s not forget the global pandemic.

If anyone still thinks that having a disaster recovery and business continuity plan isn’t a high priority, you haven’t been paying attention to recent events. As we begin to emerge from the COVID-19 pandemic, organizations are shifting to a new normal that will certainly be more remote, more digital and more cloud-based. Disaster recovery plans will have to evolve to keep up with these changing business conditions.

On top of that, business requirements for disaster recovery have changed dramatically. There was a time when it was acceptable for recovery time to be measured in days or hours. Now it’s minutes. In some cases, business units are demanding zero down time in the event of an unplanned outage.

Here are the basics of a state-of-the-art disaster recovery/business continuity (DR/BC) plan for 2021 and beyond. (Without getting too hung up on definitions, let’s say that disaster recovery is getting the IT infrastructure back up and running, while business continuity is a broader discipline that gets the business back up and functioning once the lights are back on.) 

Integrate cybersecurity, intrusion detection/response, disaster recovery into a comprehensive data protection plan

For CISOs, the first goal of a disaster recovery plan is to avoid the disaster in the first place, which is becoming increasingly challenging. First, data is no longer safely tucked away in an on-premises data center. It’s distributed across on-premises environments, hyperscale clouds, the edge and SaaS applications. ESG Research Senior Analyst Christophe Bertrand points out that SaaS presents a serious data protection and recovery challenge because “now you have mission critical applications running as a service that you have no control over.”

Second, the pandemic drove millions of employees out of the secure confines of the corporate office to their home offices, where the Wi-Fi is less secure and where employees might be sharing sensitive data on collaboration applications.

Third, hackers took notice of these expanding attack vectors and launched a barrage of new and more targeted ransomware attacks. According to the Sophos State of Ransomware 2020 Report, hackers have moved from spray-and-pray desktop attacks to server-based attacks. “These are highly targeted, sophisticated attacks that take more effort to deploy. However, they are typically far more deadly due to the higher value of assets encrypted and can cripple organizations with multi-million dollar ransom requests,” according to the report .

In response to these changing conditions, CISOs should focus on beefing up endpoint security for remote workers, deploying VPNs and encryption, protecting data at rest no matter where it lives, and also making sure that collaboration tools don’t become a source of security vulnerabilities.

Conduct a business impact analysis (BIA)

Organizations need to conduct a thorough business impact analysis to identify and evaluate potential effects of disasters through the lenses of financial fallout, regulatory compliance, legal liability, and employee safety. Gartner estimates that 70% of organizations are making disaster recovery decisions without any business-aligned data points or based on an outdated BIA. “Without the fact base the BIA provides, teams can only guess at the appropriate level of DR and what risks are tolerable. This results in overspend or unmet expectations,” according to Gartner.

Remember, you don’t need to protect everything. Organizations that conduct these exercises are often surprised to discover servers that do nothing but run a routine back-end business process once a month, or even once a year.

Organizations need to prioritize applications by their criticality to the business, and to identify all the dependencies associated with a business process, particularly applications that may have been virtualized across multiple physical servers, might be running in containers in the cloud, or in serverless cloud environments.

Classify data

Along the same lines, you don’t need to protect all data, just the data that you need to keep the business running. You do need to go through the process of locating, identifying, and classifying data. Be sure to protect data that falls under regulatory requirements, customer data, patient data, credit card data, intellectual property, private communications, etc. The good news is that tools can automate data identification and classification.

Consider disaster recovery as a service (DRaaS)

DRaaS is an increasingly popular option for CISOs at small- to mid-sized organizations who want to cost-effectively improve IT resilience, meet compliance or regulatory requirements, and address resource deficiencies. The DRaaS market is expected to grow at a rate of 12% a year over the next five years, according to Mordor Intelligence . DRaaS services cover the full gamut of disaster recovery and business continuity, providing flexibility and agility to enterprises, according to the Mordor report.

Gartner adds that as the DRaaS market has matured and vendor offerings have become more industrialized, the size and scope of DRaaS implementations have increased significantly, compared with a few years ago.

Develop a solid communication plan

Simply getting servers back up and running is essentially meaningless unless everyone knows their roles and responsibilities. Do people have the appropriate cell phone numbers and email addresses to share information? Do the relevant stakeholders have a playbook that spells out how to respond to a crisis in terms of contacting law enforcement, outside legal teams, utility companies, key technology and supply chain partners, senior leadership, the broader employee base, external PR teams, etc.?

Depending on the nature of the disaster, networking groups might need to establish new lines of connectivity for remote workers and reconfigure traffic flows; maintenance teams might need to perform remote troubleshooting, security teams might need to re-set firewalls, change access policies, extend security protection to new devices or to cloud-based resources. The biggest problem in a disaster isn’t related to data backups, it’s not having the right people in place and understanding all the steps required for the business to recover, says Bertrand.

Automate testing

To test disaster preparedness, companies traditionally conduct tabletop exercises in which key players physically come together to play out DR scenarios. However, only one-third of organizations perceive the exercises as “highly effective,”  according to a July study  by Osterman Research in association with Immersive Labs, a company that develops human-readiness skills in cybersecurity. The research also found that organizations don’t perform tabletop exercises often enough to keep up with evolving threats and that these exercises cost an average of $30,000. During the pandemic, it’s fair to assume that tabletop exercises fell by the wayside.

Doug Matthews, vice-president of enterprise data protection at Veritas, says there’s a better way. New tools can automatically test backup and recovery procedures on an ongoing basis and identify potential issues that need to be addressed. Modern testing solutions are also able to use sandboxing technology to create safe environments in which companies can test the recoverability of applications without impacting production networks.

Create immutable data backups

Ransomware attackers are targeting backup repositories, particularly in the cloud. They are also targeting SaaS applications. In response, organizations should keep one copy of data that can’t be altered. “Be sure that you have an immutable copy of backup data that nobody can touch,” advises Matthews, who says companies should have three copies of data at all times, not just two.

Companies should also investigate isolated recovery environments, such as air gapping, in which one copy of the data lives in an environment not connected to the production environment.

Consider data re-use

“Business is the data and data is the business,” says Bertrand. Once organizations have a copy of their important data sitting in a safe backup environment, why not think about ways to reuse it to advance the company’s digital transformation efforts.

The idea is for organizations to “understand what you have, where it is, how to protect it, store it and optimize it.”  Ultimately, Bertrand predicts that organizations will evolve an intelligent data strategy that encompasses regulatory compliance, disaster recovery/business continuity and data analytics.

Perform continuous updates

CISOs updating their DR/BC plans should take their cue from DevOps. It’s not about one-and-done, it’s about continuous improvement. DR planners need to be plugged into any changes at the company that might affect recoverability, including employees working from home permanently, stores or remote offices opening or closing, applications being replaced by SaaS, data moving to the edge, or DevOps moving to the cloud. Also, the technology is constantly improving, so be on the lookout for new tools that can help automate DR/BC processes. The plan should not be sitting on the shelf collecting dust. It should be updated on a regular basis.

Do long-term planning

In light of everything that has happened over the past 12 months, it’s a good time to shift thinking about DR/BC from reactive to proactive. Unfortunately, between public health emergencies, climate change and the increase in cyberattacks, disasters seem to be occurring more often and are certainly more devastating. DR/BC plans need to get ahead of the threats, not simply respond to them.

For example, if your company is in California, your DR/BC plan has to assume that there will be power outages from next season’s wildfires. Companies concerned about losing power when the next natural disaster hits might want to think about generating their own power from alternative sources.

A successful DR/BC plan requires that companies perform the basics, but it is also an opportunity for companies to find creative and innovative ways to keep the business running when disaster hits.

Related content

Google launches a slew of ai initiatives to enhance cybersecurity, top cybersecurity product news of the week, bigid adds access governance targeted at sensitive data and privileges, visibility, alarm fatigue top remediation concerns in cloud security, from our editors straight to your inbox.

Neal Weinberg

Neal Weinberg is a freelance technology writer and editor. He can be reached at [email protected] .

More from this author

Best and worst data breach responses highlight the do’s and don’ts of ir, pci dss 4.0 is coming: how to prepare for the looming changes to credit card payment rules, 13 traits of a security-conscious board of directors, consumers are done with passwords, ready for more innovative authentication, most popular authors.

disaster recovery planning for a company's computer system usually focuses on

  • Cynthia Brumfield Contributing Writer

disaster recovery planning for a company's computer system usually focuses on

Show me more

Attack campaign targeting azure environments compromised hundreds of accounts.

Image

Surge in "hunter-killer" malware poses significant challenge to security teams

Image

Software security debt piles up for organizations even as critical flaws drop

Image

CSO Executive Sessions Australia with Sunil Sale, CISO at MinterEllison

Image

CSO Executive Sessions Australia with Robbie Whittome, CISO at Curtin University

Image

CSO Executive Sessions / ASEAN: Cisco's Anthony Grieco on opportunities in Southeast Asia's cybersecurity landscape

Image

Reaping the Benefits of Security Metrics

Image

Don’t Lose Your Focus: It’s Not About the AI; It’s About the Data

Image

Preventing the Cracks from Becoming a Hole that Becomes a Crater

Image

Sponsored Links

  • Tomorrow’s cybersecurity success starts with next-level innovation today. Join the discussion now to sharpen your focus on risk and resilience.
  • Read this IDC spotlight to learn what commonly prevents value realization – and how to solve it
  • Want to justify your IT investments faster? IDC reports on how to measure business impact.

CrashPlan logo

  • Pricing Overview
  • CrashPlan Essential
  • CrashPlan Professional
  • CrashPlan Enterprise
  • CrashPlan for MSPs
  • Ransomware Recovery
  • Device Migration
  • Disaster Recovery
  • State and Local
  • Financial Services
  • Research & Development
  • Technology & Media
  • Business Services
  • Our Partners
  • Become a Reseller
  • Become an MSP Partner
  • Resources Overview

How to create a disaster recovery plan (DRP)

Disaster recovery planning

A disaster recovery plan (DRP) is a set of guidelines and procedures that ensure the availability of data and critical systems in the event of a disaster. Putting a DRP in place insulates your organization from negative consequences such as:

  • Data loss: Proper backups and a cybersecurity disaster recovery plan allows an organization to recover important data which would otherwise have been lost.
  • Business interruption: Quick recovery of critical systems and data can reduce downtime, and keep your business productive
  • Legal and regulatory compliance issues: Certain industries are subject to certain data regulations. A DRP helps avoid an accidental violation of regulations and their respective penalties.
  • Increased costs: Having a DRP can help lower costs for disaster recovery and keep insurance rates from growing.
  • Loss of customer trust: By protecting your customers’ sensitive data, you’ll help preserve trust and retain their business.

While very important, the process of creating a DRP shouldn’t be feared. That’s why we’ve prepared this step-by-step guide to help you create the plan that best suits your organization.

The Difference Between a Business Continuity Plan and a Disaster Recovery Plan

Although business continuity planning (BCP) and disaster recovery (DR) share similar objectives in enhancing an organization’s resiliency, they differ in terms of their scope. Business continuity is a proactive strategy that aims to reduce risks and maintain the ability of an organization to provide products and services, regardless of any disruptions. It primarily concentrates on methods to ensure that employees can continue their work and that the business can remain operational during a disaster event.

On the other hand, disaster recovery is a subset of business continuity that specifically deals with the IT systems essential for business continuity. It outlines the steps needed to restore technology operations after an incident occurs. It’s a reactive process that necessitates planning but is only activated when a disaster actually happens.

Essential Steps for Creating an Effective Disaster Recovery Plan

disaster recovery planning for a company's computer system usually focuses on

Here is an overview of disaster recovery planning steps.

Obtain Management Buy-In

The top management plays a key role in ensuring the success of the DRP. It allocates resources in the form of capital, human resources, time, and advisory support to the team charged with developing and implementing the plan. Therefore, management should be involved in the entire process. Before starting, ensure that the top management is on the same page and has given you the nod to continue with the plan. Address any concerns that the management team may have regarding the plan before getting started.

Create Your DRP Team

Put together a DRP team to oversee the development and actual implementation of your plan. Each member of the disaster recovery planning committee should play a specific role in the success of your plan. This ensures that the operations during a disaster are smooth and well coordinated. Here are the most critical roles on the team:

  • Disaster Recovery Team Lead: This person is responsible for the development and implementation of the DRP. They also coordinate the efforts of the other team members.
  • Unit Managers: They are accountable to management  for identifying the critical systems, processes, and data that are essential to their specific business unit and developing recovery procedures for those assets.
  • IT/IS Staff: They are responsible for the technical aspects of the DRP, including the creation and maintenance of backups, testing of recovery procedures, and coordination with vendors and other IT services.
  • Communication/Public Relations: They are responsible for developing and implementing communications procedures for use during a disaster and communicating with internal and external stakeholders (E.g. customers and media).
  • Employee or Human Resource Representatives: They are responsible for addressing the needs of employees during and after a disaster, including coordinating evacuation and providing support for employees affected by the disaster.
  • Legal and Regulatory Compliance Team: They are responsible for ensuring that the DRP is compliant with all relevant laws and regulations, as well as helping the organization avoid penalties and legal entanglements.
  • External vendors: They can provide important support, such as disaster recovery services, equipment rental, and other logistics. You should have their roles and contact information readily available and documented.

Complete a Risk Assessment

An effective Disaster Recovery Plan (DRP) is built on a thorough business impact and risk analysis that considers various likely disasters, such as technical, human-induced, and natural disasters.

The disaster recovery planning committee should analyze the potential risks and consequences of these disasters in each department in the organization. This process should consider all critical systems, processes, and data essential to the organization’s operations, as well as the potential consequences and negative impact of each disaster scenario on the organization’s overall performance.

Traditionally, fire has been a leading threat to organizations, but it is essential to also consider scenarios of human malicious destruction, such as cyber-attacks, sabotage, or terrorism, and plan accordingly. The DRP should also provide for the worst scenario, such as complete site destruction.

The committee should also evaluate the impacts of the loss of vital data. This could include, but is not limited to, data recovery costs, productivity loss, and reputational damage. Additionally, it should analyze the costs related to preventing data loss and creating a robust IT disaster recovery plan, including the costs of equipment, software, personnel, and external vendors.

It’s important to keep in mind that risk assessment and business impact analysis are ongoing processes that need to be regularly updated to reflect changes in the organization’s operations and threat environment. By assessing the potential risks and impacts of different disaster scenarios, organizations can better prepare for and respond to a disaster, minimize downtime, and mitigate consequences following an emergency.

Identify Critical Needs and Recovery Strategies

Organizations should evaluate the critical needs of each department to ensure continuity of operations in the event of a disaster. The evaluation should focus on several key areas, including operations, key departmental personnel, information, processing systems, service, documentation, vital records, and procedures. Analysis helps the organization determine how much time it can operate without any such systems.

Define what constitutes a department’s critical needs. These are essential procedures and equipment required for a department, server room, main facility, or all of these to continue operations in the event of a disruption such as destruction or inaccessibility. Document all departmental operations. Then, rank the operations and processes in terms of priority, with essential functions at the top, followed by important, then non-essential functions.

Once done, check the recovery options available for each of the assets. Prioritize the best options in terms of full recovery and speed, but have as many options at hand as possible. Here are some possible options:

  • Backup and recovery: This strategy involves regularly creating backups of important data and storing them in a secure location (hopefully geographically isolated from the source). In the event of data loss, the backup can be used to recover the lost data.
  • RAID recovery: involves using specialized software to reconstruct data from a RAID (redundant array of independent disks) system that has failed. This will be helpful for recovering from hardware failure associated with a server in your data center.
  • Cloud recovery: This is the use of cloud services to store and recover data. Be mindful of the way you leverage cloud/SaaS for data storage and possible gaps in usage and adoption within your organization.
  • Remote recovery: You use remote access technology to access and recover data from a remote data server. If you have a so-called “warm” or “hot” spare copy of your data for redundancy, you can leverage this for re-population of an impacted site instead of a backup.
  • Physical recovery: This involves repairing IT infrastructure after physical damage or replacing failed hardware in order to recover data.
  • Disk imaging: Here, you create a virtual copy of the entire storage space on a particular medium or just the used space. This can also be known as “full system” or “bare-metal” restoration. You restore the image after losing data.

The 321 backup strategy is a widely accepted best practice for data backup and recovery. It involves creating three copies of important data, storing them on two different types of media, and keeping one copy offsite. This strategy helps protect against data loss due to a variety of potential issues, such as hardware failure, natural disasters, or cyber-attacks. The three copies of the data provide redundancy, while the use of multiple types of media and offsite storage helps to protect against data loss from more complex incidents (such as a natural or site disaster).

disaster recovery planning for a company's computer system usually focuses on

Collect Data and Document Your Disaster Recovery Plan

Here are some common types of data to gather:

  • Critical telephone numbers
  • Listing for backup positions
  • Communications inventory
  • Equipment inventory
  • Software and data file backup and retention schedules
  • Primary calling list
  • Vendor list
  • Main computer hardware inventory
  • Microcomputer software and hardware inventory
  • Telephone inventory
  • Forms inventory
  • Insurance policy inventory
  • Office supply inventory
  • Distribution register
  • Documentation inventory
  • Notification checklist
  • Offsite storage location inventory
  • Temporary location details

Write a plan detailing all procedures to use before and after a data disaster. The written plan should also include procedures for updating the plan to reflect any changes in important areas it covers. Be as specific as possible. Do not assume the person or people deploying the plan have your same level of knowledge. For example, “migrate system to new network segment” may not be enough information.

Structure the disaster recovery plan with team members. Assign specific responsibilities to each department in the organization. You should have someone responsible for facilities, logistics, administrative functions, user support, restoration, computer backup, and any other essential area in the organization.

Test and Revise

There are several ways to test a DRP:

  • Conduct a tabletop exercise in which key personnel simulate a disaster scenario and work through the procedures outlined in the plan.
  • Conduct a full-scale test in which the procedures are actually executed in a controlled environment.
  • Perform regular reviews and updates of the plan to ensure that it takes into account any changes in the organization’s systems or operations.

A regular testing process should be established to determine the effectiveness of the DR plan and identify areas for improvement. Address any issues identified during testing during the revision. Check if the issues have been resolved in your next test cycle. Remember, testing and revising is a continuous process that should occur regularly.

Maintain an Updated DRP

Keeping a disaster recovery plan up to date is critical for effective disaster response and recovery. An updated DRP should consider changes in the organization’s systems or operations. This includes new technologies, business processes, software and hardware assets, personnel or organizational structure changes, and any other changes that may impact the organization’s ability to recover from a disaster.

Regular reviews and updates to the DRP help ensure that it remains current and relevant and that the organization is prepared to respond to and recover from a wide range of potential disasters. It should be reviewed at regular intervals, such as once a year, or more frequently if there are significant changes to the organization.

During the review process, assess the effectiveness of the plan, identify areas for improvement, and update the procedures and strategies as necessary. This may include updating contact lists, reviewing recovery time objectives, conducting additional testing of the plan, and also updating the backup solutions, and testing the data recovery.

It is also important to keep staff informed and educated about the changes to the plan so that they are prepared to respond quickly and effectively in a disaster.

Start now with CrashPlan

An effective disaster recovery plan can make or break your organization. It’s your perfect ally when an unexpected threat becomes a reality and interrupts your operations. Don’t wait until you actually need it and start putting together your set of tools to help in data loss protection and recovery, minimizing downtime and associated losses in the meantime.

That’s where we come in. CrashPlan offers the protection you need to keep your critical information safe. Reduce your operational interruptions and the costs of pulling through a disaster with cost-effective automatic cloud backup. No matter how many devices your DRP covers, we can have options tailor made for your team.

CrashPlan is the endpoint cloud backup solution for you. We have the expertise and tools to cater to any data backup requirements. Contact us today for a consultation.

folder in the center connected to other files

9 Point disaster recovery plan checklist

Report icon

Business continuity vs disaster recovery: The difference explained

Cybersecurity: disaster recovery planning to protect your business from ransomware.

A background that says: What is a disaster recovery plan

The complete guide to disaster recovery planning (DRP)

CrashPlan logo

CrashPlan® provides peace of mind through secure, scalable, and straightforward endpoint data backup. We help organizations recover from any worst-case scenario, whether it is a disaster, simple human error, a stolen laptop, ransomware or an as-of-yet undiscovered calamity.

  • Become a Partner

© 2023 CrashPlan® All rights reserved.

Privacy | Terms & Conditions | Applicant Privacy Statement | Cookie Notice | Security Compliance | Free Trial | Sitemap

  • Request a Call
  • [[!getUserAuthorized? &chunkTrue=`user-authorized-block-new` &chunkFalse=`user-unauthorized-block-new`]]
  • What is Hyperconvergence?
  • What is Software-Defined Storage?
  • What is All-Flash Exactly?
  • Why Hyperconvergence?
  • Why Software-Defined Storage?
  • Why All-Flash Exactly?
  • Virtual SAN (VSAN)
  • Virtual HCI Appliance (VHCA)
  • SAN & NAS
  • Virtual Tape Library (VTL)
  • NVMe-oF Initiator
  • V2V Converter
  • SAN & NAS Free
  • NVMe-oF Initiator Free
  • StarWind iSCSI Accelerator
  • Deduplication Analyzer
  • P2V Migrator
  • Tape Redirector
  • RDMA Performance Benchmark
  • HCI Appliance (HCA)
  • Backup Appliance
  • Storage Appliance
  • HCA for Video Surveillance
  • VTL Appliance
  • IT & Services
  • Military & Law Enforcement
  • Maritime & Marine
  • Oil & Gas
  • White Papers
  • Success Stories
  • Technical Papers
  • Best Practices
  • Release Notes
  • Support Forum
  • Product Lifecycle
  • System Requirements
  • Product Security
  • StarWind FAQ
  • Knowledge Base
  • StarWind VSAN Help
  • StarWind V2V Help
  • OEM Solutions
  • Become a Reseller
  • Find a Reseller
  • Press Releases
  • Product Reviews
  • Certifications
  • Our Customers
  • [[*id:eq=`2845`:then=``:else=` Request demo `]]
  • Request demo

What is Disaster Recovery (DR)?

disaster recovery planning for a company's computer system usually focuses on

  • October 31, 2023
  • 21 min read

disaster recovery planning for a company's computer system usually focuses on

Disaster recovery is a set of tools, policies, and procedures that organizations put into place to ensure the restoration or continuation of IT infrastructure operations in case of natural or man-made disasters. This process involves the planning, testing, and implementation of strategies to ensure that data loss and downtime in the event of a crisis are kept at a minimum. Disaster recovery is a critical aspect of business continuity, which ensures that all departments of an organization maintain and seamlessly resume function after equipment failure, cyberattacks and other disasters.

Why is disaster recovery important?

An important consideration for all recovery solutions is not just the depth and completeness of your backup but the speed at which you can restore the data. Every second your IT infrastructure is down, money is lost. So, let’s check out some key reasons why disaster recovery is important:

Business Continuity – In the face of a crisis, disaster recovery minimizes the impact of disruptions and data loss, which may affect the reputation and revenue of a business. Organizations will be unable to deliver their goods and services to clients in case of damage to IT systems and data. With a well put-in-place disaster recovery plan,

Data Protection – Organizations often manage vast amounts of sensitive and critical data, especially those in the finance and healthcare industries. Protecting sensitive information from lingering threats is of utmost importance to businesses. A disaster recovery plan helps to protect IT systems and data from cyberattacks and sabotage, as well as implement better security measures to prevent unauthorized access.

Legal and Regulatory Compliance – Many businesses, especially in the healthcare, financial, government, and manufacturing sectors, are governed by mandates that require them to have a certain level of recovery and data protection capabilities. Implementing a disaster recovery plan will help the organization adhere to these mandates, ensure compliance and avoid penalties.

Competitive Advantage – Every second that your business’ servers are up and running while the competition’s servers are down gives you a competitive advantage. It shows that your organization is reliable and capable of maintaining services even in times of disaster.

How disaster recovery works?

Disaster recovery operates through a well-structured plan which is designed to restore and maintain critical business functions shortly after a disaster strikes. Here is a step-by-step explanation of how disaster recovery typically works:

Preventive – Ensuring the disaster does not occur is the first step to a solid disaster recovery plan. It involves using tools and techniques to monitor IT infrastructure for signs of failing components or loopholes.

Activation of the Disaster Recovery Plan – If the disaster does strike, the business needs to be able to identify the incident and its potential impact on the organization’s operations. This also involves informing the relevant teams about the disaster and activating the disaster recovery plan.

Assessment and response – It is important to first evaluate the extent of the damage to accurately respond to the impact of a disaster on your IT systems and data. So, perform a business impact analysis to identify the critical processes that are affected and estimate the potential downtime and loss.

Now, with knowledge of what damage has been done and to what extent, your team can initiate the management of the immediate effects of the disaster. Also, communication with employees, partners, and customers on the status of the disaster is equally important.

Recovery and restoration – Now, the recovery procedures should be initiated based on the strategies outlined in the recovery plan. Also, establish the recovery objectives and metrics, such as the recovery point objective (RPO), which defines how much data can be lost, and the recovery time objective (RTO), which defines how fast the recovery should be.

After data recovery, you need to start gradually restoring other systems, apps, and data based on their priority level defined in the recovery plan. This usually involves restoring data from backups or switching to a secondary site. Furthermore, it is vital to make sure that the data is synchronized across all systems in your organization to maintain integrity and consistency.

Testing – To ensure that your organization’s restored systems are stable and functioning correctly, it is important to constantly perform testing and monitoring. With the test results, the recovery team can make necessary adjustments.

Transition to normal operations – Your business operations cannot run on backup and critical systems forever. So, once you have ensured everything is restored and stable, transition back to normal operations.

What are the types of disaster recovery?

The type of disaster recovery used by an organization depends on its IT infrastructure, disaster recovery strategies, and assets it needs to protect. Here are some of the most common types of disaster recovery methodologies:

Data backups – This method involves creating a copy of data and storing it in another location. Most companies use a cloud to store their backup data. That’s why nowadays, you have services like Backup as a service (BaaS) or Disaster recovery as a service (DRaaS). The backup data can be used to restore the original files in a disaster.

Replication – Here, a replica or duplicate of the data is created in real-time to another system or site, such as a cloud, server, or cluster. The replicated data and systems can be used to switch to a secondary site or platform in case of a disaster.

Point-in-time snapshots – The point-in-time snapshots work by making replicas of your data or system at a specific time. It is the same concept as a “time machine” in Macs or Windows computers. These images can be used to restore your systems as long as their location is not damaged during the disaster. The downside to this method is that the snapshots are taken at intervals. So, some data may be lost depending on when the image was taken and when the disaster occurred.

Virtual DR – This disaster recovery methodology uses virtualization technology to enhance the disaster recovery capabilities of a business. Basically, it involves replicating your data or entire IT infrastructure and running it on offsite virtual machines. This ensures data integrity and continuity in the event of a disaster.

5 key components of an effective disaster recovery plan

Disaster recovery team

These are the specialists responsible for initiating and managing the disaster recovery plan. Every member of the team has a specific role in the process and ensures that the process goes smoothly to completion.

Risk assessment

It is very critical to make a pre-assessment of the kind of crisis that can put your IT infrastructure at risk and make a disaster recovery plan for all the scenarios.

Also, if the disaster has already occurred, make a detailed assessment of the damage that has been done and its impact on your business and customers. Furthermore, proper documentation must be done to note which systems are critical for business continuity and then activate the plan to recover them.

Data backup and recovery

Now, you need to identify the data and systems that need to be backed up or moved to an offsite location and at what intervals. Also, it is important to specify the maximum amount of time systems can be down before recovery. The disaster recovery strategy needs to emphasize the data backup solutions to be implemented, which facilitate the seamless restoration of systems.

Disaster recovery site

Establish an offsite location where data backups are stored, and critical systems can be restored and operated when disaster strikes.

Testing and drills

Your disaster recovery team should constantly drill, test, and update the plan to address ever-evolving business needs and threats. This way, they can simulate the best- and worst-case scenarios and see how well the business is prepared for those events.

RTO and RPO in disaster recovery strategy

RTO and RPO are two important metrics in every disaster recovery strategy and should include details of backup operations, emergency response requirements, and recovery steps.

The recovery time objective is the maximum length of time IT systems in your organization can be offline without a significant impact on your business flow. For example, some business apps can be down for hours, while critical IT systems should not be offline for even minutes. With RTO, your business is able to identify and set a time frame to recover critical systems.

The recovery point objective represents the maximum amount of data loss your business can tolerate in a disaster. So, in this case, the age and importance of files are taken into consideration.

The importance of RTO and RPO is pronounced when performing business impact analysis and risk assessment for potential crises. They try to expose the consequences of any risks so that the business can be prepared to face the impact with confidence.

How can StarWind help with disaster recovery?

StarWind offers business solutions such as Backup Appliance (BA), SAN & NAS with hardened repo StarWind vSAN and Virtual Tape Library (VTL), which helps with data backup and disaster recovery.

With the new Backup Appliance , StarWind now offers support for companies that want to benefit from near-instantaneous backup and recovery. The fast NVMe storage backend tool ensures significantly shorter backup windows that do not interfere with or interfere with other processes. This eliminates the need for time-consuming planning of backup windows.

Also, StarWind SAN & NAS as a hardened backup repository for Veeam Backup & Replication (B&R) is a super easy and efficient way to keep your data safe. The process of setting it up is easy and straightforward. With the help of our management tools and wizards, you can have a secure and reliable backup solution up and running in no time.

StarWind VTL helps businesses move beyond their costly physical tape backup processes without sacrificing regulatory data archival and retention requirements thanks to on-premises Virtual Tape Libraries with cloud and object storage tiering. Protect your backups from ransomware by keeping them on virtual tapes.

Furthermore, StarWind ensures customer’s business continuity by providing an infrastructure (HCI) to run the mission-critical applications with maximum performance and uptime.

Disaster recovery use cases

Your data recovery plan will prove to be useful in more ways than one. Here are some common use cases:

Business continuity – A good DR strategy ensures that your critical IT systems continue running even in the event of a disaster, and the business can return to full functionality in no time without losing much data.

Maintain competitiveness – One of the things customers hate the most is not having access to services or products. This can cause client attrition to your competitors. A good DR strategy prevents this.

Prevent data loss – One of the main reasons for disaster recovery is to prevent data loss. In case of disaster, a good DR plan keeps data loss at a minimum.

What is the difference between Disaster Recovery and Business Continuity?

On the surface, DR and business continuity are often used together and even interchangeably, but fundamentally, they are different. While their common goal is to ensure a business’ resilience, they are different in terms of scope.

Business continuity (BC) is the umbrella term that refers to an organization’s ability to continue delivering its products and services during a crisis. On the other hand, disaster recovery is a subset of BC that is limited to IT systems recovery after a disaster.

How to build a disaster recovery team?

Building a disaster recovery team encompasses assembling the right experts who are responsible for putting together solutions that ensure the following:

  • Crisis management
  • Business continuity
  • Impact assessment and recovery

What are the three types of disaster recovery sites?

Cold computing sites – These are the most basic types of disaster recovery sites that function only to provide power, cooling, and networking capabilities.

Warm computing sites – It has all the capabilities of a cold site in addition to storage hardware such as servers, drives, and switches.

Hot computing sites – These are fully functional data recovery sites that already have backup data in them.

This material has been prepared in collaboration with  Asah Syxtus Mbuo , Technical Writer at StarWind.

Related materials:

  • What are backups?
  • What is Business Continuity?

Dmytro Malynka

  • Contact sales

Start free trial

How to Make an IT Disaster Recovery Plan

ProjectManager

Organizations across industries build IT infrastructures to store, manage and transfer data for a wide variety of reasons, such as business planning, financial forecasting, operations management or customer relationship management.

In simple terms, data is what helps businesses measure their success, improve their productivity, plan for the future and manage their day-to-day operations. For this reason, any IT risk that causes a data loss or a major disruption in their IT infrastructure is considered a disaster.

Data is more fragile than we think. It can be corrupted, hacked, stolen or accidentally deleted; it can be destroyed by power outages, water damage or earthquakes. There’s so much that might go wrong that, if you don’t have an IT disaster recovery plan in place, the damage could be irreparable. Action must be taken immediately.

What Is Disaster Recovery?

The term disaster recovery refers to the strategies, tools, processes and guidelines that are used to restore normal functioning of the IT infrastructure of an organization after an IT disaster occurs. These disaster recovery elements are usually described in an IT disaster recovery plan.

What Is an IT Disaster Recovery Plan?

An IT disaster recovery plan is exactly what it sounds like—a plan to respond when something dire happens to your IT system. It’s made up of policies and procedures and notes the tools necessary to enact the plan and save or recover the technology infrastructure, systems and data of your IT program.

When formulating disaster recovery, it’s assumed that the main area where your IT is located isn’t salvageable, at least not immediately; therefore, the plan speaks to the process of restoring data and services to another IT site that is workable. The site of the original incident is not of primary concern.

Organizations are encouraged to have a holistic pre-disaster plan as it saves money in the long run. It’s believed that for every dollar spent beforehand, you save four times as much if you respond after the event. So consider planning tools and fail-safe investments.

disaster recovery planning for a company's computer system usually focuses on

What Are the Most Common Causes of IT Disasters?

There are a variety of IT risks that might affect the IT infrastructure of an organization. Here are some of the most common ones.

  • Natural disasters: There are major natural disasters such as earthquakes, fires or floods that can affect physical IT assets such as servers or hardware.
  • Power outages: Most IT assets depend on the availability of power. Major power outages might result in loss of data or IT services outages.
  • Cyber attacks: Data breaches, malware, and other criminal activity that affect the integrity of an IT infrastructure.
  • Pandemics & epidemics: These external events affect the human resources which are key to the IT operations of a business.
  • Man-made disasters: IT assets can be stolen or damaged by people. Similarly, there’s the risk of human error that can cause data loss.

What Should Be Included In a Disaster Recovery Plan?

We sometimes can stop disasters from happening, but we can certainly plan for recovery. Just like any project plan , an IT disaster recovery plan is made up of pieces.

Recovery Point Objective (RPO)

The term recovery point objective refers to the amount of data that a business is willing to lose with respect to the last backup. It’s important to define what the RPO for your organization is to establish the frequency of data backup, which could be from hours to days. The RPO should be defined and recurrent backups should be performed before a disaster event, so when disaster happens, the RPO will be met.

Recovery Time Objective (RTO)

The recovery time objective is the time limit that an organization establishes for an IT infrastructure downtime. Like RPO, it is a key objective for any disaster plan, as these two goals determine the level of effort , resources and budget that will be needed for the disaster recovery plan.

Disaster Recovery Site

A recovery site is a remote location that backs up the data from your original IT infrastructure and replicates its functioning. If a disaster event occurs, you can resume the IT operations of your organization by switching to the disaster recovery site.

There are different types of disaster recovery sites known as cold, warm and hot recovery sites. The difference between them is the capabilities that they offer, with cold sites being a limited recovery site that provides power, networking and cooling to hot recovery sites that are a mirror version of the original IT infrastructure.

Like any project or plan, an IT disaster recovery plan needs resources like the people who will execute the tasks that are needed to bring your IT operations back on track. It’s important to describe the roles and responsibilities of your team in the case of a disaster.

IT Asset Inventory

An effective disaster recovery plan should include an inventory of all the IT assets that are needed to run your IT operations such as software, hardware, cloud or Internet of Things (IoT) assets.

Data Backup Plan

A data backup plan explains how data will be backed up and how often. A data backup plan should include details such as the exact process for data backup such as a point-in-time snapshot, and whether the data backup will be carried out by the organization using its own infrastructure or using a third-party backup service (BaaS), among other important details to understand how data backup will be carried out.

Restoration Procedures

Besides backing up data, a disaster recovery plan should include a contingency plan to respond to the various causes of IT disasters. For example, a disaster recovery plan should describe the actions that should be taken after a cybersecurity attack, or a natural disaster that compromises the servers.

Types of Disaster Recovery Plans

Once you have a solid IT disaster recovery plan, you’ll need tools and solutions to implement it. Here are the most commonly used IT disaster recovery tools and solutions.

  • Virtualized disaster recovery plan: This is a type of disaster recovery plan that relies on the use of offsite virtual machines (VM) that allow the creation of a replica of an IT infrastructure. Virtual machines are ideal for organizations with strict RTOs and RPOs as they allow for quick recovery and constant data backup.
  • Network disaster recovery plan: There are some organizations that rely on network IT assets such as routers, wireless access points, hosts and servers. A network disaster recovery plan focuses on the activities that are needed to restore such assets, or alternatives to be used to mitigate the impact of their downtime.
  • Cloud disaster recovery plan: Instead of using a disaster recovery site, a cloud disaster recovery plan consists of backing up data using cloud services . While it requires a third party to be involved, it’s usually a more cost-effective solution.

Why Is It Important to Create a Disaster Recovery Plan in IT?

As we move deeper into a digital world, the need for IT systems has become more pronounced. Just over the last few decades, there’s been a huge migration from analog to digital. The advantages have been detailed, but the IT management risks are not always self-evident as people uncritically embrace the new.

We put a lot of faith into our technology, but the truth is that our tech isn’t infallible. They break and fail all the time. The more we place our well-being, and that of our businesses, on their backs without safeguards, the more we’re asking for trouble.

There’s almost a religious zeal when talking about technology and how it’s the cure to all our ails. If only we could remove the human component, machines would usher us into a new age. This magical thinking is dangerous. It romanticizes technology and denies the fact that machines and software are not perfect. They make mistakes, so we have to have a contingency plan .

Business Consequences

While we can control our corporate attitude towards the technology that helps us do our business, the minds of our customers are not as malleable. They expect products and services to be perfect. They don’t want to see how the sausage is made. Therefore, knowing technology can crash, companies need to have an IT disaster plan to keep delivery to their customer base uninterrupted.

This again speaks to the bottom line. If a technological issue occurs, it’s likely to result in the loss of some customers. That might not seem too high a price to pay, but retaining customers isn’t so easy, and rebuilding trust is an uphill battle. Therefore, an IT contingency plan will protect you from having the damage bleed out to customers.

Outside of your customers, losing your data impacts the productivity of your employees. The instability resulting from an IT disaster has ramifications beyond hardware and software. It leads to lost revenue and a damaged reputation on top of the loss of data.

When creating the plan, take these things into consideration.

  • Have emergency contacts for staff and external contacts, including developing a notification network to reach out effectively.
  • Try and figure out what the scope of the recovery will be.
  • Get a disaster recovery team and note each member’s responsibilities. This will include having a team leader and a management team responsible for the process.
  • Enable the recovery and continuation of critical technology, infrastructure and systems.
  • Focus on the information and/or technology systems supporting critical business continuity.
  • Keep all essential business aspects functioning despite significant disruptive events.
  • It’s considered a subset of a business continuity plan .

Free Templates That Can Help With IT Contingency Planning

Building an IT disaster recovery plan is a big endeavor. There’s a lot to take into account and track. To help you get a foothold, ProjectManager has dozens of free project management templates , including some that are designed for just this purpose.

IT Risk Assessment Template

Knowing what might happen will inform your plan when responding to IT damage. If you can identify risk to your IT, then you can preemptively plan and assign a team member to lead the initiative. The free IT risk assessment template collects all the data you’ll need to note how the risk can impact your IT and how to potentially control it.

Issue Tracking Template

Trouble usually doesn’t come alone. As you’re working through recovering data and repairing damaged hardware, you’ll need a structure to track the identification and resolution of these issues. The free issue tracking template gives you a space to describe the issue and what its impact is. Then you can set the priority, date it and assign a team member to own the issue and manage its resolution.

Lessons Learned Template

Because an IT disaster recovery plan is a living document, you want to revisit it and revise it with some regularity. That’s often after testing has uncovered some issues you hadn’t thought of or in the aftermath of a real disaster. Either way, our free lessons learned template is a great tool to gather up what you’ve discovered. Be sure to bring your whole team into the proceedings. The more perspectives, the more insights.

How ProjectManager Can Help With an IT Disaster Recovery Plan

Templates are great, but they’re limited. They’re just documents and lack the dynamism you need to plan your IT disaster recovery. ProjectManager is an award-winning project management tool that helps you to organize your plan and recovery.

Robust Security

Rather than respond to a problem, you’d prefer to avoid them. We have IT project management security features that restrict who can do what when they’re in the software. You can assign only who you want with administrative duties. Others can be onboarded, but only have defined privileges.

ProjectManager's security settings

Timelines & Schedules

Building a plan requires organizing tasks over a timeline. It can get complicated. But we make scheduling your plan simple with an online Gantt chart that lists every task in your plan and sets the duration for each, so they can then populate a project timeline. If you have tasks that can’t start or end until another starts or ends, just link the task dependencies to avoid bottlenecks later on.

disaster recovery planning for a company's computer system usually focuses on

Live Tracking

Monitoring your plan as it’s executed to make sure that your IT is recovered and your systems are back on as quickly as possible, is how you keep on track. Our real-time dashboard monitors your recovery plan automatically and creates graphs and charts to keep you updated on task status, variance and much more.

disaster recovery planning for a company's computer system usually focuses on

ProjectManager is an online tool that helps you build plans to recover IT and monitor the process in real time. Our features help you control every phase of your IT contingency plan. See why thousands of teams use our software to stay ahead of problems by taking this free 30-day trial.

Click here to browse ProjectManager's free templates

Deliver your projects on time and under budget

Start planning your projects.

You are using an outdated browser. Please upgrade your browser or activate Google Chrome Frame to improve your experience.

disaster recovery planning for a company's computer system usually focuses on

A Guide to IT Disaster Recovery

Guide to IT disaster recovery

Emergencies are unpredictable, but that doesn’t mean we can’t prepare for them. Their unpredictability is the main reason we must have assurance against bad outcomes. Emergency management mitigates the overall impact of a disaster, however drastic.

When you apply this to a business structure, it can be the difference between struggling through setbacks or making a speedy recovery. Business continuity, or the ability of your company to continue despite exposure to threats, relies heavily on your level of disaster preparedness.

Your organization should make intentional decisions about how it will survive in times of uncertainty. Once critical systems fail, this jeopardizes your client’s trust in your product. Your business will also struggle to recover from the setback, if it does at all.

Therefore, businesses need to create both prevention and recovery plans. These procedures include keeping the business operational during the disaster itself. As companies today depend more and more on technology in their everyday transactions, involving information technology in this plan is crucial.

disaster recovery planning for a company's computer system usually focuses on

What Is an IT Disaster Recovery Plan?

An IT disaster recovery plan is a documented methodical proposal for managing situations that occur in the event of natural or human-made disasters. The steps of a disaster recovery plan typically revolve around taking  actions that help a business resume operations  as quickly as possible. Business continuity systems stress the importance of a disaster recovery plan.

Such a method is fundamental to preventing or alleviating data loss and recovering systems. Therefore, disaster recovery plans must be developed in conjunction with business continuity systems.

Most or all businesses rely on technology for almost every operational process. Companies use technology like Voice over Internet Protocol (VoIP) and email every day to communicate effectively. Additionally, some organizations use electronic data interchange (EDI) to make electronic transactions — like invoices and payments — between partners.

Businesses implement servers that are capable of storing large amounts of data through the cloud or housing them physically to hold their most vital information and run processes efficiently. Laptop or desktop computers are also essential for most office spaces.

This technology may extend outside the office into wireless devices. But depending on the technology your business uses and the details of the disaster, your network could still be compromised. This issue is why the very first step in developing an IT disaster recovery plan should be identifying vulnerabilities and risks, as well as setting objectives for recovery.

disaster recovery planning for a company's computer system usually focuses on

Business Impact Analysis

Companies develop a business impact analysis to identify vulnerabilities and their effects. This analysis is another structured procedure for evaluating how a potential disaster will affect integral business processes. A business impact analysis, along with an IT disaster recovery plan, falls under the category of a business continuity plan. The evaluation works with the presumption that not all processes are critical — thus, it’s suitable to focus more attention on the most significant ones.

For example, a power supply failure in the coffee and lounge room of a company will not be as dire of a situation as the breakdown of the business’s information technology systems. Based on this analysis, companies can streamline decision-making by allocating the better part of funding and resources to their more crucial components.

Conducting a business impact analysis consists of gathering and evaluating data, preparing a report of your observations and presenting your research to the corresponding management team. Your business can decide to hire a third-party company to manage and collect information. The business impact analysis usually includes a survey or questionnaire to assess and identify the essential business operations that need preservation in the case of a disruption.

Once the business impact analysis is presented and closely scrutinized, several things need to be taken into account. Companies must consider the impact of revenue streams, market shares and public image, among other things.

disaster recovery planning for a company's computer system usually focuses on

Risk Assessment

Risk assessment is another major element of a disaster recovery plan. Also called a risk analysis, this assessment concentrates less on the loss of business and more on identifying the actual risks that might lead to that effect. Through risk analysis, organizations hope to mitigate these unfavorable effects when they do occur. A risk analysis must theorize the probability of an oncoming disaster as well as the potential harm a failure can bring.

Risk assessments have several important uses. Their primary purpose is to prepare and lessen the results of an adverse event. Secondly, they aid in evaluating whether the risks of any project are balanced by its advantages. Businesses must ask if a project is beneficial to the extent that the pros outweigh the cons in risky project development. Risk analyses also plan what happens if there is a software or hardware failure, even if the cause isn’t natural.

Risk assessments are imperative in the recovery process. During the analysis, businesses must quantify how the aftermath of such a failure will change the company’s future — this means preparing for when new competitors gain popularity in the industry or when governments place legal restrictions on the market, for example.

Like the business impact analysis, a risk assessment will typically begin with a survey asking for collective inputs about potential risks and threats. Next, the evaluation identifies and analyzes risks. The analysis involves figuring the likelihood of a risk and its outcome. The final steps begin with developing and implementing a risk management plan — this policy should take specific measures to eliminate or reduce risk.

Finally, your business should keep a close eye on the risks identified and classify future risks that arise.

disaster recovery planning for a company's computer system usually focuses on

How Does Disaster Recovery Work?

Disaster recovery itself needs to heed the groundwork of both the business impact analysis and the risk assessment. At the same time, an IT disaster recovery plan accounts for the specific risks and impacts related to the business’s IT structure. Recovery policies should anticipate the loss of any technological frameworks.

Computer environments, hardware, service connectivity, software and data stores should all be taken into consideration. For these frameworks, disasters and failures of several varieties can occur, including application, communication, data center, building, campus, citywide, regional, national or international.

disaster recovery planning for a company's computer system usually focuses on

Disaster Recovery Plan Objectives

Two principal models account for the disaster recovery plan objectives. These objectives ensure a well-ordered system for disaster preparation. They emphasize a business’s initiative in preparing for the worst, ultimately diminishing the damage that would occur if not for strategic planning. The two main disaster recovery plan objectives are:

  • Recovery time objective: Recovery time objective (RTO) refers to the amount of downtime a business can tolerate if a system fails. You can measure this duration in hours, minutes or seconds. As downtime disrupts critical operations, it can affect a business’s revenue and reputation. In 2019,  25 percent of companies worldwide  reported that an hour of downtime cost them between $301,000 and $400,000. This objective is determined by the particular equipment vulnerable to failure and the redundancies set aside for them.
  • Recovery point objective: Recovery point objective (RPO) is a measure of the age of recovered files. When a system fails, system administrators must recover records from backup storage. Though businesses should strive to back up their data frequently, it’s unlikely your business will have backed up its data without having prior knowledge of an upcoming disaster. For that reason, files will be at least a little bit aged.

RPO is expressed backward from the point of failure, as in five days ago or 24 hours ago, for instance. After your business designates an RPO, you’ll need to schedule backups around it. That means if your business’s RPO is 120 hours, you’ll need to back up the system every 120 hours.

Objectives are not the only elements of how disaster recovery works. Alongside a disaster recovery plan is a disaster recovery strategy. The key difference between the two is that a recovery strategy defines in general terms what businesses should do in response to an incident. A recovery plan describes how exactly this plan is executed. Recovery plans build upon the foundation of recovery strategies.

disaster recovery planning for a company's computer system usually focuses on

What Is a Disaster Recovery Strategy?

Recovery strategies must recognize the many factors that go into the restoration process. These include budget, insurance, technology, data, suppliers, compliance requirements, employees and physical facilities. The appropriate management team should approve recovery strategies, so the organization can take a position on the associated risks. The recovery strategy needs to be in line with your company’s goals. Similar to business impact analyses, a recovery strategy can be internal or vendor-supported.

For backup purposes, an internal recovery strategy might be holding business hardware in multiple locations. The data at each location, including the principal source, should be replicas of one another. This way, there won’t be any complications restoring backups. A vendor-supported recovery might rely on hot sites or fully functional third-party data centers. These sources often possess unique equipment that can salvage or store resources once a disaster strikes. Vendors can also host data streams, data security services and applications.

You can access the information stored by vendors via the internet on an internal or external website. The vendor can hold data automatically once an outage occurs. They will store this information until you can adequately restore your system. Vendors sometimes offer data filtering and malware detection as well.

What Is a Disaster Recovery Plan?

A disaster recovery plan should be customized depending on the environment that would need restoration when a disaster occurs. Given the range of modern technology, there is a diverse range of recovery plans you can arrange, including:

  • Data centers: This plan should detail how to recover technological infrastructure, namely data centers. Since data centers manage major business information, the risk assessment should play a pivotal part in this plan. Organizations need to consider geographical location, power supply, security enforcements and office space.
  • Network: Network disaster recovery plans are just as elaborate as those of data centers, if not more. A business’s network can consist of various features and interconnections. This plan is best organized with the help of professional IT staff. Because of its complexity, the system needs to be in a step-by-step format and receive regular updates.
  • Cloud-based: Storing data and running software through the cloud has been an increasingly popular method of cutting infrastructure costs and opting for remote computing. However, even the cloud faces some threats. Security is the most significant concern for cloud servers. Deliberate and repeated testing can relieve this concern and sustain future data loss caused by a disaster.
  • Virtualization: Virtualized systems like a virtual machine or desktop can ease much of the worry in a disaster scenario. A virtual environment can initiate the recovery process in minutes, decreasing downtime. Virtual systems are also the optimal environment for testing. Virtualized disaster recovery plans mostly need to ascertain that applications can return to normal operations following restoration.

disaster recovery planning for a company's computer system usually focuses on

IT Disaster Recovery Checklist

An IT disaster recovery plan can be simple and straightforward if your business doesn’t require anything more than the fundamental elements. Preparation is paramount, so creating an IT disaster recovery plan checklist can be your first step to safeguarding your company:

  • Establish the scope of recovery:  What hardware and software will your business need to recover if a disaster occurs? To what extent can you restore these systems?
  • Be familiar with the network infrastructure:  You may accomplish this   through documentation or personal examination. Networks can be very intricate, so your business needs to be sure of what it will include in a recovery plan.
  • Define RPOs and RTOs:  Your business can manipulate its control over the situation if it has managed expectations for downtime and data loss. Be cognizant of your tolerance for these issues.
  • Employ analyses and risk assessments:  Use a business impact analysis and risk assessment to identify serious threats and business affairs. You’ll need to choose the most critical business operations to maintain. Calculate the figurative and literal costs of operation failure.
  • Investigate past disasters:  Look at past disasters and analyze how your business recovered from them. Naturally, this will serve as a starting point for a more exhaustive IT disaster recovery plan.
  • Build a disaster recovery strategy:  As discussed, this is your business’s broad response to an incident or outage. These strategies are eminent in building the final disaster recovery plan.
  • Decide who is responsible:  Assign responsibilities to members within your organization for specific recovery procedures. Doing this might involve establishing an incident response team — a group of IT specialists who have expertise in handling issues related to disaster recovery. This team should test for vulnerabilities and create an incident response plan for security attacks.
  • Conduct a review:  Have your management review and approve the disaster recovery plan. These individuals should have input on the matter. These team members should know the risks outlined in the restoration procedures, so they can remove some of these points if applicable.
  • Organize a communication plan:  A communication plan should delineate how your business will communicate updates and alerts during a crisis. As an illustration, email is usually reliable during normal business operations. However, a disaster can endanger employees, and you should use a more immediate means of contact. The response team also needs to communicate amongst themselves and stay up to date with helpful information.
  • Do tests:  Test the disaster discovery plan at regular intervals and update it if necessary. Doing this enables you to make timely modifications instead of discovering faults during the time of disaster.
  • Audit your disaster recovery plan:  This step means making official and accessible documentation. These documents will go into detail about the procedures and practices that employees and administrators should enact in case of a disaster.
  • Revise your SLAs:  Include information about your IT disaster recovery plan in your company’s service-level agreements (SLAs). SLAs offer a promise to clients that you will meet a specific standard of service. Providers should be transparent with clients about how these standards might change, if at all, in case of circumstance.

disaster recovery planning for a company's computer system usually focuses on

Tips for Your Organization

While the basic principles of an IT disaster recovery plan may be straightforward, productively applying these directives can be difficult — this is because your business has to build a recovery plan that works intuitively with its available resources. Additionally, your company has to be practical about taking measures for disaster preparation. Here are a few tips to keep in mind:

1. Be Transparent

It pays to be honest. Although every business is eager to make their clients happy, set performance standards for your company that you can keep up with. Do not make promises to a client that you can get your server up and running in hours if you need to negotiate maintenance plans with a third-party vendor. When it is possible to make enthusiastic promises, do so. When it is not, balance customers’ expectations with what you can accomplish, given your budget and resources.

2. Stay Within Budget

Small businesses are accustomed to having to stretch their budgets to accommodate advanced systems. Your business should be creative about the resources it already has. Rather than investing in out-of-budget software or hardware, your organization can use incremental backups to make up for any disparities. Cloud computing is an excellent way to address the risk of data loss, as well. It is usually cost-effective and encryption-compatible.

3. Consider Relevant Business Measures

Note the key measures in disaster recovery plans — detection, prevention and correction. Detective measures alert the relevant team of vulnerabilities in your IT systems. Vulnerabilities can be anything from an out-of-date firewall system to broken sprinklers. Detecting these problems early on means you can direct attention toward fixing them. Preventative measures stop dilemmas from happening in the first place. An example of a preventative plan would be to prepare backups to prevent data loss.

Finally, corrective actions deal with the follow-up of a disaster — amending systems that sustained damage. Insurance and disaster recovery audits fall under this category.

disaster recovery planning for a company's computer system usually focuses on

Work With an IT Expert

Businesses work with substantial amounts of data. If these files are compromised, it could result in the undoing of a successful company. Every type of organization can benefit from an IT disaster recovery plan. Technology has numerous niches in almost every business. It aids in communication, daily operations, data storage and more. Therefore, applying a recovery plan is an indispensable facet of running your organization. But you don’t have to tackle a disaster alone.

Morefield Communications can help you by managing and maintaining your computer systems professionally and aptly. We are dedicated to giving you solutions-focused service that will address a combination of personal risks.

Our services include network management and systems technical support. Your network can trust in 24-hour service, and your technology will remain consistently current. We’ll even provide new technology, so you can rest assured that you’re working with the best products for your business.

Better yet, everything we provide is compiled into one  cost-savvy IT solution . Whatever you need, we have you covered. Don’t be blindsided by an unforeseen disaster.  Get in touch with us  today.

Sign Up for Our Newsletter

  • Español (LATAM)
  • Português (LATAM)
  • English (APAC)

8 Must-Have Components of an Effective Disaster Recovery Plan

https://www.arcserve.com/sites/default/files/2023-07/Vitali-Edrenkine-v02.jpg

In an independent global study commissioned by Arcserve, 95 percent of responding IT decision-makers (ITDMs) said their company has a disaster recovery plan. That’s the good news. The bad news is that only 24 percent say they have a mature, well-documented, tested, and updated plan . 

We interpret those metrics to mean that almost everyone has the right intentions. The problem comes down to execution. Time, money, and a lack of understanding of the extent of the threats organizations face today can also come into play. But those threats are genuine. In the same Arcserve-commissioned study, 76 percent of ITDMs reported that their organization had experienced a severe loss of critical data .

Avoiding data loss and downtime due to ransomware, data breaches, and other disasters is imperative for every IT pro today. That starts with an effective disaster recovery plan. With that in mind, here are eight essential elements of a disaster recovery plan:

1. Inventory All Assets

A detailed inventory of all IT assets—hardware, software, data, and network resources—is a critical starting point for an effective disaster recovery plan. Rank the assets based on their importance to business functions. This provides the foundation for a comprehensive risk assessment.

2. Execute a Comprehensive Risk Assessment

Before you can address threats, you need to identify them.  That starts with a thorough risk assessment that examines the impacts of an incident on your organization. It’s important to note that this is an iterative and ongoing process that accounts for new threats, changes within your organization, and new technologies. 

Here are the steps involved in executing a comprehensive risk assessment:

• Evaluate critical assets , including physical assets, such as data center hardware, and digital assets, including data, software applications, and intellectual property, so that they can be prioritized for recovery. 

• Identify all potential threats , from earthquakes and floods to ransomware attacks and data breaches, and asses each threat’s potential impact on your organization.

• Assess the level of risk , prioritizing each threat as high-, low-, or medium-impact based on the likelihood of the incident occurring and potential impacts.

• Review existing security measures and disaster recovery strategies  to assess their effectiveness in mitigating impacts and identify required improvements.

• Identify the roles and responsibilities of employees in disaster response and the risk of insider threats.

3. Establish Clear Recovery Objectives

Your recovery time objectives and recovery point objectives ( RTOs/RPOs ) are core elements of your DR plan. 

Your RTO is the maximum time your business can be down before the consequences are significant. Here are the areas to consider when setting your RTO:

• Conduct a business impact analysis (BIA) to understand downtime's operational, financial, and reputational impacts on each of your business processes and prioritize recovery efforts.

• Review regulatory and legal requirements  to ensure your RTO complies.

• Evaluate the interdependencies of your business processes and IT systems to prioritize those most critical for your operations.

• Assess the  operational capabilities and resource availability required to meet your RTO, including data backup, recovery solutions, and staff availability.     

Your RPO is the maximum acceptable amount of data loss your organization can suffer , which dictates the frequency of your backups so you can retrieve your data from the most recent backup recovery point before an incident. Here are the areas to consider when setting your RPO:

• Identify critical data , such as financial and compliance data, that may require a shorter RPO to minimize data loss.

• Understand your data’s dynamics so you can back up data that changes more frequently to meet shorter RPO while backing relatively static data less frequently.

• Evaluate data backup and recovery solutions that can meet your RPOs, and consider advanced solutions like Arcserve Unified Data Protection (UDP) that can reduce your downtime from days to minutes. 

• Execute a cost-benefit analysis that weighs RPOs against costs to balance your need to minimize data loss against the financial implications of not doing so.

• Review legal and regulatory requirements , as with your RTO, to ensure compliance.

4. Build an Effective Communication Plan

An effective communication plan ensures all stakeholders are informed, coordinated, and able to respond appropriately following a disaster. The critical components of your plan should include:

• Designate a crisis communications team responsible for managing all communications during a disaster, including individuals trained in crisis communication and public relations and a spokesperson to speak on behalf of the organization. 

• Establish communication objectives  that define how stakeholders are informed, coordinate response efforts, and provide updates on recovery progress.

• Identify internal and external stakeholders and create communications strategies for each audience.

• Set communication channels , such as text, email, social media, company intranet, and emergency notification systems that you will employ during a disaster, and consider those that may not have access to company networks.

• Create predefined key messages and templates for various scenarios to speed disaster response. These should cover initial notifications, updates, and resolution.

• Assemble comprehensive contact lists for all stakeholders, regularly verify and update them, and ensure they are securely stored and available if disaster strikes.

• Regularly review and test your plan with disaster recovery drills to ensure its effectiveness when needed.

5. Establish Guidelines for Partner and Vendor Coordination

When disaster strikes, the repercussions extend beyond your organization. You must also coordinate with partners and vendors to ensure a seamless recovery process. The steps here include:

• Identify critical vendors and partners , such as cloud service providers, software vendors, hardware suppliers, and third-party service providers vital to your business operations.

• Define each vendor’s responsibilities and role in your DR plan, including any specific recovery services they provide, service-level agreements (SLAs) they support for recovery times, and any support services they offer during a disaster.

• Review contracts for DR clauses so you understand obligations, uptime guarantees, and compensation for failures to meet agreed-upon SLAs.

6. Implement a Comprehensive Backup Strategy

Ensuring effective disaster recovery demands a failsafe approach to data backups. The 3-2-1-1 backup strategy is the proven solution, and you can read all about it in this post . This strategy is based on keeping multiple copies of your data in separate locations and storing at least one version of your backup data in an immutable format , where data is written only once and can’t be altered or deleted.

7. Define Roles and Responsibilities

Your plan must also include clearly defined roles and responsibilities for the crisis communications team, disaster recovery team, and other key personnel . Everyone must know their responsibilities before, during, and after a disaster to eliminate confusion and ensure efficient recovery. Regular training and drills are essential for keeping everyone prepared, clear on their role, and ready to execute when needed.

8. Test and Update Your Plan Regularly

The only way to ensure the effectiveness of your disaster recovery plan is through regular testing. As the Arcserve-sponsored study found, this is where most organizations need to improve. Testing should simulate various scenarios and be followed by an evaluation of the team’s readiness and updates to the plan.

Get Expert Disaster Recovery Support

Arcserve technology partners can help you implement the appropriate data and ransomware protection, backup, and disaster recovery solutions for your specific needs. Find an Arcserve partner here .

  • Disaster Recovery

You May Also Like

How the sec’s cybersecurity disclosure rules can guide saas data protection for mid-size companies, how to respond to a disaster, a deep dive into immutable storage: how it works for ensuring data protection and ransomware recovery.

disaster recovery planning for a company's computer system usually focuses on

Business continuity and disaster recovery plans are risk management strategies that businesses rely on to prepare for unexpected incidents. While the terms are closely related, there are some key differences worth considering when choosing which is right for you:

  • Business continuity plan (BCP): A BCP is a detailed plan that outlines the steps an organization will take to return to normal business functions in the event of a disaster. Where other types of plans might focus on one specific aspect of recovery and interruption prevention (such as a natural disaster or cyberattack), BCPs take a broad approach and aim to ensure an organization can face as broad a range of threats as possible.
  • Disaster recovery plan (DRP):  More detailed in nature than BCPs, disaster recovery plans consist of contingency plans for how enterprises will specifically protect their IT systems and critical data during an interruption. Alongside BCPs, DR plans help businesses protect data and IT systems from many different disaster scenarios, such as massive outages, natural disasters,  ransomware  and  malware  attacks, and many others.
  • Business continuity and disaster recovery (BCDR): Business continuity and disaster recovery (BCDR) can be approached together or separately depending on business needs. Recently, more and more businesses are moving towards practicing the two disciplines together, asking executives to collaborate on BC and DR practices rather than work in isolation. This has led to combining the two terms into one, BCDR , but the essential meaning of the two practices remains unchanged.

Regardless of how you choose to approach the development of BCDR at your organization, it’s worth noting how quickly the field is growing worldwide. As the results of bad BCDR like data loss and downtime become more and more expensive, many enterprises are adding to their existing investments. Last year, companies worldwide were poised to spend USD 219 billion on cybersecurity and solutions, a 12% increase from the year before according to a recent report by the International Data Corporation (IDC) (link resides outside ibm.com).

Why are business continuity and disaster recovery plans important?

Business continuity plans (BCPs) and disaster recovery plans (DRPs) help organizations prepare for a broad range of unplanned incidents. When deployed effectively, a good DR plan can help stakeholders better understand the risks to regular business functions that a particular threat may pose. Enterprises that don’t invest in business continuity disaster recovery (BCDR) are more likely to experience data loss, downtime, financial penalties and reputational damage due to unplanned incidents.

Here are some of the benefits that businesses who invest in business continuity and disaster recovery plans can expect:

  • Shortened downtime: When a disaster shuts down normal business operations, it can cost enterprises hundreds of millions of dollars to get back up and running again. High-profile  cyberattacks  are particularly damaging, frequently attracting unwanted attention and causing investors and customers to flee to competitors who advertise shorter downtimes. Implementing a strong BCDR plan can shorten your recovery timeframe regardless of the kind of disaster you face.
  • Lower financial risk: According to  IBM’s recent Cost of Data Breach Report, the average cost of a data breach was USD 4.45 million in 2023—a 15% increase since 2020. Enterprises with strong business continuity plans have shown they can reduce those costs significantly by shortening downtimes and increasing customer and investor confidence.
  • Reduced penalties: Data breaches can result in large penalties when private customer information is leaked. Businesses that operate in the healthcare and personal finance space are at a higher risk because of the sensitivity of the data they handle. Having a strong business continuity strategy in place is imperative for businesses that operate in these sectors, helping keep the risk of heavy financial penalties relatively low.

How to build a business continuity disaster recovery plan

Business continuity disaster recovery (BCDR) planning is most effective when businesses take a separate but coordinated approach. While business continuity plans (BCPs) and disaster recovery plans (DRPs) are similar, there are important differences that make developing them separately advantageous:

  • Strong BCPs focus on tactics for keeping normal operations running before, during and immediately following a disaster. 
  • DRPs tend to be more reactive, outlining ways to respond an incident and get everything back up and running smoothly.

Before we dive into how you can build effective BCPs and DRPs, let’s look at a couple of terms that are relevant to both:

  • Recovery time objective (RTO):  RTO refers to the amount of time it takes to restore business processes after an unplanned incident. Establishing a reasonable RTO is one of the first things businesses need to do when they’re creating either a BCP or DRP. 
  • Recovery point objective (RPO):  Your business’ recovery point objective (RPO) is the amount of data it can afford to lose in a disaster and still recover. Since data protection is a core capability of many modern enterprises, some constantly copy data to a remote  data center  to ensure continuity in case of a massive breach. Others set a tolerable RPO of a few minutes (or even hours) for business data to be recovered from a backup system and know they will be able to recover from whatever was lost during that time.

How to build a business continuity plan (BCP) 

While each business will have slightly different requirements when it comes to planning for business continuity, there are four widely used steps that yield strong results regardless of size or industry.

1. Run a business impact analysis 

Business impact analysis (BIA) helps organizations better understand the various threats they face. Strong BIA includes creating robust descriptions of all potential threats and any vulnerabilities they might expose. Also, the BIA estimates the likelihood of each event so the organization can prioritize them accordingly.

2. Create potential responses

For each threat you identify in your BIA, you’ll need to develop a response for your business. Different threats require different strategies, so for each disaster you might face it’s good to create a detailed plan for how you could potentially recover.

3. Assign roles and responsibilities

The next step is to figure out what’s required of everyone on your disaster recovery team in the event of a disaster. This step must document expectations and consider how individuals will communicate during an unplanned incident. Remember, many threats shut down key communication capabilities like cellular and Wi-Fi networks, so it’s wise to have communication fallback procedures you can rely on.

4. Rehearse and revise your plan

For each threat you’ve prepared for, you’ll need to constantly practice and refine BCDR plans until they are operating smoothly. Rehearse as realistic a scenario as you can without putting anyone at actual risk so team members can build confidence and discover how they are likely to perform in the event of an interruption to business continuity.

How to build a disaster recovery plan (DRP)

Like BCPs, DRPs identify key roles and responsibilities and must be constantly tested and refined to be effective. Here is a widely used four-step process for creating DRPs.

1. Run a business impact analysis

Like your BCP, your DRP begins with a careful assessment of each threat your company could face and what its implications could be. Consider the damage each potential threat could cause and the likelihood of it interrupting your daily business operations. Additional considerations could include loss of revenue, downtime, cost of reputational repair (public relations) and loss of customers and investors due to bad press.

2. Inventory your assets

Effective DRPs require you to know exactly what your enterprise owns. Regularly perform these inventories so you can easily identify hardware, software, IT infrastructure and anything else your organization relies on for critical business functions. You can use the following labels to categorize each asset and prioritize its protection—critical, important and unimportant.

  • Critical:  Label assets critical if you depend on them for your normal business operations.
  • Important:  Give this label to anything you use at least once a day and, if disrupted, would impact your critical operations (but not shut them down entirely).
  • Unimportant:  These are the assets your business owns but uses infrequently enough to make them unessential for normal operations.

Like in your BCP, you’ll need to describe responsibilities and ensure your team members have what they need to perform them. Here are some widely used roles and responsibilities to consider:

  • Incident reporter:  Someone who maintains contact information for relevant parties and communicates with business leaders and stakeholders when disruptive events occur.
  • DRP  supervisor:  Someone who ensures team members perform the tasks they’ve been assigned during an incident. 
  • Asset manager:  Someone whose job it is to secure and protect critical assets when a disaster strikes. 

4. Rehearse your plan

Just like with your BCP, you’ll need to constantly practice and update your DRP for it to be effective. Practice regularly and update your documents according to any meaningful changes that need to be made. For example, if your company acquires a new asset after your DRP has been formed, you’ll need to incorporate it into your plan going forward or it won’t be protected when disaster strikes.

Examples of strong business continuity and disaster recovery plans

Whether you need a business continuity plan (BCP), a disaster recovery plan (DRP), or both working together or separately, it can help to look at how other businesses have put plans in place to boost their preparedness. Here are a few examples of plans that have helped businesses with both BC and DR preparation.

  • Crisis management plan:  A good crisis management plan could be part of either business continuity or disaster recovery planning. Crisis management plans are detailed documents that outline how you’ll manage a specific threat. They provide detailed instructions on how an organization will respond to a specific kind of crisis, such as a power outage, cybercrime or natural disaster; specifically, how they’ll deal with the hour-by-hour and minute-by-minute pressures while the event is unfolding. Many of the steps, roles and responsibilities required in business continuity and disaster recovery planning are relevant to good crisis management plans.
  • Communications plan:  Communications plans (or comms plans) equally apply to business continuity and disaster recovery efforts. They outline how your organization will specifically address PR concerns during an unplanned incident. To build a good comms plan, business leaders typically coordinate with communications specialists to formulate their communications plans. Some have specific plans in place for disasters that are deemed both likely and severe , so they know exactly how they’ll respond.
  • Network recovery plan:  Network recovery plans help organizations recover interruptions of network services, including internet access, cellular data, local area networks (LANs) and wide area networks (WANs). Network recovery plans are typically broad in scope since they focus on a basic and essential need—communication—and should be considered more on the side of business continuity than disaster recovery. Given the importance of many networked services to business operations, network recovery plans focus on the steps needed to restore services quickly and effectively after an interruption.
  • Data center  recovery plan: A data center recovery plan is more likely to be included in a BCP than a DRP because of its focus on data security and threats to IT infrastructure. Some common threats to data backup include overstretched personnel, cyberattacks, power outages and difficulty following compliance requirements. 
  • Virtualized recovery plan:  Like a data center plan, a virtualized recovery plan is more likely to be part of a BCP than a DRP because of a BCP’s focus on IT and data resources. Virtualized recovery plans rely on  virtual machine (VM)  instances that can swing into operation within a couple of minutes of an interruption. Virtual machines are representations/emulations of physical computers that provide critical application recovery through high availability (HA), or the ability of a system to operate continuously without failing.

Business continuity and disaster recovery solutions 

Even a minor interruption can put your business at risk. IBM has a wide range of contingency plans and disaster recovery solutions to help prepare your business to face a variety of threats including cloud backup and disaster recovery capabilities and security and resiliency services.

More from Cloud

6 ways to elevate the salesforce experience for your users.

3 min read - Customers and partners that interact with your business, as well as the employees who engage them, all expect a modern, digital experience. According to the Salesforce Report, nearly 90% Of buyers say the experience a company provides matters as much as products or services. Whether using Experience Cloud, Sales Cloud, or Service Cloud, your Salesforce user experience should be seamless, personalized and hyper-relevant, reflecting all the right context behind every interaction. At the same time, Salesforce is a big investment,…

IBM Tech Now: February 12, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 92 On this episode, we're covering the following topics: The GRAMMYs + IBM watsonx Audio-jacking with generative AI Stay plugged in You can check out the IBM Blog Announcements for a full rundown of…

Public cloud vs. private cloud vs. hybrid cloud: What’s the difference?

7 min read - It’s hard to imagine a business world without cloud computing. There would be no e-commerce, remote work capabilities or the IT infrastructure framework needed to support emerging technologies like generative AI and quantum computing.  Determining the best cloud computing architecture for enterprise business is critical for overall success. That’s why it is essential to compare the different functionalities of private cloud versus public cloud versus hybrid cloud. Today, these three cloud architecture models are not mutually exclusive; instead, they work…

Cyber recovery vs. disaster recovery: What’s the difference? 

7 min read - Today’s enterprises face a broad range of threats to their security, assets and critical business processes. Whether preparing to face a complex cyberattack or natural disaster, taking a proactive approach and selecting the right business continuity disaster recovery (BCDR) solution is critical to increasing adaptability and resilience. Cybersecurity and cyber recovery are types of disaster recovery (DR) practices that focus on attempts to steal, expose, alter, disable or destroy critical data. DR itself typically targets a wider range of threats than just those…

IBM Newsletters

Business continuity, contingency planning and disaster recovery: What’s the difference?

Learn the difference between business continuity, contingency planning & disaster recovery, and why it’s important for your business to plan for disruption.

Sometimes, unforeseen events can disrupt a business’s operations without notice. Your preparedness and response are very important at this time. 

Some businesses are prepared for these interruptions and have clear guidelines for returning to ‘business as usual’ with minimal downtime. Others are less prepared and suffer knockoff effects that can take a long time to recover from. 

Businesses must prepare for disruptive events with strategies that outline how to maintain core operations and recover quickly. This is where the fields of business continuity, contingency planning, and disaster recovery come in. 

These help businesses minimize the impact of catastrophic events by creating a detailed plan for operating through disruptions and returning to normal as soon as possible. It may seem like the three terms are interchangeable and refer to the same process, however, there are core differences between them. 

In this guide, we’ll examine why your business should plan for disruption, and the difference between business continuity, contingency planning, and disaster recovery.

Lock Down Your Cybersecurity & Compliance

Protect, Certify & Grow Your Business

Contact us to learn more about our fully managed comprehensive cybersecurity service that helps businesses reduce risk, certify, protect, and build trust.

What is business continuity?

Business continuity outlines how a business will continue to operate during and after a disruptive event. Ideally, with as little downtime as possible. 

Disruptive events can refer to anything from natural disasters, war, or theft to cyber-attacks, the departure of a vital employee, or negative publicity. The COVID-19 pandemic highlighted a real need to be prepared for the unexpected. Business continuity can also plan for smaller events such as extended power outages.

A business continuity strategy can take into account things like:

  • How a business will operate if it’s forced to relocate premises
  • Plans for what to do if a supplier/contractor that’s heavily relied on leaves or is bankrupted
  • Redeploying staff to different roles
  • Working from home guidelines
  • Data backup site locations & providers
  • Maintaining operations during both short-term and long-term disruptions

A business continuity plan is more comprehensive than a disaster recovery plan and will contain detailed contingencies for all aspects of the business.  

What is disaster recovery?

Disaster recovery plans for how a business will return to normal after technology-related disasters such as power outages, natural events, cybercrimes, or human error (for example, accidental deletion of data). It’s essentially a guideline that outlines what measures a business will need to take to respond to events and transition back to regular operation as quickly as possible. 

Disaster recovery is usually a key component of a business continuity plan and focuses on restoring normal business function. It can take into account things like:

  • How to re-establish office productivity as quickly as possible
  • Manual workarounds when computer systems are down 
  • How to recover from data loss or IT infrastructure failure
  • Business cybersecurity measures
  • Who will form the crisis management team 
  • A recovery timeline 

Many companies have data backups in place, however, this does not constitute proper disaster recovery. Data backups are not useful when there are power outages or a natural disaster preventing access to that data. A proper disaster recovery plan should consider these circumstances and provide a strategy to work around them.  What is a contingency plan?

A contingency plan prepares businesses for disruptive events that could significantly affect their delivery of products and/or services. This could include the loss of a vital employee or significant supplier. 

Contingency plans usually consider risks that can affect critical business operations, such as cyber-attacks, data leaks, or supply chain issues. A contingency plan typically includes things like: 

  • Events that trigger contingency measures
  • A response that will be taken depending on the event
  • Key tasks involved
  • Rough timeline for restoring normal operations

Business continuity, contingency planning, and disaster recovery can sound very similar, and in many ways they are. The key difference between the three is when they take place:

  • Contingency planning happens in advance to prepare for future incidents
  • Business continuity provides a temporary solution during an incident
  • Disaster recovery focuses on returning operations back to normal after an incident has taken place

Why your business should plan for disruptive events

If your business faces disruption without a proper plan in place, knock-on effects can be catastrophic. Taking the time to consider business continuity, contingency planning and disaster recovery can benefit your business in numerous ways by minimising the consequences of interruption.

1. Prevent financial loss

The most obvious result of disruptive events is financial loss. As a business is unable to continue delivering products and services while dealing with the incident, its bottom line can take a hit. Instead of focusing your resources on coming up with a plan during the event, plan ahead so that you can restore business function as quickly as possible. 

2. Peace of mind

Taking the time to create a business continuity, disaster recovery, or contingency plan provides peace of mind to employees. Knowing that there are clear policies and guidelines to follow in times of need relieves pressure and mitigates chaos during disruptive situations. 

3. Edge over competitors

Being able to restore normal operations as quickly as possible can give you an advantage over competitors as they struggle to figure out the situation. This can help your business stand out as a trustworthy and reliable industry leader, especially in the eyes of customers.

Start planning for disruption before it’s too late

Don’t wait until you need it, prepare for disruptive events before they happen so that your business can be guided through interruptions swiftly and calmly. We can help you plan for unforeseen circumstances, including cybersecurity and incident response to minimise data loss and downtime.

Get in touch with our team to find out how we can help you implement a business cybersecurity plan that allows you to operate with peace of mind.

The First Step is Crucial. Start with a Cybersecurity Assessment

Where are you at your cybersecurity maturity journey? Get an assessment of your current security posture and identify the gaps and challenges that you need to act upon.

Similar posts

Optus has been hit with a major cyber attack.

In today’s world businesses around the world as well as in Australia, face increasingly sophisticated and innovative cybercriminals targeting what matters most to them; their money, data and reputation. Download our guide to learn everything you need to know about the Optus Data Breach, as well as the nine steps every business around the world and in Australia needs to take to avoid being next.

IMAGES

  1. Data and Disaster Recovery

    disaster recovery planning for a company's computer system usually focuses on

  2. How to Develop an Effective Disaster Recovery Plan

    disaster recovery planning for a company's computer system usually focuses on

  3. How to Create an IT Disaster Recovery Plan That Lowers Business Risk

    disaster recovery planning for a company's computer system usually focuses on

  4. How to Create a Disaster Recovery Plan

    disaster recovery planning for a company's computer system usually focuses on

  5. How to Create a Disaster Recovery Plan

    disaster recovery planning for a company's computer system usually focuses on

  6. What is a Disaster Recovery Plan (DRP) and How Do You Write One?

    disaster recovery planning for a company's computer system usually focuses on

VIDEO

  1. Data Backup and Recovery Planning

  2. OnBase Disaster Recovery Planning Webinar

  3. Disaster Recovery Planning for Banks and Credit Unions

  4. Technology and Disaster Recovery Plans

  5. Disaster Recovery Planning: RTOs and RPOs

  6. High availability and disaster recovery in Kubernetes Series 68

COMMENTS

  1. What is Disaster Recovery?

    The process of preparing for and recovering from any event that prevents a workload or system from fulfilling its business objectives in its primary deployed location, such as power outages, natural events, or security issues. Disaster recovery targets are measured with Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).

  2. What is a Disaster Recovery Plan?

    Disaster recovery (DR) is an organization's ability to restore access and functionality to IT infrastructure after a disaster event, whether natural or caused by human action (or error). DR is considered a subset of business continuity, explicitly focusing on ensuring that the IT systems that support critical business functions are ...

  3. Disaster Recovery: An Introduction

    Disaster recovery planning involves strategizing, planning, deploying appropriate technology, and continuous testing. Maintaining backups of your data is a critical component of disaster recovery planning, but a backup and recovery process alone does not constitute a full disaster recovery plan.

  4. What Is Disaster Recovery?

    Disaster recovery is a subset of BC focused mainly on the IT systems required for business continuity. DR defines specific steps needed to resume technology operations after an event occurs. It is a reactive process that requires planning, but organizations implement DR only when a disaster truly occurs.

  5. What is a Disaster Recovery Plan (DRP) and How Do You Write One?

    A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. A DRP is an essential part of a business continuity plan ( BCP ). It is applied to the aspects of an organization that depend on a functioning information technology (IT) infrastructure.

  6. IT Disaster Recovery Plan

    An information technology disaster recovery plan (IT DRP) should be developed in conjunction with the business continuity plan. Priorities and recovery time objectives for information technology should be developed during the business impact analysis.

  7. 10 Best Practices for Disaster Recovery Planning (DRP)

    Vulnerability Management 10 Best Practices for Disaster Recovery Planning (DRP) DRP helps an organization resume work after the loss of data or IT equipment. Click here to learn about 10 DRP best practices in 2021. Ramya Mohanakrishnan IT Specialist Last Updated: November 23, 2021

  8. 16 Expert Strategies For Creating An Effective IT Disaster Recovery Plan

    8. Leverage public cloud services. The key to an effective recovery plan is to rely on the public cloud, not your own datacenter or hardware. Leverage services built on the public cloud and give ...

  9. What is a Disaster Recovery Plan? Definition + Strategies

    A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and more generally promote recovery. The purpose of a disaster recovery ...

  10. Business continuity and disaster recovery planning: The basics

    Here are the basics of a state-of-the-art disaster recovery/business continuity (DR/BC) plan for 2021 and beyond. (Without getting too hung up on definitions, let's say that disaster recovery is ...

  11. How to Create a Disaster Recovery Plan (DRP)

    Create Your DRP Team. Put together a DRP team to oversee the development and actual implementation of your plan. Each member of the disaster recovery planning committee should play a specific role in the success of your plan. This ensures that the operations during a disaster are smooth and well coordinated. Here are the most critical roles on ...

  12. What is a Disaster Recovery Plan? Importance & Benefits

    A disaster recovery plan focuses on the restoration of IT infrastructure and data following a disruptive incident. It outlines specific steps and procedures to recover critical systems, applications and data to minimize downtime and ensure operational continuity. On the other hand, a business continuity plan encompasses a broader scope beyond IT.

  13. What is Disaster Recovery? Plan, Strategy, Types & Components

    Disaster recovery operates through a well-structured plan which is designed to restore and maintain critical business functions shortly after a disaster strikes. Here is a step-by-step explanation of how disaster recovery typically works: Preventive - Ensuring the disaster does not occur is the first step to a solid disaster recovery plan.

  14. How to Make an IT Disaster Recovery Plan

    A network disaster recovery plan focuses on the activities that are needed to restore such assets, or alternatives to be used to mitigate the impact of their downtime. Cloud disaster recovery plan: Instead of using a disaster recovery site, a cloud disaster recovery plan consists of backing up data using cloud services. While it requires a ...

  15. Guide to IT Disaster Recovery

    An IT disaster recovery plan is a documented methodical proposal for managing situations that occur in the event of natural or human-made disasters. The steps of a disaster recovery plan typically revolve around taking actions that help a business resume operations as quickly as possible. Business continuity systems stress the importance of a ...

  16. Disaster Recovery Planning

    Computer Network Defense. Jason Andress, Steve Winterfeld, in Cyber Warfare (Second Edition), 2014. Disaster Recovery Planning. Disaster Recovery Planning (DRP), as a defensive measure, can allow us to withstand or recover from the attacks, outages, and disasters that we were not able to prevent outright. Such measures are usually accomplished through the use of backups for our data and ...

  17. CISA disaster Flashcards

    Test Match Created by smithvagvsu Terms in this set (17) For which of the following applications would rapid recovery be MOST crucial? A. Point of Sale B. Corporate Planning C. Regulatory Reporting D. Departmental chargeback A An advantage of the use of hot sites as a backup alternative is that: A. the costs associated with hot sites are low.

  18. 8 Must-Have Components of an Effective Disaster Recovery Plan

    That starts with an effective disaster recovery plan. With that in mind, here are eight essential elements of a disaster recovery plan: 1. Inventory All Assets. A detailed inventory of all IT assets—hardware, software, data, and network resources—is a critical starting point for an effective disaster recovery plan.

  19. Business continuity vs. disaster recovery: Which plan is right ...

    Disaster recovery plan (DRP): More detailed in nature than BCPs, disaster recovery plans consist of contingency plans for how enterprises will specifically protect their IT systems and critical data during an interruption.

  20. 6 steps to a successful network disaster recovery plan

    These steps can be used as a framework to build the type of network disaster recovery plan that will fit your specific recovery goals. 1. Designate mission-critical vs. nonmission-critical network segments. Building automated redundancy and resiliency into a network is an expensive, time-consuming and complex process.

  21. Business continuity, contingency planning and disaster recovery: What's

    Disaster recovery is usually a key component of a business continuity plan and focuses on restoring normal business function. It can take into account things like: How to re-establish office productivity as quickly as possible; Manual workarounds when computer systems are down ; How to recover from data loss or IT infrastructure failure

  22. Why IT Disaster Recovery Plans are Critical

    A disaster recovery plan could involve a simple office server with sales orders or a complex Office 365 deployment. Here's an example. In the case of a massive storm and its aftermath, as the U.S ...

  23. Disaster recovery planning (DRP) for a company's computer system

    Disaster recovery planning (DRP) for a company's computer system usually focuses on: operations turnover procedures. strategic long-range planning. the probability that a disaster will occur. alternative procedures to process transactions. Explanation: It is important that disaster recovery identifies alternative processes that can be put in place while the system is not available. 0 0 […]