Home  >  Learning Center  >  Business continuity planning (BCP)  

Article's content

Business continuity planning (bcp), what is business continuity.

In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures.

The core of this concept is the business continuity plan — a defined strategy that includes every facet of your organization and details procedures for maintaining business availability.

Start with a business continuity plan

Business continuity management starts with planning how to maintain your critical functions (e.g., IT, sales and support) during and after a disruption.

A business continuity plan (BCP) should comprise the following element

1. Threat Analysis

The identification of potential disruptions, along with potential damage they can cause to affected resources. Examples include:

2. Role assignment

Every organization needs a well-defined chain of command and substitute plan to deal with absence of staff in a crisis scenario. Employees must be cross-trained on their responsibilities so as to be able to fill in for one another.

Internal departments (e.g., marketing, IT, human resources) should be broken down into teams based on their skills and responsibilities. Team leaders can then assign roles and duties to individuals according to your organization’s threat analysis.

3. Communications

A communications strategy details how information is disseminated immediately following and during a disruptive event, as well as after it has been resolved.

Your strategy should include:

  • Methods of communication (e.g., phone, email, text messages)
  • Established points of contact (e.g., managers, team leaders, human resources) responsible for communicating with employees
  • Means of contacting employee family members, media, government regulators, etc.

From electrical power to communications and data, every critical business component must have an adequate backup plan that includes:

  • Data backups to be stored in different locations. This prevents the destruction of both the original and backup copies at the same time. If necessary, offline copies should be kept as well.
  • Backup power sources, such as generators and inverters that are provisioned to deal with power outages.
  • Backup communications (e.g., mobile phones and text messaging to replace land lines) and backup services (e.g., cloud email services to replace on-premise servers).

Load balancing business continuity

Load balancing  maintains business continuity by distributing incoming requests across multiple backend servers in your data center. This provides redundancy in the event of a server failure, ensuring continuous application uptime.

In contrast to the reactive measures used in failover and  disaster recovery  (described below) load balancing is a preventative measure.  Health monitoring  tracks server availability, ensuring accurate load distribution at all times—including during disruptive events.

Disaster recovery plan (DCP) – Your second line of defense

Even the most carefully thought out business continuity plan is never completely foolproof. Despite your best efforts, some disasters simply cannot be mitigated. A disaster recovery plan (DCP) is a second line of defense that enables you to bounce back from the worst disruptions with minimal damage.

As the name implies, a disaster recovery plan deals with the restoration of operations after a major disruption. It’s defined by two factors: RTO and  RPO .

disaster recovery plan

  • Recovery time objective (RTO)  – The acceptable downtime for critical functions and components, i.e., the maximum time it should take to restore services. A different RTO should be assigned to each of your business components according to their importance (e.g., ten minutes for network servers, an hour for phone systems).
  • Recovery point objective (RPO)  – The point to which your state of operations must be restored following a disruption. In relation to backup data, this is the oldest age and level of staleness it can have. For example, network servers updated hourly should have a maximum RPO of 59 minutes to avoid data loss.

Deciding on specific RTOs and RPOs helps clearly show the technical solutions needed to achieve your recovery goals. In most cases the decision is going to boil down to choosing the right failover solution.

See how Imperva Load Balancer can help you with business continuity planning.

Choosing the right failover solutions

Failover  is the switching between primary and backup systems in the event of failure, outage or downtime. It’s the key component of your disaster recovery and business continuity plans.

A failover system should address both RTO and RPO goals by keeping backup infrastructure and data at the ready. Ideally, your failover solution should seamlessly kick in to insulate end users from any service degradation.

When choosing a solution, the two most important aspects to consider are its technological prowess and its service level agreement (SLA). The latter is often a reflection of the former.

For an IT organization charged with the business continuity of a website or web application, there are three failover options:

  • Hardware solutions  – A separate set of servers, set up and maintained internally, are kept on-premise to come online in the event of failure. However, note that keeping such servers at the same location makes them potentially susceptible to being taken down by the same disaster/disturbance.
  • DNS services  – DNS services are often used in conjunction with hardware solutions to redirect traffic to a backup server(s) at an external data center. A downside of this setup includes  TTL-related delays  that can prevent seamless disaster recovery. Additionally, managing both DNS and internal data center hardware failover solutions is time consuming and complicated.
  • On-edge services  – On-edge failover is a managed solution operating from off-prem (e.g., from the  CDN  layer). Such solutions are more affordable and, most importantly, have no TTL reliance, resulting in near-instant failover that allows you to meet the most aggressive RTO goals.

Latest Blogs

Connected World

Lynne Murray

, Shiri Margel

Dec 1, 2023 5 min read

Mobile phone with a stock exchange app displayed and a finger perusing the trend line

Oct 9, 2023 4 min read

sc

Aug 28, 2023 3 min read

Latest Articles

  • Regulation & Compliance

604.6k Views

190.2k Views

41.6k Views

38.9k Views

37.2k Views

35.4k Views

29.3k Views

Protect Against Business Logic Abuse

Identify key capabilities to prevent attacks targeting your business logic

The 10th Annual Bad Bot Report

The evolution of malicious automation over the last decade

The State of Security Within eCommerce in 2022

Learn how automated threats and API attacks on retailers are increasing

Prevoty is now part of the Imperva Runtime Protection

Protection against zero-day attacks

No tuning, highly-accurate out-of-the-box

Effective against OWASP top 10 vulnerabilities

An Imperva security specialist will contact you shortly.

Top 3 US Retailer

CrashPlan logo

  • Pricing Overview
  • CrashPlan Essential
  • CrashPlan Professional
  • CrashPlan Enterprise
  • CrashPlan for MSPs
  • Ransomware Recovery
  • Device Migration
  • Disaster Recovery
  • State and Local
  • Financial Services
  • Research & Development
  • Technology & Media
  • Business Services
  • Our Partners
  • Become a Reseller
  • Become an MSP Partner
  • Resources Overview

Business continuity vs disaster recovery: The difference explained

Report icon

If you’re in IT, you’ve definitely heard business continuity plans (BCP) and disaster recovery plans (DRP) mentioned together. Sometimes, these two are merged into one acronym spelled out as “BCDR”. And while BCP and DRP are closely related, they solve for fundamentally distinct issues.

Before defining their differences, it’s vital to understand just how important a role BCP and DRP play in an organization. Specifically, BCP and DRP help an organization continue operating. Disruptions in business are inevitable. Without a plan, the core functions of the business cannot run smoothly, and this can impact the bottom line.

For instance, when natural disasters strike small to medium businesses, many are never able to recover. Even if they initially recover, 25% of SMBs are out of business within a year following a disaster. And the number of costly disasters is only increasing. NOAA (National Centers for Environmental Information) reports that in the last five years, the number of billion-plus dollar disasters (adjusted for inflation) in the United States has increased to an average of 17.8 events per year , whereas the average between 1980-2022 was just 7.9 events per year.

Today we’ll examine the Venn diagram between BCP and DRP; how they complement each other, overlap, and combine to help protect a business from significant disruption during disasters.

Let’s dive in.

What Is a Business Continuity Plan?

A business continuity plan spells out how an organization will continue to run while experiencing a disaster or major disruption. These can include things like natural disasters, data breaches, strong economic downturns, hardware failures, and human errors. The core goal of a business continuity plan is to keep the business’ core functions operational throughout the disruption.

A business continuity plan is tailored to the specific needs of your organization. However, the components listed below comprise the core of a strong plan.

Identification of critical business processes and resources

What are your business’ major functions? What resources are necessary to maintain those functions? Which processes should take precedence when a disaster occurs?

For example, if your firm is a food processing organization, some of the critical business processes could include:

  • Sourcing raw materials
  • Manufacturing products
  • Inspecting products for safety
  • Delivering finished products to retail stores and customers
  • Employee management and payroll

 Establish roles for participants and stakeholders

Another important component is a clause spelling out stakeholders and their roles. Knowing who’s responsible for what in times of disruption ensures a business runs smoothly throughout a disaster.

  • An emergency preparedness manager is responsible for ensuring employees and customers are safe.
  • An emergency management director develops and carries out the plan for the business to follow
  • A disaster program manager is responsible for organizing other services, including shelters or triage centers.
  • A large business may want to put together a committee of individuals responsible for different areas of the organization including technology and communication.

Detailed documentation

Every bit of data and workflow needs to be detailed and recorded in the BCP. When a disaster strikes, your organization will know exactly what to do and in which order since there’s a recorded blueprint decided upon beforehand. At minimum, evacuation policies need to be documented, contact lists need to be created and the participants and stakeholders listed above need to create plans for their areas of responsibility. If hazardous materials are at play, a separate plan needs to be made for handling. Disasters are chaotic; a documented plan helps make them less so. After a decision is made, write it down and store it somewhere that everyone knows about and can access.

Business impact analysis

What will the organization lose when a certain disruption strikes? For example, one cybersecurity report estimates small businesses lose almost  $8,600 an hour  during unplanned downtime, so being able to  protect your business from downtime  is paramount.

What specific losses will the organization incur? Organizations are faced with losses including declines to output and revenue, harmed reputation, impact of client or customer wellbeing, disruption to flow or delivery of services.

Defined (and documented) RTO and RPO

The recovery time objective (RTO) details how long systems, processes, or data can be impacted  without fatally affecting a business. For instance, if your RTO is 3 hours, operations must be running again within 3 hours of a disaster.

Conversely, the recovery point objective (RPO) outlines how much data an organization is willing to lose during a disruption. For example, if an enterprise’s RPO is 15 minutes, the organization must have a data backup every 15 minutes to achieve the RPO goal.

When creating your BCP, you’ll need to set the RTO and define the RPO. The goal of both is to minimize the chances of data loss and speed up the resumption of operations. But, it is not possible to have zero downtime or zero data loss. RPO and RTO can’t be based on hope or idealism but have to be based on what is realistically achievable (in terms of feasibility and cost), balanced with what is critical for business viability.

Testing in advance of actual disruption

“No plan survives first contact with the enemy” so… it’s probably best if that first encounter happens in testing. You will not be able to control for every eventuality but, the more you test and prepare the smaller your risk surface is. That’s why it’s critical to test how your plan holds up during a simulated disaster. Unfortunately,  23% of organizations never test their BCP or DRP . Don’t be one of those 23%; please.

There are a few ways to test your BCP. First, you can create a checklist. Second, walk through the exercises. And third, you can produce simulations and ensure your plan is built to protect your organization to the fullest.

A BCP test seeks to find out the following:

  • If the plan works when disaster strikes
  • Gaps and opportunities within the plan
  • Whether the business can meet its RTO and RPO goals
  • Whether the emergency communication plan will be effective

Testing your plan simulating the disruptions most likely to affect your organization is crucial. Data breaches or loss, human error, climate disasters, hardware failure, and power outages are common disruptions to test in advance.

Testing should happen once per year, and a commonly employed mechanism to do so is a  tabletop exercise .

disaster recovery plans are effective for business not personal use true false

What Is a Disaster Recovery Plan?

A disaster recovery plan is detailed documentation showing how a business can quickly recover operations after an unplanned incident. For example, a data breach disaster recovery plan might include how it will restore data access and IT infrastructure after the breach. Even though they are often used interchangeably the DRP is usually a component of the business’ larger BCP. Every disaster requires continuity but not every continuity issue is as the result of a disaster. 

The main objectives of the DRP include the following:

  • Keep infrastructure and human resources safe
  • Guarantee continued business operations
  • Minimize financial losses
  • Protect organizational data
  • Prevent reputation loss
  • Limit liability

Below are the most vital components of the disaster recovery plan:

  • A summary of critical processes, resources, and systems
  • Stakeholders responsible for these processes, resources, and systems
  • Detailed steps to recover, restart, and reconfigure the critical processes and systems
  • RTO and RPO
  • Any other emergency and mitigation steps that are essential to recovering after a disaster

Before creating the disaster recovery plan , you’ll need to conduct a disaster impact analysis and document risks associated with respective disasters. Doing so helps you identify which resources are needed where and how long it will take to bounce back.

How are BCP and DRP Similar?

BCP and DRP both work to ensure that an organization’s core functions are not hindered in times of disaster. They take a proactive approach to protect the organization and minimize loss during disasters. When creating both plans, you’ll need to account for business critical processes, systems, and resources. You’ll also need to define the RTO and the RPO when creating both plans. Another essential overlap between the two is the need for impact analysis and testing before making the plan official.

Finally, neither plan is set in stone. Business continuity and disaster recovery plans require constant review to align with changes in IT infrastructure, organizational goals, and existing threats.

How Do BCP and DRP Differ?

BCP and DRP complement each other and overlap during planning, but they have different functions. For starters, the business continuity plan is typically focused on organization-wide strategic planning. A disaster recovery plan, on the other hand, details how an organization can continue to run specifically during or after a disaster.

A BCP broadly covers every necessary detail, including the resources, processes, IT systems, and stakeholders across the business and covers a variety of issues which a business may face (including things like succession planning). More importantly, the BCP outlines step-by-step what needs to happen during and after a certain disaster.

A disaster recovery plan is a fundamental part of the business continuity plan. Often the DRP focuses on IT and how an organization will recover or restore IT infrastructure, applications, and systems critical to business operations following a disaster (physical, cyber, natural etc).

Put simply: the key difference is that the DRP assumes something has already happened, while the BCP includes components intended to prevent issues in the first place.

Be Ready with CrashPlan

Disaster and disruptions don’t discriminate based on whether you’re a small business or an enterprise. If disaster strikes and you’re not prepared, you risk heavy financial loss, damaged reputation, and potential liability.

Business continuity and disaster recovery plans add a layer of protection for when disasters occur. They’re a proactive approach to ensure you’re minimally impacted by disruption. Data recovery is a critical piece of this puzzle; how can your operations continue after a disaster without access to your data?

CrashPlan’s automatic cloud backup gives you immediate, easy access to endpoint data after hardware failure, natural disasters, data breaches, or any other calamity.

Find out today how CrashPlan helps you safeguard and access your organization’s data during disasters.

folder in the center connected to other files

9 Point disaster recovery plan checklist

Disaster recovery planning

How to create a disaster recovery plan (DRP)

Cybersecurity: disaster recovery planning to protect your business from ransomware.

A background that says: What is a disaster recovery plan

The complete guide to disaster recovery planning (DRP)

CrashPlan logo

CrashPlan® provides peace of mind through secure, scalable, and straightforward endpoint data backup. We help organizations recover from any worst-case scenario, whether it is a disaster, simple human error, a stolen laptop, ransomware or an as-of-yet undiscovered calamity.

  • Become a Partner

© 2023 CrashPlan® All rights reserved.

Privacy | Terms & Conditions | Applicant Privacy Statement | Cookie Notice | Security Compliance | Free Trial | Sitemap

  • Español – América Latina
  • Português – Brasil

What is a Disaster Recovery Plan?

Disaster recovery (DR) is an organization’s ability to restore access and functionality to IT infrastructure after a disaster event, whether natural or caused by human action (or error). DR is considered a subset of business continuity, explicitly focusing on ensuring that the IT systems that support critical business functions are operational as soon as possible after a disruptive event occurs.

Today, disaster recovery planning is crucial for any business, especially those operating either partially or entirely in the cloud. Disasters that interrupt service and cause data loss can happen anytime without warning—your network could have an outage, a critical bug could get released, or your business might have to weather a natural disaster. Organizations with robust and well-tested disaster recovery strategies can minimize the impact of disruptions, achieve faster recovery times, and resume core operations rapidly when things go awry.   

Learn more about Google Cloud backup and disaster recovery features and products and how they can be used to build the right DR solution for your business.

IT disaster recovery defined

IT disaster recovery is a portfolio of policies, tools, and processes used to recover or continue operations of critical IT infrastructure, software, and systems after a natural or human-made disaster.

The first and foremost aspect of a disaster recovery plan is cloud. The cloud is considered the best solution for both business continuity and disaster recovery. The cloud eliminates the need to run a separate disaster recovery data center (or recovery site). 

What is a disaster recovery site? 

It’s a second, physical data center that’s costly to build and maintain—and with the cloud, made unnecessary.

What is considered a disaster?

Dr planning and strategies focus on responding to and recovering from disasters—events that disrupt or completely stop a business from operating..

While these events can be natural disasters like a hurricane, they can also be caused by a severe system failure, an intentional attack, or even human error. 

Types of disasters can include: 

  • Natural disasters (for example, earthquakes, floods, tornados, hurricanes, or wildfires)
  • Pandemics and epidemics
  • Cyber attacks (for example, malware, DDoS, and ransomware attacks)
  • Other intentional, human-caused threats such as terrorist or biochemical attacks
  • Technological hazards (for example, power outages, pipeline explosions, and transportation accidents)
  • Machine and hardware failure 

Importance of disaster recovery

Technology plays an increasingly important role in every aspect of business, with applications and services enabling companies to be more agile, available, and connected. This trend has contributed to the widespread adoption of cloud computing by organizations to drive growth, innovation, and exceptional customer experience. 

However, the migration to cloud environments—public, private, hybrid, or multicloud—and the rise of remote workforces are introducing more infrastructure complexity and potential risks. Disaster recovery for cloud-based systems is critical to an overall business continuity strategy. A system breakdown or unplanned downtime can have serious consequences for enterprises that rely heavily on cloud-based resources, applications, documents, and data storage to keep things running smoothly. 

In addition, data privacy laws and standards stipulate that most organizations are now required to have a disaster recovery strategy. Failure to follow DR plans can result in compliance violations and steep regulatory fines. 

Every business needs to be able to recover quickly from any event that stops day-to-day operations, no matter what industry or size. Without a disaster recovery plan, a company can suffer data loss, reduced productivity, out-of-budget expenses, and reputational damage that can lead to lost customers and revenue. 

How disaster recovery works

Disaster recovery relies on having a solid plan to get critical applications and infrastructure up and running after an outage—ideally within minutes..

An effective DR plan addresses three different elements for recovery: 

  • Preventive: Ensuring your systems are as secure and reliable as possible, using tools and techniques to prevent a disaster from occurring in the first place. This may include backing up critical data or continuously monitoring environments for configuration errors and compliance violations. 
  • Detective: For rapid recovery, you’ll need to know when a response is necessary. These measures focus on detecting or discovering unwanted events as they happen in real time. 
  • Corrective: These measures are aimed at planning for potential DR scenarios, ensuring backup operations to reduce impact, and putting recovery procedures into action to restore data and systems quickly when the time comes. 

Typically, disaster recovery involves securely replicating and backing up critical data and workloads to a secondary location or multiple locations—disaster recovery sites. A disaster recovery site can be used to recover data from the most recent backup or a previous point in time. Organizations can also switch to using a DR site if the primary location and its systems fail due to an unforeseen event until the primary one is restored.

Types of disaster recovery

The types of disaster recovery you’ll need will depend on your it infrastructure, the type of backup and recovery you use, and the assets you need to protect..

Here are some of the most common technologies and techniques used in disaster recovery: 

  • Backups: With backups, you back up data to an offsite system or ship an external drive to an offsite location. However, backups do not include any IT infrastructure, so they are not considered a full disaster recovery solution. 
  • Backup as a service (BaaS): Similar to remote data backups, BaaS solutions provide regular data backups offered by a third-party provider. 
  • Disaster recovery as a service (DRaaS): Many cloud providers offer DRaaS, along with cloud service models like IaaS and PaaS . A DRaaS service model allows you to back up your data and IT infrastructure and host them on a third-party provider’s cloud infrastructure. During a crisis, the provider will implement and orchestrate your DR plan to help recover access and functionality with minimal interruption to operations.  
  • Point-in-time snapshots: Also known as point-in-time copies, snapshots replicate data, files, or even an entire database at a specific point in time. Snapshots can be used to restore data as long as the copy is stored in a location unaffected by the event. However, some data loss can occur depending on when the snapshot was made. 
  • Virtual DR: Virtual DR solutions allow you to back up operations and data or even create a complete replica of your IT infrastructure and run it on offsite virtual machines (VMs). In the event of a disaster, you can reload your backup and resume operation quickly. This solution requires frequent data and workload transfers to be effective. 
  • Disaster recovery sites: These are locations that organizations can temporarily use after a disaster event, which contain backups of data, systems, and other technology infrastructure.

Benefits of disaster recovery

Stronger business continuity.

Every second counts when your business goes offline, impacting productivity, customer experience, and your company’s reputation. Disaster recovery helps safeguard critical business operations by ensuring they can recover with minimal or no interruption. 

Enhanced security

DR plans use data backup and other procedures that strengthen your security posture and limit the impact of attacks and other security risks. For example, cloud-based disaster recovery solutions offer built-in security capabilities, such as advanced encryption, identity and access management, and organizational policy. 

Faster recovery

Disaster recovery solutions make restoring your data and workloads easier so you can get business operations back online quickly after a catastrophic event. DR plans leverage data replication and often rely on automated recovery to minimize downtime and data loss.

Reduced recovery costs

The monetary impacts of a disaster event can be significant, ranging from loss of business and productivity to data privacy penalties to ransoms. With disaster recovery, you can avoid, or at least minimize, some of these costs. Cloud DR processes can also reduce the operating costs of running and maintaining a secondary location.

High availability

Many cloud-based services come with high availability (HA) features that can support your DR strategy. HA capabilities help ensure an agreed level of performance and offer built-in redundancy and automatic failover, protecting data against equipment failure and other smaller-scale events that may impact data availability. 

Better compliance

DR planning supports compliance requirements by considering potential risks and defining a set of specific procedures and protections for your data and workloads in the event of a disaster. This usually includes strong data backup practices, DR sites, and regularly testing your DR plan to ensure that your organization is prepared. 

Planning a disaster recovery strategy

A comprehensive disaster recovery strategy should include detailed emergency response requirements, backup operations, and recovery procedures. DR strategies and plans often help form a broader business continuity strategy, which includes contingency plans to mitigate impact beyond IT infrastructure and systems, allowing all business areas to resume normal operations as soon as possible. 

When it comes to creating disaster recovery strategies, you should carefully consider the following key metrics: 

  • Recovery time objective (RTO): The maximum acceptable length of time that systems and applications can be down without causing significant damage to the business. For example, some applications can be offline for an hour, while others might need to recover in minutes.
  • Recovery point objective (RPO) : The maximum age of data you need to recover to resume operations after a major event. RPO helps to define the frequency of backups. 

These metrics are particularly useful when conducting risk assessments and business impact analysis (BIA) for potential disasters, from moderate to worst-case scenarios. Risk assessments and BIAs evaluate all functional areas of a business and the consequences of any risks, which can help define DR goals and the actions needed to achieve them before or after an event occurs. 

When creating your recovery strategy, it’s useful to consider your RTO and RPO values and pick a DR pattern that will enable you to meet those values and your overall goals. Typically, the smaller your values (or the faster your applications need to recover after an interruption), the higher the cost to run your application. 

Cloud disaster recovery can greatly reduce the costs of RTO and RPO when it comes to fulfilling on-premises requirements for capacity, security, network infrastructure, bandwidth, support, and facilities. A highly managed service on Google Cloud can help you avoid most, if not all, complicating factors and allow you to reduce many business costs significantly. 

For more guidance on using Google Cloud to address disaster recovery, you can read our Disaster recovery planning guide or contact your account manager for help with creating a DR plan.

Solve your business challenges with Google Cloud

What is disaster recovery used for, ensure business resilience.

No matter what happens, a good DR plan can ensure that the business can return to full operations rapidly, without losing data or transactions.

Maintain competitiveness

When a business goes offline, customers are rarely loyal. They turn to competitors to get the goods or services they require. A DR plan prevents this.

Avoid regulatory risks

Many industries have regulations dictating where data can be stored and how it must be protected. Heavy fines result if these mandates are not met.

Avoid data loss

The longer a business’s systems are down, the greater the risk that data will be lost. A robust DR plan minimizes this risk.

Keep customers happy

Meeting customer service level agreements (SLAs) is always a priority. A well-executed DR plan can help businesses achieve SLAs despite challenges.

Maintain reputation

A business that has trouble resuming operations after an outage can suffer brand damage. For that reason, a solid DR plan is critical.

Related products and services

Google offers many products that can be used as building blocks when creating a secure and reliable DR plan, including Cloud Storage .

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Start your next project, explore interactive tutorials, and manage your account.

  • Need help getting started? Contact sales
  • Work with a trusted partner Find a partner
  • Continue browsing See all products
  • Get tips & best practices See tutorials

Choose region and language

  • Brasil Português
  • Mexico Español
  • United States + Canada English

Asia-Pacific

  • Chinese Simplified 简体中文
  • Chinese Traditional 繁體中文
  • Indonesia Bahasa Indonesia
  • Singapore English
  • Vietnam Tiếng Việt
  • India हिन्दी

What is a disaster recovery plan (DRP) and how to create one?

Acronis

Disasters that affect your IT capabilities happen more often than you think, but only 6% are caused by a natural disaster. The vast majority of disasters that cause significant IT downtime are human error, hardware and software failure, and cyberattacks. There are even stories circulating that talk of how a newly hired IT technician inadvertently deleted all company data on his first day!

During the past three years, 93% of businesses have been hit by a natural or human-made disaster – and many of these organizations could not recover.  

Whether your organization is large or small, the only way to prepare for a disaster is to develop and exercise a disaster recovery plan.

What is a disaster recovery plan (DRP)?

An IT disaster recovery plan (DRP ) is a written document that spells out the policies, step-by-step procedures, and responsibilities to recover an organization's IT systems and data and get IT operations back up and running when a disaster happens. This plan is a sub-component of the organization's  Business Continuity Plan (BCP) .

Once developed, the DR plan must be tested (or exercised) to ensure that the IT team can fully recover the organization's IT systems regardless of the type of disaster. 

Disasters arrive unannounced, so it is essential to get an IT DR plan in place as soon as possible. A fully operational plan will help minimize risk exposure, reduce disruption, and ensure economic stability. It will also reduce insurance premiums and potential liability, and ensure your organization complies with regulatory requirements. Most importantly, a well-executed plan can save your organization thousands – even hundreds of thousands – of dollars in the event of a disaster.

Data is a valuable asset: Customer data; financial, human resource, and R&D documents; and emails are irreplaceable. Each document represents hours of work, and the ability to retrieve it is essential. To determine how much a disaster can cost your organization, consider the cost of system downtime – the impact on employee productivity, the loss of billable hours, missed sales from a down e-commerce website, and penalties for failure to meet regulatory compliance obligations.

In a worst-case scenario, your DR plan may save your company.  

Acronis

What are the different Types of Disaster Recovery Plans?

There are four types of disaster recovery plans.

Virtualized Disaster Recovery Plan

With a virtual DR plan, your IT organization replicates the entire IT infrastructure and stores it on an  offsite Virtual Machine (VM) . Since VMs are hardware independent, you do not need the same hardware as the primary site, so you can quickly  back up your systems  and data to dissimilar hardware. When a disaster happens, you can failover IT operations to the offsite VM and recover from a disaster in just a few minutes. 

Network Disaster Recovery Plan

A disaster recovery plan helps your IT team respond to an unplanned interruption of network services during a disaster, including voice, data, internet, etc. The plan must include procedures for recovering an organization's network operations, including local area networks (LANs), wide-area networks (WANs), and wireless networks.

An unplanned interruption of network services can range from performance degradation to a complete outage.

Cloud Disaster Recovery Plan

With this type of plan, your systems and data are backed up to a public cloud located at least 150 miles from the primary site. When a disaster happens, IT can easily failover their operations to the disaster recovery site and fail back to the same or new hardware – even if that hardware is dissimilar - to resume normal operations. Public  cloud DR services  are available pay-as-you-go and can be accessed from anywhere.

Data Center Disaster Recovery Plan

This type of plan requires your organization to set up a separate facility only used when a disaster happens. There are three primary types of disaster recovery data centers - cold, warm, and hot.

  • A cold DR site is an office or data center located away from the primary site with power, heat, air conditioning, etc. but no running IT systems. Depending on the length of the disaster, an organization may install the necessary systems after the disaster hits.
  • A warm DR site offers office space and a technology infrastructure used when a disaster hits the primary site. A warm site has power, heat, air conditioning, network connectivity, and redundant hardware/software already up and running.  Backups  from the primary to the warm site are performed daily or weekly, which can result in some data loss. 
  • A hot site offers office space and a complete replica of the primary site's IT infrastructure, systems, applications, and up-to-date data. A hot site enables rapid recovery of all business processes. It is most expensive to maintain compared to other data center types, but, for many businesses, it's the most optimal solution.

The disaster recovery process

Every business needs a disaster recovery plan unique to its data requirements. To define the best approach for your business, you must weigh the value of your data, systems, and applications against the risk your organization can afford to assume. When creating disaster recovery plans, be sure to include the following steps:  

  • Establish a planning group.
  • Perform a risk assessment and define an acceptable  Recovery Point Objective (RPO)  and Recovery Time Objective (RTO).
  • Prepare an inventory of IT assets.
  • Identify dependencies and establish priorities.
  • Develop recovery strategies.
  • Develop a communication plan.
  • Develop documentation, verification criteria, procedures, and responsibilities.
  • Test, test, test the plan.
  • Implement the plan.
  • Maintain the IT infrastructure.

What are the five major elements of a disaster recovery plan?

We've outlined the basic steps in disaster recovery planning. Now, let's explore the five primary elements of a DR plan below.

Assign it recovery management team

A dedicated disaster recovery plan requires proper development, updates, and testing. It's best to form a dedicated disaster recovery team to cover all of those. Ideally, the team should include managers and employees from all branches of your organization.

The team's ultimate purpose is to design, develop, implement, test, and upgrade the DR plan to ensure you can recover core business services as quickly as possible following a disaster.

Moreover, the DR team should assign specific roles for each team member and their contact details in the DR plan document. The plan should also identify the first contact point (a responsible individual) in the event of a disaster.

Lastly, all company staff must have access to the detailed disaster recovery plan, know the disaster recovery processes, and understand their specific roles to cut down recovery time and quickly resume key operations after a disaster occurs.

Identify potential disaster risks

Organizations must identify potential data risks - human-made, due to natural disaster or cyber-attacks. Restoring important systems and business operations in a disaster can reduce downtime and minimize financial and reputational loss, which is critical to your company's success.

Once you've identified the potential risks applicable to your company, you can calculate the Recovery point objective (RPO) and Recovery time objectives (RTOs). Having a precise RPO and RTO lets you manage disaster recovery systems easier, thus leading to a smooth and rapid restoration.

Classify critical data, apps, and resources

The next step comprises your company's critical systems - apps, data, documents, and resources. (buildings, machinery, onsite IT infrastructure, human and intellectual resources, etc.)

The DRP should focus on successful contingency planning - how to continue revenue generation and ensure cash flow as a short-term goal. In the mid-and-long term, the DRP must define how to get your entire system back up and running to resume normal operations.

Outline and specify backup and offsite disaster recovery procedures

You can rely on a  Disaster-recovery-as-a-Service (DRaaS)  to manage onsite and offsite coordination or use a robust disaster recovery solution to manage the process individually.

In both cases, you should aim to present the disaster recovery plan strategies to all data-processing personnel, assign critical business operations, outline backup operations procedures, and determine internal recovery strategies for your primary business site and emergency response procedures for your offsite disaster recovery sites.

(if you rely on a fully-equipped secondary site, you should also create an alternate hot site plan; if you rely on a mobile data center, you should implement a mobile site setup plan)

Test and polish the plan

As your company grows, your DR risks and needs will also evolve. For example, if your company opens a new data center, it should be reflected in your DRP as soon as possible.

If you have more than one alternate site, it's best to use full resiliency program management. Bringing all of your information services backup procedures under one umbrella will let you design an appropriate emergency response for your data processing operations, mitigate business continuity risks, and, ultimately, enable rapid recovery to resume normal operations in the event of power outages and natural disasters.

Moreover, you will benefit from disaster recovery automation, which simplifies testing all technology recovery strategies. A tested disaster recovery plan ensures continuous innovation in line with the increased risk to your company data. Be it during power outages, natural disasters, or cyber-attacks, your organization will be prepared to restore even complex business operations rapidly.

What should you avoid during disaster recovery planning?

A disaster can cause chaos and create an environment where your DR team members make mistakes. To overcome this challenge, build your list of do's and don'ts for plan development and use it before, during, and after the crisis.

Here is a quick synopsis of some of the most important “dos and don'ts.”

What not to do:

  • Do not discount the importance of an IT disaster recovery plan because you have backups or have implemented high availability. You need such a plan no matter what!
  • Do not consider DR an expense. It's an investment.
  • Do not apply a single data protection strategy to all applications.
  • Do not assume that your network can handle the traffic during an emergency. Identify alternative forms of communication if you cannot use the network.
  • Do not create a DR plan just for the sake of having one or to simply satisfy executive management and your auditors.
  • Do not simplify disaster recovery process milestones. It may speed up the planning phase but will rarely be optimal in the long run.

What to do:

  • Be sure to get sponsorship for the DR plan from the executive team.
  • Look for disaster recovery plan examples to use as a template to speed the development and improve the accuracy of your plan.
  • Include key contact members from various departments in your planning committee. Include decision-makers from multiple departments - financial associates, customer service representatives, and IT personnel.
  • Safeguard data not stored centrally, including data stored on desktops, laptops, and mobile devices. Also, consider the following:
  • Virtual environments
  • Application-specific agents
  • Snapshot storage requirements
  • Server activation and documentation
  • Create a disaster recovery plan checklist to use as a quick reference when developing the DR plan and during an actual disaster. A list helps your team work quickly and perform tasks accurately.
  • Perform end-user acceptance testing.
  • Be sure to test a broad range of disaster scenarios regularly.
  • Update and test your disaster recovery plan regularly.
  • Choose a DR location that is not too close to your production site and can be remotely activated in the event of an emergency.
  • Plan frequent meetings to ensure that resources are still available during a disaster.

How are DR and business continuity plans different?

DR addresses the recovery of IT infrastructure during or following disruptive events. DR relies on data security services to restore critical systems and complement your business continuity planning (BCP).

A good disaster recovery plan ensures you can always access essential company data. Focusing on the bigger picture, BCP encompasses all necessary precautions to safeguard your data and employees to ensure continuous business operations.

BCP focuses on optimizing your data processing system, disaster site rebuilding, enterprise resource management, and more to ensure no unforeseen event will disrupt your business processes.

Your BCP team must examine all disaster recovery plan examples created by your DR team, consult on the best one, and implement it to fortify your backup system, minimize your Recovery Time Objective, and turn the perceived disaster recovery complexity into an understandable, easy-to-follow guideline for all responsible employees.

Disaster recovery plan templates

If you are a small- to medium-sized business (SMB), consider using an IT disaster recovery plan template to help guide you and your team through the plan development process.

There are many DR and business recovery plan templates available on the internet, including templates offered by Solutions Review, Smartsheet, and template.net. You can also find IT disaster recovery templates for small businesses at SupremusGroup. 

If this is the first time your organization is developing a plan, using a DR plan template ensures you do not miss important steps in the process and eliminates the costs associated with engaging a consultant. 

Testing your DR plan

You must test your disaster recovery plan and ensure you have all the elements in place for a successful test. This includes having a detailed script of test activities, ensuring that all IT components are in place and ready to use, documenting what happens during the test, and preparing a post-DR-test, after-action review.

Finding the right DRP solution

Implementing your DR plan means you'll need to find a DR solution that fits your IT requirements and is realistic about managing and testing. Many SMBs now work with managed service providers (MSPs) who deliver and administer their IT needs – outsourcing the expense of that mission-critical expertise. Many of those MSPs offer managed DR services that are built on Acronis'  disaster recovery solution . That's because, with Acronis, an MSP can add disaster recovery to your backup in a matter of minutes – so not only will you have backups that protect your data, applications, and systems, but when disaster strikes, you can spin up your IT systems in the cloud to keep your organization running. After the disaster passes, you'll be able to easily recover to the same, new, or dissimilar hardware.

How to Develop a Disaster Recovery Plan for Your IT Systems

About Acronis

Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 1,800 employees in 45 locations. The Acronis Cyber Protect Cloud solution is available in 26 languages in over 150 countries and is used by 20,000 service providers to protect over 750,000 businesses.

How the New Acronis #CyberFit Academy Empowers Partners asdasd…

As the novel coronavirus/COVID-19 continues to spread, impacting individuals, organizations, and communities across the globe, we want to share how Acronis is responding to the pandemic.

New update adds vulnerability assessments to Acronis True …

Working from home has become a critical part of containing the virus, but for small to mid-size businesses tackling remote work for the first time, there are security considerations to keep in mind.

With the coronavirus on the verge of being declared a global pandemic and thousands dead in its wake, there are sick attempts by criminals to scam unsuspected victims to profit from the illness.

Looking Forward to Better Days

Travel may be restricted and conferences canceled, but this crisis will eventually pass. To give us something to look forward to, let’s look at the session tracks for the 2020 Acronis Global Cyber Summit.

© 2024 Acronis International GmbH. Rheinweg 9, 8200 Schaffhausen, Switzerland. © All rights reserved.

Your information is used in accordance with our privacy statement . You receive this email because you are subscribed for a blog newsletter.

  • Customer Service
  • Send Feedback
  • Manage Subscriptions
  • Company Blog

More from Acronis

Acronis

U.S. flag

An official website of the United States government

Here’s how you know

world globe

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. .

National Disaster Recovery Framework

world globe

The National Disaster Recovery Framework (NDRF) enables effective recovery support to disaster-impacted states, tribes, territorial and local jurisdictions. It provides a flexible structure that enables disaster recovery managers to operate in a unified and collaborative manner. The NDRF focuses on how best to restore, redevelop and revitalize the health, social, economic, natural and environmental fabric of the community and build a more resilient nation.

The NDRF is a first step toward achieving a shared understanding and a common, integrated perspective in order to achieve unity of effort and to build a more resilient nation.

The National Disaster Recovery Framework defines:

Eight principles that guide recovery core capability development and recovery support activities.

A coordinating structure that facilitates communication and collaboration among all stakeholders, guidance for pre- and post-disaster recovery planning.

Roles and responsibilities of recovery coordinators and other stakeholders.

The overall process by which communities can capitalize on opportunities to rebuild stronger, smarter and safer.

View and Download the Framework

National Disaster Recovery Framework report cover

NDRF Fact Sheet

Recovery Support Function Leadership Group (RSFLG)

The Recovery Support Function Leadership Group (RSFLG) allows federal agencies to coordinate disaster recovery work under the National Disaster Recovery Framework (NDRF) across the six Recovery Support Functions in order to provide communities with unified federal assistance as quickly and effectively as possible.

Learn about Recovery Support Function Leadership Group (RSFLG) 's responsibilities, membership and priorities.

Additional Resources

Our National Preparedness Planning page provides information on operational and strategic planning.

A generic fact sheet document.

OneResponder : Use this free and accessible online system to help you manage your personnel and resources within the NIMS framework.

Pre-Disaster Recovery Guides

  • State Governments : Enables states to more easily adapt to new post-disaster roles needed to manage new or modified sources of state and federal recovery resources.
  • Local Governments : Provides tools for public engagement, whole-community recovery, identification of existing recovery resources, and identifying outside partnerships to help build resilience.
  • Tribal Governments : Designed to prepare tribal governments for future disasters by engaging with the whole community and planning for recovery activities that are comprehensive and long term.

Non-Stafford Act Events

Building on the principles and concepts outlined in the NRDF, Effective Coordination of Recovery Resources for State, Tribal, Territorial and Local Incidents is designed to be applied after an incident, either in concert with existing pre-incident recovery plans or to enhance post-incident planning efforts.

Black and blue background

Disaster recovery (DR) consists of IT technologies and best practices designed to prevent or minimize data loss and business disruption resulting from catastrophic events—everything from equipment failures and localized power outages to cyberattacks, civil emergencies, criminal or military attacks, and natural disasters.

Many businesses—especially small- and mid-sized organizations—neglect to develop a reliable, practicable disaster recovery plan. Without such a plan, they have little protection from the impact of significantly disruptive events.

Infrastructure failure can cost as much as  USD 100,000 per hour  (link resides outside IBM), and critical application failure costs can range from USD 500,000 to USD 1 million per hour. Many businesses cannot recover from such losses. More than 40% of small businesses will not re-open after experiencing a disaster, and among those that do, an additional 25% will fail within the first year after the crisis. Disaster recovery planning can dramatically reduce these risks.

Disaster recovery planning involves strategizing, planning, deploying appropriate technology, and continuous testing. Maintaining backups of your data is a critical component of disaster recovery planning, but a backup and recovery process alone does not constitute a full disaster recovery plan.

Disaster recovery also involves ensuring that adequate storage and compute is available to maintain robust failover and failback procedures.  Failover  is the process of offloading workloads to backup systems so that production processes and end-user experiences are disrupted as little as possible.  Failback  involves switching back to the original primary systems.

Read our article to learn more information about  the important distinction between backup and disaster recovery planning .

Business continuity planning creates systems and processes to ensure that all areas of your enterprise will be able to maintain essential operations or be able to resume them as quickly as possible in the event of a crisis or emergency. Disaster recovery planning is the subset of business continuity planning that focuses on recovering IT infrastructure and systems.

Business impact analysis

The creation of a comprehensive disaster recovery plan begins with business impact analysis. When performing this analysis, you’ll create a series of detailed disaster scenarios that can then be used to predict the size and scope of the losses you’d incur if certain business processes were disrupted. What if your customer service call center was destroyed by fire, for instance? Or an earthquake struck your headquarters?

This will allow you to identify the areas and functions of the business that are the most critical and enable you to determine how much downtime each of these critical functions could tolerate. With this information in hand, you can begin to create a plan for how the most critical operations could be maintained in various scenarios.

IT disaster recovery planning should follow from and support business continuity planning. If, for instance, your business continuity plan calls for customer service representatives to work from home in the aftermath of a call center fire, what types of hardware, software, and IT resources would need to be available to support that plan?

Risk analysis

Assessing the likelihood and potential consequences of the risks your business faces is also an essential component of disaster recovery planning. As cyberattacks and ransomware become more prevalent, it’s critical to understand the general cybersecurity risks that all enterprises confront today as well as the risks that are specific to your industry and geographical location.

For a variety of scenarios, including natural disasters, equipment failure, insider threats, sabotage, and employee errors, you’ll want to evaluate your risks and consider the overall impact on your business. Ask yourself the following questions:

  • What financial losses due to missed sales opportunities or disruptions to revenue-generating activities would you incur?
  • What kinds of damage would your brand’s reputation undergo? How would customer satisfaction be impacted?
  • How would employee productivity be impacted? How many labor hours might be lost?
  • What risks might the incident pose to human health or safety?
  • Would progress towards any business initiatives or goals be impacted? How?

Prioritizing applications

Not all workloads are equally critical to your business’s ability to maintain operations, and downtime is far more tolerable for some applications than it is for others. Separate your systems and applications into three tiers, depending on how long you could stand to have them be down and how serious the consequences of data loss would be.

  • Mission-critical:  Applications whose functioning is essential to your business’s survival.
  • Important:  Applications for which you could tolerate relatively short periods of downtime.
  • Non-essential:  Applications you could temporarily replace with manual processes or do without.

Documenting dependencies

The next step in disaster recovery planning is creating a complete inventory of your hardware and software assets. It’s essential to understand critical application interdependencies at this stage. If one software application goes down, which others will be affected?

Designing resiliency—and disaster recovery models—into systems as they are initially built is the best way to manage application interdependencies. It’s all too common in today’s  microservices -based architectures to discover processes that can’t be initiated when other systems or processes are down, and vice versa. This is a challenging situation to recover from, and it’s vital to uncover such problems when you have time to develop alternate plans for your systems and processes—before an actual disaster strikes.

Establishing recovery time objectives, recovery point objectives, and recovery consistency objectives

By considering your risk and business impact analyses, you should be able to establish objectives for how long you’d need it to take to bring systems back up, how much data you could stand to use, and how much data corruption or deviation you could tolerate.

Your recovery time objective (RTO) is the maximum amount of time it should take to restore application or system functioning following a service disruption.

Your recovery point objective (RPO) is the maximum age of the data that must be recovered in order for your business to resume regular operations. For some businesses, losing even a few minutes’ worth of data can be catastrophic, while those in other industries may be able to tolerate longer windows.

A recovery consistency objective (RCO) is established in the service-level agreement (SLA) for continuous data protection services. It is a metric that indicates how many inconsistent entries in business data from recovered processes or systems are tolerable in disaster recovery situations, describing business data integrity across complex application environments.

Regulatory compliance issues

All disaster recovery software and solutions that your enterprise have established must satisfy any data protection and security requirements that you’re mandated to adhere to. This means that all data backup and failover systems must be designed to meet the same standards for ensuring data confidentiality and integrity as your primary systems.

At the same time, several regulatory standards stipulate that all businesses must maintain disaster recovery and/or business continuity plans. The Sarbanes-Oxley Act (SOX), for instance, requires all publicly held firms in the U.S. to maintain copies of all business records for a minimum of five years. Failure to comply with this regulation (including neglecting to establish and test appropriate data backup systems) can result in significant financial penalties for companies and even jail time for their leaders.

Choosing technologies

Backups serve as the foundation upon which any solid disaster recovery plan is built. In the past, most enterprises relied on tape and spinning disks (HDD) for backups, maintaining multiple copies of their data and storing at least one at an offsite location.

In today’s always-on digitally transforming world, tape backups in offsite repositories often cannot achieve the RTOs necessary to maintain business-critical operations. Architecting your own disaster recovery solution involves replicating many of the capabilities of your production environment and will require you to incur costs for support staff, administration, facilities, and infrastructure. For this reason, many organizations are turning to cloud-based backup solutions or full-scale Disaster-Recovery-as-a-Service (DRaaS) providers.

Choosing recovery site locations

Building your own disaster recovery  data center  involves balancing several competing objectives. On the one hand, a copy of your data should be stored somewhere that’s geographically distant enough from your headquarters or office locations that it won’t be affected by the same seismic events, environmental threats, or other hazards as your main site. On the other hand, backups stored offsite always take longer to restore from than those located on-premises at the primary site, and network latency can be even greater across longer distances.

Continuous testing and review

Simply put, if your disaster recovery plan has not been tested, it cannot be relied upon. All employees with relevant responsibilities should participate in the disaster recovery test exercise, which may include maintaining operations from the failover site for a period of time.

If performing comprehensive disaster recovery testing is outside your budget or capabilities, you can also schedule a “tabletop exercise” walkthrough of the test procedures, though you should be aware that this kind of testing is less likely to reveal anomalies or weaknesses in your DR procedures—especially the presence of previously undiscovered application interdependencies—than a full test.

As your hardware and software assets change over time, you’ll want to be sure that your disaster recovery plan gets updated as well. You’ll want to periodically review and revise the plan on an ongoing basis.

The IBM Knowledge Center provides an  example of a disaster recovery plan .

Disaster-Recovery-as-a-Service (DRaaS) is one of the most popular and fast-growing managed IT service offerings available today. Your vendor will document RTOs and RPOs in a service-level agreement (SLA) that outlines your downtime limits and application recovery expectations.

DRaaS vendors typically provide cloud-based failover environments. This model offers significant cost savings compared with maintaining redundant dedicated hardware resources in your own data center. Contracts are available in which you pay a fee for maintaining failover capabilities plus the per-use costs of the resources consumed in a disaster recovery situation. Your vendor will typically assume all responsibility for configuring and maintaining the failover environment.

Disaster recovery service offerings differ from vendor to vendor. Some vendors define their offering as a comprehensive, all-in-one solution, while others offer piecemeal services ranging from single application restoration to full data center replication in the cloud. Some offerings may include disaster recovery planning or testing services, while others will charge an additional consulting fee for these offerings.

Be sure that any enterprise software applications you rely on are supported, as are any public cloud providers that you’re working with. You’ll also want to ensure that application performance is satisfactory in the failover environment, and that the failover and failback procedures have been well tested.

If you have already built an on-premises disaster recovery (DR) solution, it can be challenging to evaluate the costs and benefits of maintaining it versus moving to a monthly DRaaS subscription instead.

Most on-premises DR solutions will incur costs for hardware, power, labor for maintenance and administration, software, and network connectivity. In addition to the upfront capital expenditures involved in the initial setup of your DR environment, you’ll need to budget for regular software upgrades. Because your DR solution must remain compatible with your primary production environment, you’ll want to ensure that your DR solution has the same software versions. Depending upon the specifics of your licensing agreement, this might effectively double your software costs.

Not only can moving to a DRaaS subscription reduce your hardware and software expenditures, it can lower your labor costs by moving the burden of maintaining the failover site to the vendor.

If you’re considering third-party DRaaS solutions, you’ll want to make sure that the vendor has the capacity for cross-regional multi-site backups. If a significant weather event like a hurricane impacted your primary office location, would the failover site be far enough away to remain unaffected by the storm? Also, would the vendor have adequate capacity to meet the combined needs of all its customers in your area if many were impacted at the same time? You’re trusting your DRaaS vendor to meet RTOs and RPOs in times of crisis, so look for a service provider with a strong reputation for reliability.

Read “ Disaster Recovery as a Service (DRaaS) vs. Disaster Recovery (DR): Which Do You Need? ” for a comparative overview of both solutions.

Protect your data with a cloud disaster recovery plan.

Achieve RPO in seconds and RTO in minutes, with an easy-to-deploy and scalable data-protection solution.

Run smoother with deployment options for every workload. Our network is resilient, redundant, highly available.

Gain the skills and knowledge required to begin a career as an IBM Cloud Professional Architect. Validate your capabilities in an interactive curriculum that prepares you for IBM Cloud certification.

Learn the basics of backup and disaster recovery so you can formulate effective plans that minimize downtime.

Compare the costs, benefits, and functionality of on-premises disaster recovery solutions and DRaaS.

Disaster recovery solutions based in the IBM Cloud are resilient and reliable. You can provision a failover site in any of the more than 60 data centers located in six regions and in 18 global availability zones for low latency and in order to meet geographically-specific business requirements.

2023 AWS Global Storage Partner of the Year | 2023 AWS Global Storage PoY | Schedule a meeting

Disaster Recovery Plan

Disaster recovery plan definition.

What is a disaster recovery plan? A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and more generally promote recovery.

The purpose of a disaster recovery plan is to comprehensively explain the consistent actions that must be taken before, during, and after a natural or man-made disaster so that the entire team can take those actions. A disaster recovery plan should address both man-made disasters that are intentional, such as fallout from terrorism or hacking, or accidental, such as an equipment failure.

What is a disaster recovery plan ?

Organizations of all sizes generate and manage massive amounts of data, much of it mission critical. The impact of corruption or data loss from human error, hardware failure, malware, or hacking can be substantial. Therefore, it is essential to create a disaster recovery plan for the restoration of business data from a data backup image.

It is most effective to develop an information technology (IT) disaster recovery plan in conjunction with the business continuity plan (BCP). A business continuity plan is a complete organizational plan that consists of five components:

1. Business resumption plan 2. Occupant emergency plan 3. Continuity of operations plan 4. Incident management plan (IMP) 5. Disaster recovery plan

Generally, components one through three do not touch upon IT infrastructure at all. The incident management plan typically establishes procedures and a structure to address cyber attacks against IT systems during normal times, so it does not deal with the IT infrastructure during disaster recovery. For this reason, the disaster recovery plan is the only component of the BCP of interest to IT.

Among the first steps in developing such adisaster recovery strategy is business impact analysis, during which the team should develop IT priorities and recovery time objectives. The team should time technology recovery strategies for restoring applications, hardware, and data to meet business recovery needs.

Every situation is unique and there is no single correct way to develop a disaster recovery plan. However, there are three principal goals of disaster recovery that form the core of most DRPs:

  • prevention, including proper backups, generators, and surge protectors
  • detection of new potential threats, a natural byproduct of routine inspections
  • correction, which might include holding a “lessons learned” brainstorming session and securing proper insurance policies

What should a disaster recovery plan include?

Although specific disaster recovery plan formats may vary, the structure of a disaster recovery plan should include several features:

Goals A statement of goals will outline what the organization wants to achieve during or after a disaster, including the recovery time objective (RTO) and the recovery point objective (RPO). The recovery point objective refers to how much data (in terms of the most recent changes) the company is willing to lose after a disaster occurs. For example, an RPO might be to lose no more than one hour of data, which means data backups must occur at least every hour to meet this objective.

Recovery time objective or RTO refers to the acceptable downtime after an outage before business processes and systems must be restored to operation. For example, the business must be able to return to operations within 4 hours in order to avoid unacceptable impacts to business continuity.

Personnel Every disaster recovery plan must detail the personnel who are responsible for the execution of the DR plan, and make provisions for individual people becoming unavailable.

IT inventory An updated IT inventory must list the details about all hardware and software assets, as well as any cloud services necessary for the company’s operation, including whether or not they are business critical, and whether they are owned, leased, or used as a service.

Backup procedures The DRP must set forth how each data resource is backed up – exactly where, on which devices and in which folders, and how the team should recover each resource from backup.

Disaster recovery procedures These specific procedures, distinct from backup procedures, should detail all emergency responses, including last-minute backups, mitigation procedures, limitation of damages, and eradication of cybersecurity threats.

Disaster recovery sites Any robust disaster recovery plan should designate a hot disaster recovery site. Located remotely, all data can be frequently backed up to or replicated at a hot disaster recovery site — an alternative data center holding all critical systems. This way, when disaster strikes, operations can be instantly switched over to the hot site.

Restoration procedures Finally, follow best practices to ensure a disaster recovery plan includes detailed restoration procedures for recovering from a loss of full systems operations. In other words, every detail to get each aspect of the business back online should be in the plan, even if you start with a disaster recovery plan template. Here are some procedures to consider at each step.

Include not just objectives such as the results of risk analysis and RPOs, RTOs, and SLAs, but also a structured approach for meeting these goals. The DRP must address each type of downtime and disaster with a step-by-step plan, including data loss, flooding, natural disasters, power outages, ransomware, server failure, site-wide outages, and other issues. Be sure to enrich any IT disaster recovery plan template with these critical details.

Create a list of IT staff including contact information, roles, and responsibilities. Ensure each team member is familiar with the company disaster recovery plan before it is needed so that individual team members have the necessary access levels and passwords to meet their responsibilities. Always designate alternates for any emergency, even if you think your team can’t be affected.

Address business continuity planning and disaster recovery by providing details about mission-critical applications in your DRP. Include accountable parties for both troubleshooting any issues and ensuring operations are running smoothly. If your organization will use cloud backup services or disaster recovery services, vendor name and contact information, and a list of authorized employees who can request support during a disaster should be in the plan; ideally the vendor and organizational contacts should know of each other.

Media communication best practices are also part of a robust disaster recovery and business continuity plan. A designated public relations contact and media plan are particularly useful to high profile organizations, enterprises, and users who need 24/7 availability, such as government agencies or healthcare providers. Look for disaster recovery plan examples in your industry or vertical for specific best practices and language.

Benefits of a disaster recovery plan

Obviously, a disaster recovery plan details scenarios for reducing interruptions and resuming operations rapidly in the aftermath of a disaster. It is a central piece of the business continuity plan and should be designed to prevent data loss and enable sufficient IT recovery.

Beyond the clear benefit of improved business continuity under any circumstances, having a company disaster recovery plan can help an organization in several other important ways.

Cost-efficiency Disaster recovery plans include various components that improve cost-efficiency. The most important elements include prevention, detection, and correction, as discussed above. Preventative measures reduce the risks from man-made disasters. Detection measures are designed to quickly identify problems when they do happen, and corrective measures restore lost data and enable a rapid resumption of operations.

Achieving cost-efficiency goals demands regular maintenance of IT systems in their optimal condition, high-level analysis of potential threats, and implementation of innovative cybersecurity solutions. Keeping software updated and systems optimally maintained saves time and is more cost-effective. Adopting cloud-based data management as a part of disaster recovery planning can further reduce the costs of backups and maintenance.

Increased productivity Designating specific roles and responsibilities along with accountability as a disaster recovery plan demands increases effectiveness and productivity in your team. It also ensures redundancies in personnel for key tasks, improving sick day productivity, and reducing the costs of turnover.

Improved customer retention Customers do not easily forgive failures or downtime, especially if they result in loss of sensitive data. Disaster recovery planning helps organizations meet and maintain a higher quality of service in every situation. Reducing the risks your customers face from data loss and downtime ensures they receive better service from you during and after a disaster, shoring up their loyalty.

Compliance Enterprise business users, financial markets, healthcare patients, and government entities, all rely on availability, uptime, and the disaster recovery plans of important organizations. These organizations in turn rely on their DRPs to stay compliant with industry regulations such as HIPAA and FINRA.

Scalability Planning disaster recovery allows businesses to identify innovative solutions to reduce the costs of archive maintenance, backups, and recovery. Cloud-based data storage and related technologies enhance and simplify the process and add flexibility and scalability.

The disaster recovery planning process can reduce the risk of human error, eliminate superfluous hardware, and streamline the entire IT process. In this way, the planning process itself becomes one of the advantages of disaster recovery planning, streamlining the business, and rendering it more profitable and resilient before anything ever goes wrong.

Ways to develop a disaster recovery plan

There are several steps in the development of a disaster recovery plan. Although these may vary somewhat based on the organization, here are the basic disaster recovery plan steps:

Risk assessment First, perform a risk assessment and business impact analysis (BIA) that addresses many potential disasters. Analyze each functional area of the organization to determine possible consequences from middle of the road scenarios to “worst-case” situations, such as total loss of the main building. Robust disaster recovery plans set goals by evaluating risks up front, as part of the larger business continuity plan, to allow critical business operations to continue for customers and users as IT addresses the event and its fallout.

Consider infrastructure and geographical risk factors in your risk analysis. For example, the ability of employees to access the data center in case of a natural disaster, whether or not you use cloud backup, and whether you have a single site or multiple sites are all relevant here. Be sure to include this information, even if you’re working from a sample disaster recovery plan.

Evaluate critical needs Next, establish priorities for operations and processing by evaluating the critical needs of each department. Prepare written agreements for selected alternatives, and include details specifying all special security procedures, availability, cost, duration, guarantee of compatibility, hours of operation, what constitutes an emergency, non-mainframe resource requirements, system testing, termination conditions, a procedure notifying users of system changes, personnel requirements, specs on required processing hardware and other equipment, a service extension negotiation process, and other contractual issues.

Set disaster recovery plan objectives Create a list of mission-critical operations to plan for business continuity, and then determine which data, applications, equipment, or user accesses are necessary to support those functions. Based on the cost of downtime, determine each function’s recovery time objective (RTO). This is the target amount of time in hours, minutes, or seconds an operation or application can be offline without an unacceptable business impact.

Determine the recovery point objective (RPO), or the point in time back to which you must recover the application. This is essentially the amount of data the organization can afford to lose.

Assess any service level agreements (SLAs) that your organization has promised to users, executives, or other stakeholders.

Collect data and create the written document Collect data for your plan using pre-formatted forms as needed. Data to collect in this stage may include:

  • lists (critical contact information list, backup employee position listing, master vendor list, master call list, notification checklist)
  • inventories (communications equipment, data center computer hardware, documentation, forms, insurance policies, microcomputer hardware and software, office equipment, off-site storage location equipment, workgroup hardware, etc.)
  • schedules for software and data files backup/retention
  • procedures for system restore/recovery
  • temporary disaster recovery locations
  • other documentation, inventories, lists, and materials

Organize and use the collected data in your written, documented plan.

Test and revise Next, develop criteria and procedures for testing the plan. This is essential to ensure the organization has adopted compatible, feasible backup procedures and facilities, and to identify areas that should be modified. It also allows the team to be trained, and proves the value of the DRP and ability of the organization to withstand disasters.

Finally, test the plan based on the criteria and procedures. Conduct an initial dry run or structured walk-through test and correct any problems, ideally outside normal operational hours. Types of business disaster recovery plan tests include: disaster recovery plan checklist tests, full interruption tests, parallel tests, and simulation tests.

The recovery point objective, or RPO, refers to how much data (in terms of the most recent changes) the company is willing to lose after a disaster occurs. For example, an RPO might be to lose no more than one hour of data, which means data backups must occur at least every hour to meet this objective.

The RPO answers this question: “How much data could be lost without significantly impacting the business?”

Example: If the RPO for a business is 20 hours and the last available good copy of data after an outage is 18 hours old, we are still within the RPO’s parameters.

In other words, the RTO answers the question: “How much time after notification of business process disruption should it take to recover?”

To compare RPO and RTO , consider that RPO means a variable amount of data that would need to be re-entered after a loss or would be lost altogether during network downtime. In contrast, RTO refers to how much real time can elapse before the disruption unacceptably impedes normal business operations.

It is important to expose the gap between actuals and objectives set forth in the disaster recovery plan. Only business disruption and disaster rehearsals can expose actuals—specifically Recovery Point Actual (RPA) and Recovery Time Actual (RTA). Refining these differences brings the plan up to speed.

Strategies and tools for a disaster recovery plan

The right strategies and tools help implement a disaster recovery plan.

Traditional on-premises recovery strategies The IT team should develop disaster recovery strategies for IT applications, systems, and data. This includes desktops, data, networks, connectivity, servers, wireless devices, and laptops. Identify IT resources that support time-sensitive business processes and functions so their recovery times match.

Information technology systems require connectivity, data, hardware, and software. The entire system may fail due to a single component, so recovery strategies should anticipate the loss of one or more of these system components:

  • Secure, climate-controlled computer room environment with backup power supply
  • Connectivity to a service provider
  • Hardware such as desktop and laptop computers, networks, wireless devices and peripherals, and servers
  • Software applications such as electronic mail, electronic data interchange, enterprise resource management, and office productivity

Data and restoration For business applications that cannot tolerate downtime, actual parallel computing, data mirroring, or multiple data center synchronization is possible yet costly. Other solutions for mission critical business applications and sensitive data include cloud backup and cloud-native disaster recovery, which reduce the need for expensive hardware and IT infrastructure.

Internal recovery strategies Some enterprises store data at multiple facilities and configure hardware to run similar applications from data center to data center when needed. Assuming off-site data backup or data mirroring are taking place, processing can continue and data can be restored at an alternate site under these circumstances. However, this is a costly solution, and one that demands an internal solution that is itself infallible.

Cloud-based disaster recovery strategies Cloud-based vendors offer Disaster recovery as a service (DRaaS), which are essentially “hot sites” for IT disaster recovery hosted in the cloud. DRaaS leverages the cloud to provide fully configured recovery sites that mirror the applications in the local data center. This allows users a more immediate response, allowing them the ability to recover critical applications in the cloud, keeping them ready for use at the time of a disaster.

Vendors can host and manage applications, data security services, and data streams, enabling access to information via web browser at the primary business site or other sites. These vendors can typically enhance cybersecurity because their ongoing monitoring for outages offers data filtering and detection of malware threats. If the vendor detects an outage at the client site, they hold all client data automatically until the system is restored. In this sense, the cloud is essential to security planning and disaster recovery.

Does Druva offer a cloud disaster recovery plan ?

With Druva’s cloud-native disaster recovery plan, workloads on-premises or in the cloud back up directly to the Druva Cloud Platform, built on AWS. This eliminates recovery complexities by enabling automated runbook execution and one-click disaster recovery. Druva’s cloud-native disaster recovery includes failover and failback, either back to on-premises systems or to any AWS region or account without hardware, a managed DR site, or excessive administration.

Watch the video below for a demo, and discover Druva's innovative one-click solutions for on-premises and cloud workloads on the disaster recovery page of the website .

Related Terms

Now that you’ve learned about the disaster recovery plan, brush up on these related terms with Druva’s glossary:

  • What is cyber resilience?
  • What is an RPO?
  • What is an RTO?
  • QUICK LINKS
  • How to enroll
  • Career services

What makes an effective disaster recovery plan?

IT professional using a laptop to backup information as part of a disaster recovery plan

By Michael Feder

At a glance

  • With IT recovery protocols in place, a company can maintain business operations during and after disruptive events.
  • The goal of a contingency plan is to keep all systems operational during a disaster. A disaster recovery plan, however, focuses on returning IT operations, and everything they affect, back to normal after a disruption.
  • An effective disaster recovery plan includes creating network maps, backups and policies for rapid recovery of systems and data loss.
  • Want to build your IT skills? Learn more about online IT programs at University of Phoenix.

What is a disaster recovery plan?

From cyberattacks to crashing servers to extended power outages, technology has vulnerabilities that can have far-reaching effects. This is especially true for businesses. Organizations that rely on technology not only have to work to mitigate risk for such disruptions, but they also need a plan of action for if and when such interruptions occur. This plan is often called a disaster recovery plan , and it offers step-by-step instructions for protecting and recovering vital systems and data .

disaster recovery plans are effective for business not personal use true false

What is the importance of a disaster recovery plan?

Unplanned downtime can significantly impact business operations, not to mention an organization’s bottom line. A study by Deloitte, one of the world’s largest accounting firms, revealed that some companies that experienced a cyberattack saw, on average, a full-level downgrade in their credit rating.

Getting ahead of disasters like cyberattacks — as well as recovering quickly when one occurs — is the primary goal of a disaster recovery plan. The importance of a disaster recovery plan cannot be understated. With recovery protocols in place, your business can:

  • Maintain mission-critical continuity during and after disruptive situations
  • Provide superior customer-service experiences
  • Prepare cybersecurity professionals to react quickly to hardware, software and network failures
  • Minimize the impact of interruptions on operations
  • Reduce the economic impact of the interruption on your business’s financial health
  • Establish and test alternative ways to conduct business during a crisis
  • Train employees on emergency procedures, empowering them to keep calm during tense times
  • Create a plan for quick and efficient service restoration

How does a disaster recovery plan differ from a contingency plan?

Many businesses debate which is more important — a contingency plan or a disaster recovery plan. The truth is both are necessary for an overall business continuity plan.

Both involve proactive strategies that reduce negative impact of a disaster before, during and after one happens. Both are crucial for businesses that must survive during inclement weather, pandemics and cybersecurity threats. The differences, however, are key.

While similar, business continuity and disaster recovery plans serve different purposes. In short, the goal of a contingency plan is to keep everything running during a disaster . A disaster recovery plan, however, works to get operations back to normal after one occurs.

Contingency plans guide overall operations, while a disaster recovery plan focuses on IT-related issues, like recovering data and restoring critical systems after cyberattacks. In addition, while contingency plans help reduce downtime across the entire company, disaster recovery plans primarily focus on the functionality of IT systems.

Do I need a contingency plan and a disaster recovery plan?

Many companies include a disaster recovery plan within their overall contingency plan. The two plans complement each other. A business needs a contingency plan to remain operational when issues arise and a disaster recovery plan to implement the crucial IT elements of that plan.

read similar articles

disaster recovery plans are effective for business not personal use true false

What is network security and why is it important?

Who needs a disaster recovery plan.

Any company that uses computers or relies on technology needs a disaster recovery plan. A breakdown in business operations can result in unexpected costs, lost revenue, unhappy customers and a tarnished reputation. The longer it takes to recover, the bigger the impact on operations . With a disaster recovery plan, your business can bounce back more quickly from a crisis, regardless of where, how or when one occurs. Any company focused on prevention that sees the value in getting ahead of disasters needs to develop a disaster recovery plan.

What should a disaster recovery plan include?

An effective disaster recovery plan depends on your business’s size, scope and operations. The specific procedures and measures will depend on your business needs and long-term goals but generally should include the following:

  • Appointing on-site employees to specific roles and responsibilities during a crisis to establish redundancies and reduce errors
  • Ensuring contingencies when responsible individuals are unavailable
  • Updating your IT and application inventory regularly, including hardware, software and cloud-based services
  • Creating network maps , backups and policies for rapid recovery of systems and data loss
  • Detailing how, when and where all IT resources are backed up
  • Documenting all emergency-response procedures for any situation, such as fire, natural disasters and cyber threats
  • Listing step-by-step backup operations procedures to keep essential data processing and IT tasks running
  • Outlining recovery actions to initiate rapid systems restoration
  • Testing the disaster recovery plan regularly and practicing dry runs with employees to ensure they understand their responsibilities
  • Holding debriefings after recovery from a disruption and documenting what was learned

disaster recovery plans are effective for business not personal use true false

How to get into cybersecurity: Degrees, careers and salaries

How to develop an effective disaster recovery plan.

All companies can develop — and benefit from — a disaster recovery plan. It boils down to a simple cost–benefit analysis: Recover quickly and gain a competitive edge or recover slowly and lose customers and sales .

Developing an effective disaster recovery plan begins with analyzing security risks, so impact analysis and risk assessment skills are needed to understand and predict potential hazards. Be sure to look beyond IT. Consider infrastructure and geographical risk factors, as well as the critical technology needs of each department.

From there, following the bullet points listed above will provide a good start to a disaster recovery plan tailored to your organization.

Who is responsible for developing a business’s disaster recovery plan?

There should be responsible primary point of contact who can develop, deploy and manage a disaster recovery plan.

Some companies, especially smaller businesses, hire contractors or consultants to develop and implement disaster recovery plans. Others have an in-house information manage r who is in charge during a crisis. Either way, you’ll want skilled professionals who have experience in technology and education in computer information systems to lead your company out of whatever storm occurs and into a safe harbor of restored data and operations.

disaster recovery plans are effective for business not personal use true false

Information technology program options at University of Phoenix

Whether you’re seeking to gain a basic understanding of information technology or cybersecurity, or you’re a working professional looking to expand your skills, University of Phoenix offers  online course collections, bachelor’s degrees and master’s degrees . These include:

  • Bachelor of Science in Information Technology  — In this program you’ll learn essential cyber skills including business process, cybersecurity, information systems, operations and systems analysis.
  • Bachelor of Science in Cybersecurity   — This online program teaches skills such as security policies, network security, cybersecurity and more.
  • Master of Science in Cybersecurity  — This online program explores in depth such skills and topics as cybersecurity, security policies and vulnerability.
  • Certified Ethical Hacker Course Collection   — This course collection can help you prepare for the EC-Council Certified Ethical Hacker (CEH) certification exam. Topics include the phases of ethical hacking, recognizing weaknesses and vulnerabilities of a system, social engineering, IoT threats, risk mitigation and more.
  • Certified Incident Handler Course Collection   — This course collection can help you prepare for the EC-Council Certified Incident Handler (ECIH) certification exam. This specialist certification focuses on how to effectively handle security breaches. 
  • Certified Network Defender Course Collection   — This course collection can help prepare you for the entry-level EC-Council Certified Network Defender (CND) certification exam. Courses focus on protecting a network from potential security breaches.
  • Computer Hacking Forensics Investigator Course Collection   — This course collection can help prepare you to sit for the EC-Council Computer Hacking Forensics Investigator (CHFI) certification exam. You’ll learn about the latest technologies, tools and methodologies in digital forensics, including the dark web, IoT, malware, the cloud and data forensics.

want to read more like this?

article card image

What Is Enterprise Risk Management?

Online degrees.

January 01, 2023 • 6 minutes

article card image

Advantages of Receiving a Cloud Computing Certificate

May 11, 2023 • 7 minutes

article card image

What Is Pen Testing in Cybersecurity?

August 30, 2023 • 9 minutes

From COVID-19 to Hurricane Season: Disaster Preparedness for Small Business

Table of contents.

disaster recovery plans are effective for business not personal use true false

Running a small business is hard enough without having to rebuild after a natural disaster. Many businesses all over the world make the mistake of not properly preparing for disasters and are left to suffer the costly consequences. However, small business disaster preparedness planning is easier than you might think. We scoured the internet and interviewed risk management experts to bring you the best tips and resources, so you can finally check “disaster plan” off your to-do list.

What does good disaster preparedness look like?

What does good disaster preparedness mean? We asked Frank Russo, founder of risk management company  Procor Solutions + Consulting . He told us an impressive story.

There’s a large consumer goods retailer, he said, that calls a standing meeting after  every  major natural disaster, even ones that had no effect on their business. They talk about what they would have done if the disaster had happened at one of their locations. Russo said that the company builds these brainstorm sessions into a regular “catastrophe gaming process” where employees act out disaster situations. The real-life stress tests identify weak points – for example, a door that can’t be locked because the facilities person is on vacation.

In 2008, Hurricane Ike caused a major loss for this company in Houston, but it recovered quickly thanks to all its preparation – so quickly, in fact, that Russo says it actually saw higher-than-normal sales after the hurricane. Why? Because it was one of the only businesses open in the area.

In December 2019, the novel coronavirus (COVID-19) was detected in Wuhan, China, and quickly spread all over the world. As of March 11, 2020, the World Health Organization recognized the spread of the infectious disease as a pandemic. Businesses all over the world have been impacted by the coronavirus pandemic – if you are a small business owner, visit the CDC’s website for interim guidance for businesses and employers.

Natural disasters can end small businesses.

Studies show that more than 40% of small businesses close permanently after a disaster . Among the businesses that reopen, another 25% fail within a year.

A good disaster plan means fewer days out of business, better communication with customers, and a better settlement from your insurance company. Add it all up and your plan could be the reason your small business beats the odds.

Disaster Plan

Look, we know you have a long to-do list. But trustworthy government resources developed over the past few years have made putting together a disaster plan much easier than you’d think. As Russo says, “even a basic plan is better than no plan.”

Step 1: Identify risk.

Which of these large-scale disasters is a threat to your business?

  • Winter weather
  • Earthquakes

If you have a single location, you already know the answer. But what about any additional areas that are critical to the success of your business? Think about where computer servers are located, where goods are stored – even areas where your employees commute from or work remotely. This  risk assessment table from the Federal Emergency Management Agency (FEMA) will help.

If you have business insurance, make sure you’re covered for disasters that could hurt you. Your agent will be able to tell you what coverage you need.

One thing you can do in the next 15 minutes to make your business more prepared is review one of the U.S. Small Business Administration (SBA) and Agility Recovery checklists below.

If you’re ready to start your comprehensive plan, the FEMA Ready toolkits at the end of this article are the place to start.

Step 2: Develop a plan.

The key to developing any good plan is to put a single person in charge of it. This is your disaster plan coordinator. They decide how to develop the plan – but you, as the business owner or manager, should be clear about what they need to include. Here are some questions to think about when you assign this important task.

Does the plan coordinator need a supporting committee?

If your business is large enough that it has separate departments, the answer is probably yes. Each internal department will have its own unique assets, systems and requirements. You don’t want an outsider guessing what those might be.

Next, think about the entire scope of your operations. Do you ship hundreds of packages a day? Then you want to have someone at your shipping company as part of the supporting committee. Any vendor, supplier or government agency that you use on a day-to-day basis should be represented on your committee. They can explain their own disaster preparedness planning and how that will affect your post-disaster operations.

What are the minimum elements your plan requires?

The goal of a disaster plan is to help ensure the well-being of your employees, the stability of your location’s environment and, last but certainly not least, your ability to keep the business running. That may mean you need a 100-page guide, or you may just need a simple series of reference sheets. Either way, your planning coordinator needs to know the scope of your plan before they can properly develop it.

disaster recovery plans are effective for business not personal use true false

Your plan must address these three goals, at the very least. These are the minimum viable elements of a disaster plan:

  • An evacuation policy, including maps and routes
  • Whom employees should contact, inside and outside the company, for additional information about what to do
  • Who is required to stay onsite to perform essential functions or shut down important items
  • Who is responsible for rescue and medical duties
  • Employee emergency contact information, plus information about unique medical needs
  • Special instructions regarding hazardous materials and equipment, if necessary

What special circumstances does your plan need to address?

Direct your plan coordinator to address any special circumstances related to your employees, your environment or your business operations. Here are some examples:

  • An employee with mobility issues
  • An irreplaceable piece of equipment that requires maximum protection
  • A specific OSHA requirement for storage of a certain chemical

If you have business insurance, this is an excellent time in the prep process to involve your insurance agent. You know that monthly premium you pay? Part of what you’re paying for is access to the risk management experts at your insurer. They have seen the aftermath of disasters from coast to coast and can help you decide what to prioritize in your disaster planning.

Here are some other resources to help you build out your plan requirements.

  • CDC:  Coronavirus (COVID-19)
  • WHO:  Rolling updates on coronavirus disease (COVID-19)
  • Red Cross:  Ready Rating
  • S. Chamber of Commerce:  Small Business Disaster Preparation Quick Guide
  • FEMA Ready:  Business Impact Analysis
  • FEMA Ready:  Disaster Plan Performance Objectives
  • IRS:  Preparing for a Disaster

Step 3: Implement and train.

Your disaster plan coordinator, their supporting committee, and you, as the business owner or manager, should approve the final plan – but your work doesn’t stop there.

A disaster plan isn’t something you dust off when the red warning stripe comes across your TV screen. You’ll have action items as soon as your plan is complete. The idea is to identify things you can do now so you won’t have to do them in the days or hours before a natural disaster.

Here are a few examples.

Evacuation routes and wardens

In case of an evacuation, employees need to know where to go. Supply evacuation maps and post them in visible areas. Designate one or more individuals to make sure everyone gets out of the building safely – these folks are called evacuation wardens. The Occupational Safety and Health Administration (OSHA)  recommends you designate one warden for every 20 employees .

Disaster communications materials

Approve emergency communications for employees, customers, suppliers and other stakeholders. Write these now, with fill-in-the-blanks to cover disaster scenarios. Make sure people who need access have it both at work and at home. Don’t be like the state governor  who couldn’t tweet because he forgot his password .

Employee go bag

“In the event of a weather emergency, employee safety needs to be the No. 1 priority,” said Peter Duncanson, disaster preparedness and recovery expert at  ServiceMaster Restore . “Having a preparedness kit on hand, stocked with nonperishable food, clean water, first-aid supplies, and emergency tools like a hand-crank radio and backup batteries will all serve as valuable resources, especially if you have to wait out the storm for an extended period of time.”

When you plan the items to include in an employee go bag, consider how far employees travel to your work location and that roads may be rendered impassable. This  Red Cross quiz can help you decide what to include.

Every employee in your organization has a role to play during an emergency – even if it’s just getting themselves out of the building safely. Your plan should identify which employees are responsible for which roles.

Businesses of all sizes should have a person or team responsible for business continuity and crisis communications. In a small company, this will be you, the owner.

  • The  business continuity team prepares the business to restart once it’s safe to do so. This team also works with the insurance company to recoup losses caused by the disaster. The sooner you start making money again, and the more you get back from your insurance company, the more likely your business is to survive.
  • The  crisis communications team is responsible for developing disaster communications and delivering those messages.

Here’s a sample training scheme:

disaster recovery plans are effective for business not personal use true false

Step 4: Be a preparedness leader in your community.

In a natural disaster, you may be at the mercy of your least-prepared neighbor. The unsecured restaurant patio umbrella that comes flying through your window or the hazardous materials that floodwaters carry into your parking lot might not be a threat if you were in charge of them, but you aren’t. And the longer your community takes to get back on its feet, the longer you’re likely to wait for business to ramp up again.

Communities often come together in the aftermath of a disaster, but it would be even better if they did so before the disaster happened.

Preparedness is good business.

Celebrating your disaster preparedness plan encourages other business owners – and customers – to make their own. It’s not only good for the community; it could be good for your business too. Promoting your disaster preparedness efforts helps in these areas:

  • Hiring and retention. By showing prospective employees – and reminding current ones – that you take employee safety seriously, you encourage them to join and remain with your company.
  • New business acquisition. Talking about disaster preparedness is a way to connect with potential customers and referrers that doesn’t require a sales pitch.
  • Social media growth. Feel-good stories about your steps to keep the community safe can generate positive social media attention. Don’t be shy – you put in the work, and you deserve those likes and shares!

Ready’s  Business Emergency Preparedness Social Media Toolkit  has sample messaging and graphics to work from. They’re a little dry, so challenge your marketing team to do better. They should relish the opportunity to talk about something other than your products.

disaster recovery plans are effective for business not personal use true false

Prepare now so you can improvise later.

Bennett’s Market & Deli is a neighborhood grocery in Atlanta’s Grant Park. In September 2017, Victoria Bennett and Claire Pearson had owned the store for five years without experiencing a single power outage. But as Hurricane Irma approached, they put their disaster plan into action.

They bought a generator and massive amounts of ice, and collected coolers from folks in the neighborhood. They moved all of their backroom stock off of the floor to protect it from flooding. And they sent staff home, deciding to run the store themselves rather than risk employees’ safety.

Then the power went out, and it was time to get creative. With no way to run their credit card processors and cash registers, and no light in the store, Bennett and Pearson were still able to sell beer, wine, bread, and snacks using a cash bag and manual receipts.

“I think the neighborhood really appreciated that we were open,” Pearson said.

You never know how bad a disaster is going to be, and you can’t control it. Maybe flooding would have forced Pearson and Bennett to evacuate. Maybe the power would’ve stayed on. But they were prepared, which let them pivot as the situation required. In the end, they formed a stronger bond with their customers.

An expert’s take: What you should do right now

Frank Russo, the risk management expert who shared the story about the company in Houston, advises Fortune 100 corporations about disaster planning. We asked him, “What do you tell friends who own small businesses when they ask what they should do?”

“At a minimum, have an inventory of what your assets are, and make sure it’s up to date,” he said. That’s something you could knock off in less than an hour.

Once you’ve done that, consider following the steps above to create an actionable plan for your business.

“Have an updated planning review session once per year,” Russo said. “Ideally, every quarter.”

disaster recovery plans are effective for business not personal use true false

The best action you can take, says Russo, is to weave disaster preparedness into the fabric of your business like the company in Houston did.

The true indicator of your disaster plan’s strength will be your business not only surviving the disaster but thriving during the recovery.

COVID-19 information and resources

As ever more information comes out about the coronavirus pandemic, it can be difficult for small business owners to know what to do to prevent the spread of this infectious disease. The Centers for Disease Control and Prevention (CDC) frequently updates its guidance for businesses and employers.

  • Actively encourage sick employees to stay home.
  • Place posters that outline coughing and sneezing etiquette and proper hand hygiene, and encourage employees to stay home when they’re sick.
  • Implement flexible working arrangements and supportive sick leave policies. Certain employees may be legally guaranteed sick leave, covered by the Family and Medical Leave Act and/or the Families First Coronavirus Response Act .
  • Incorporate social distancing policies and barriers or partitions in your workplace.
  • Educate employees on health and safety guidelines, including how to properly use personal protective equipment (commonly known as PPE).
  • Instruct employees to wear masks at work (unless they have a condition that prevents them from wearing one) and clean their hands often with an alcohol-based hand sanitizer.
  • Conduct daily in-person or virtual health checks (e.g., temperature and symptom screenings).
  • Routinely clean all frequently touched surfaces in the workplace.
  • Encourage employees to notify their supervisor if they have a sick family member.
  • If an employee is confirmed to have COVID-19, inform your team about possible exposure. However, you must keep the employee’s identity anonymous, in compliance with privacy protections granted by the American with Disabilities Act (ADA).
  • Encourage eligible employees to get the coronavirus vaccine in accordance with the CDC’s vaccine rollout recommendations. Individual employee vaccination information must remain confidential, per the ADA.
  • Check the  CDC’s travelers’ health notices for the latest guidance and recommendations.
  • Conduct a thorough hazard assessment to determine weak points in your health and safety protocol where employees may be exposed to the virus.

SBA and Agility Recovery disaster checklists

The SBA and Agility Recovery provide comprehensive checklists of things you should do in the days before a disaster is likely to strike. Review the ones that are applicable to your business – you want to make sure you can do all of this if necessary. All checklists are printable PDFs, although some may need to be downloaded with a business email.

  • Flood Preparedness
  • Winter Weather Preparedness
  • Influenza Preparedness
  • Bomb Threat Preparedness
  • Earthquake Preparedness

FEMA Ready Business Toolkits

These 40- to 65-page documents are a good place to start. They are generic and broad, because they are meant to work for many different types of businesses. But they do provide a solid framework focused on six factors: staff, surroundings, space, systems, structure and service.

  • Hurricane Toolkit [ In English /  En Español ]
  • Inland Flooding Toolkit [ In English /  En Español ]
  • Power Outage Toolkit [ In English /  En Español ]
  • Severe Wind/Tornado Toolkit [ In English /  En Español ]
  • QuakeSmart Toolkit [ In English /  En Español ]  

Skye Schooley and business.com editorial staff contributed to the writing and reporting in this article. Source interviews were conducted for a previous version of this article.

Get Weekly 5-Minute Business Advice

B. newsletter is your digest of bite-sized news, thought & brand leadership, and entertainment. All in one email.

Our mission is to help you take your team, your business and your career to the next level. Whether you're here for product recommendations, research or career advice, we're happy you're here!

SonicWall

What is Your Disaster Recovery Plan? 5 Core Practices to Ensure Business Continuity

While most of today’s focus is stopping cyberattacks, threats come in many shapes and forms. Being prepared for the unexpected — or the seemingly impossible — should drive your organization to draft, refine and implement a sound disaster recovery and business continuity plan.

On the surface, the idea is simple: prepare for disaster (e.g., hurricanes, earthquakes, fire, snow storms, flooding, etc.) before it happens. Most small- and medium-sized businesses (SMB) don’t devote enough time thinking about disaster recovery (and some enterprises, too), but a “we’ll deal with it when it happens” attitude can mean the end to any company — successful or not.

This level of preparedness is not quick or easy, which can unfortunately lead to irresponsible procrastination. To kickstart your disaster recovery plan — or ensure your current approach is optimized — explore five best practices to help prepare SMBs for worst-case scenarios.

Have a practiced plan in place

It seems obvious enough, but the first component of ensuring business continuity in the face of disaster is to actually have a plan — and then train for it. After any major disaster, people will be under extreme stress and not thinking clearly.

Therefore, it is critical to have a thought-out plan in place that outlines procedures and instructions to follow after a catastrophe. In the business world, this is more commonly referred to as a business continuity plan (BCP).

A BCP coordinates the efforts of all teams (e.g., communications, security, IT, HR, finance, engineering, supply chain, etc.) and helps identify leaders, manage assets and maintain customer expectations. Training and simulations are required to successfully implement a plan; without them, it’s just a piece of paper.

Ensure data is accessible

Network access may not be available after a disaster. The best efforts will have gone to waste if the disaster recovery plan is on a network drive or internal computer that no one can reach.

The same goes for email access. If a company maintains an on-prem secure email server and connectivity is down, communication will be handicapped. A popular solution is to have email and data repositories in the cloud.

Another scenario could be that connectivity is down only to the main site, but a secondary site is available which people don’t know how to reach. For example, a SonicWall Secure Mobile Access (SMA) appliance will make remote access transparent as it will automatically set up a VPN to the closest online site and reroute access as needed.

Build communications options

The ability to communicate effectively with your team, company leaders, customers, vendors and partners has a direct correlation to how quickly a company recovers from a disaster.

Email is the main form of communication in all companies, but this may not be available. As a backup, use social media to coordinate efforts. Applications like Teams, Slack and WhatsApp are good options for coordinating with internal groups. Twitter and the company website also can be used for public communications.

Maintain cyberattack awareness

While cybersecurity awareness should be practiced at all times, it’s critical to be even more vigilant during times of disaster.

Cybercriminals are opportunistic and will launch targeted attacks (e.g., phishing campaigns, ransomware attacks) at areas, regions, companies or organizations looking to either take advantage of those trying to help or hoping the chaos has caused targets’ guards to drop.

Sadly, many non-profit organizations, including the Red Cross , FEMA , FCC and more, are forced to issue repeated scam warnings during disasters. Should one of these attacks compromise an employee or partner, it may be a pathway into your network. If the proper network security firewalls and secure email controls are not already in place, it only takes one click to breach a network or infect a machine.

Some basic best practices will protect users during times of disaster and ensure that contingency networks and access are protected, including two-factor authentication (2FA) or multifactor authentication (MFA), and next-generation antivirus (NGAV) or endpoint protection , such as SonicWall Capture Client .

Together, these will help validate a user’s identity even if his/her credentials are compromised and prevent malicious files from being executed and installed on company machines in the case of infection.

Prepare now

A proper disaster recovery and business continuity plan should not be put off. A catastrophic event or natural disaster could cause far more damage to your business, customers, employees and brand than a proactive, responsible investment in sound cybersecurity, redundant networks and failover controls.

Preparing for disaster not only helps safeguard you during times of crisis, but the same controls will likely protect your networks and data during everyday cyberattacks (e.g., ransomware , email attacks , encrypted threats , insider threats and other malicious threats) against your organization.

This post is also available in: French German Japanese Spanish Italian

SonicWall Staff

About SonicWall

About Us Leadership Awards News Press Kit Careers Contact Us

Firewalls Advanced Threat Protection Remote Access Email Security

Advanced Threats Risk Management Industries Managed Security Use Cases Partner Enabled Services

How To Buy MySonicWall.com Loyalty & Trade-In Programs

Knowledge Base Video Tutorials Technical Documentation Partner Enabled Services Support Services CSSA and CSSP Certification Training Contact Support

disaster recovery plans are effective for business not personal use true false

Pin It on Pinterest

Search Search

Vodafone for business, choose a business site, vodafone business, our business solutions portfolio and solutions for global businesses., local market, find solutions local to your business. choose your region:.

Civil Engineers

The importance of disaster recovery plans for businesses

Technology underpins practically every part of a business; but the more we rely on our tools, networks and applications, the more we have to lose if they fail us. That’s why every business needs a plan in place to quickly restore and recover IT systems in the event of a failure – in other words, a disaster recovery (DR) plan. But knowing what you have to do is often a lot easier than actually doing it. As such, there’s a world of difference between thinking you’re prepared for a disaster and having a comprehensive DR plan in place.

The benefits of a disaster recovery plan

The purpose of a disaster recovery plan is to reduce damage or disruption and recover as quickly as possible in the event of a disaster that leads to system failure. DR plans usually have two key components: a recovery time objective (RTO) and a recovery point objective (RPO). The RTO is the time it takes to recover systems after an outage, which determines how much time you need to restore business operations. The RPO reveals how often a backup needs to take place, by setting a limit for the length of time the company can sustain data loss. Creating a DR plan can also have immediate benefits. For instance, because developing the plan involves conducting an audit of your IT assets and Service Level Agreements, you’ll better understand the organisation’s IT estate. You'll know who is responsible for which assets and when they need to recover systems and restore backups.

What makes an effective DR plan?

Your disaster recovery plan might look good on paper, but without practical backing to support its implementation and activation, it is unlikely to live up to its promise.

The rise of Disaster Recovery-as-a-Service

With so many businesses adopting cloud-based services and applications, Disaster Recovery-as-a-Service (DRaaS) solutions are increasingly popular. Even before the pandemic, IDC estimated as many as half of all organisations could not survive a disaster event because of inadequate DR planning and implementation. Research director Phil Goodwin recently stated that “the pendulum has swung towards disaster recovery in the cloud,” because the “cloud has changed the economics of disaster recovery.” Benefits of DRaaS include:

  • Faster recovery with an immediate switch over to a backup system.
  • Flexibility – the ability to recover from many disaster types with a single solution.
  • Security – DRaaS providers offer seamless redundancy with no single point of failure, to keep data securely backed up.
  • Less need for redundant hardware, as DRaaS offers flexible pay-as-you-grow models.

Related articles

Interested in our solutions, why vodafone, wherever you’re based, we’re there.

Around the globe, our network reaches over 184 countries.

The complete package

We provide the underlying transport network, the virtual overlay, and the platform to prioritise everything.

We are a Leader

We have been recognised by industry analysts as leading network providers.

  • Vodafone Business Vodafone Internet of Things
  • Carrier Services
  • Vodafone Business Vodafone Cloud and Hosting Vodafone Internet of Things
  • Vodafone Carrier Services
  • Español (LATAM)
  • Português (LATAM)
  • English (APAC)

8 Must-Have Components of an Effective Disaster Recovery Plan

https://www.arcserve.com/sites/default/files/2023-07/Vitali-Edrenkine-v02.jpg

In an independent global study commissioned by Arcserve, 95 percent of responding IT decision-makers (ITDMs) said their company has a disaster recovery plan. That’s the good news. The bad news is that only 24 percent say they have a mature, well-documented, tested, and updated plan . 

We interpret those metrics to mean that almost everyone has the right intentions. The problem comes down to execution. Time, money, and a lack of understanding of the extent of the threats organizations face today can also come into play. But those threats are genuine. In the same Arcserve-commissioned study, 76 percent of ITDMs reported that their organization had experienced a severe loss of critical data .

Avoiding data loss and downtime due to ransomware, data breaches, and other disasters is imperative for every IT pro today. That starts with an effective disaster recovery plan. With that in mind, here are eight essential elements of a disaster recovery plan:

1. Inventory All Assets

A detailed inventory of all IT assets—hardware, software, data, and network resources—is a critical starting point for an effective disaster recovery plan. Rank the assets based on their importance to business functions. This provides the foundation for a comprehensive risk assessment.

2. Execute a Comprehensive Risk Assessment

Before you can address threats, you need to identify them.  That starts with a thorough risk assessment that examines the impacts of an incident on your organization. It’s important to note that this is an iterative and ongoing process that accounts for new threats, changes within your organization, and new technologies. 

Here are the steps involved in executing a comprehensive risk assessment:

• Evaluate critical assets , including physical assets, such as data center hardware, and digital assets, including data, software applications, and intellectual property, so that they can be prioritized for recovery. 

• Identify all potential threats , from earthquakes and floods to ransomware attacks and data breaches, and asses each threat’s potential impact on your organization.

• Assess the level of risk , prioritizing each threat as high-, low-, or medium-impact based on the likelihood of the incident occurring and potential impacts.

• Review existing security measures and disaster recovery strategies  to assess their effectiveness in mitigating impacts and identify required improvements.

• Identify the roles and responsibilities of employees in disaster response and the risk of insider threats.

3. Establish Clear Recovery Objectives

Your recovery time objectives and recovery point objectives ( RTOs/RPOs ) are core elements of your DR plan. 

Your RTO is the maximum time your business can be down before the consequences are significant. Here are the areas to consider when setting your RTO:

• Conduct a business impact analysis (BIA) to understand downtime's operational, financial, and reputational impacts on each of your business processes and prioritize recovery efforts.

• Review regulatory and legal requirements  to ensure your RTO complies.

• Evaluate the interdependencies of your business processes and IT systems to prioritize those most critical for your operations.

• Assess the  operational capabilities and resource availability required to meet your RTO, including data backup, recovery solutions, and staff availability.     

Your RPO is the maximum acceptable amount of data loss your organization can suffer , which dictates the frequency of your backups so you can retrieve your data from the most recent backup recovery point before an incident. Here are the areas to consider when setting your RPO:

• Identify critical data , such as financial and compliance data, that may require a shorter RPO to minimize data loss.

• Understand your data’s dynamics so you can back up data that changes more frequently to meet shorter RPO while backing relatively static data less frequently.

• Evaluate data backup and recovery solutions that can meet your RPOs, and consider advanced solutions like Arcserve Unified Data Protection (UDP) that can reduce your downtime from days to minutes. 

• Execute a cost-benefit analysis that weighs RPOs against costs to balance your need to minimize data loss against the financial implications of not doing so.

• Review legal and regulatory requirements , as with your RTO, to ensure compliance.

4. Build an Effective Communication Plan

An effective communication plan ensures all stakeholders are informed, coordinated, and able to respond appropriately following a disaster. The critical components of your plan should include:

• Designate a crisis communications team responsible for managing all communications during a disaster, including individuals trained in crisis communication and public relations and a spokesperson to speak on behalf of the organization. 

• Establish communication objectives  that define how stakeholders are informed, coordinate response efforts, and provide updates on recovery progress.

• Identify internal and external stakeholders and create communications strategies for each audience.

• Set communication channels , such as text, email, social media, company intranet, and emergency notification systems that you will employ during a disaster, and consider those that may not have access to company networks.

• Create predefined key messages and templates for various scenarios to speed disaster response. These should cover initial notifications, updates, and resolution.

• Assemble comprehensive contact lists for all stakeholders, regularly verify and update them, and ensure they are securely stored and available if disaster strikes.

• Regularly review and test your plan with disaster recovery drills to ensure its effectiveness when needed.

5. Establish Guidelines for Partner and Vendor Coordination

When disaster strikes, the repercussions extend beyond your organization. You must also coordinate with partners and vendors to ensure a seamless recovery process. The steps here include:

• Identify critical vendors and partners , such as cloud service providers, software vendors, hardware suppliers, and third-party service providers vital to your business operations.

• Define each vendor’s responsibilities and role in your DR plan, including any specific recovery services they provide, service-level agreements (SLAs) they support for recovery times, and any support services they offer during a disaster.

• Review contracts for DR clauses so you understand obligations, uptime guarantees, and compensation for failures to meet agreed-upon SLAs.

6. Implement a Comprehensive Backup Strategy

Ensuring effective disaster recovery demands a failsafe approach to data backups. The 3-2-1-1 backup strategy is the proven solution, and you can read all about it in this post . This strategy is based on keeping multiple copies of your data in separate locations and storing at least one version of your backup data in an immutable format , where data is written only once and can’t be altered or deleted.

7. Define Roles and Responsibilities

Your plan must also include clearly defined roles and responsibilities for the crisis communications team, disaster recovery team, and other key personnel . Everyone must know their responsibilities before, during, and after a disaster to eliminate confusion and ensure efficient recovery. Regular training and drills are essential for keeping everyone prepared, clear on their role, and ready to execute when needed.

8. Test and Update Your Plan Regularly

The only way to ensure the effectiveness of your disaster recovery plan is through regular testing. As the Arcserve-sponsored study found, this is where most organizations need to improve. Testing should simulate various scenarios and be followed by an evaluation of the team’s readiness and updates to the plan.

Get Expert Disaster Recovery Support

Arcserve technology partners can help you implement the appropriate data and ransomware protection, backup, and disaster recovery solutions for your specific needs. Find an Arcserve partner here .

  • Disaster Recovery

You May Also Like

How the sec’s cybersecurity disclosure rules can guide saas data protection for mid-size companies, how to respond to a disaster, a deep dive into immutable storage: how it works for ensuring data protection and ransomware recovery.

disaster recovery plans are effective for business not personal use true false

Advertise with us

twitter button

  • ARTIFICIAL INTELLIGENCE
  • AUDIOVISUAL
  • AUGMENTED & VIRTUAL REALITY
  • BUSINESS INTELLIGENCE
  • CLOUD MIGRATION
  • DATA ANALYTICS
  • DATA INTEGRATION
  • DATA VISUALIZATION
  • DIGITAL ACCESSIBILITY
  • DIGITAL TRANSFORMATION
  • DIGITAL TWIN
  • E-WASTE MANAGEMENT
  • EDGE COMPUTING
  • ENTERPRISE ARCHITECTURE
  • GAMING TECH
  • HIGH PERFORMANCE COMPUTING
  • INFRASTRUCTURE SECURITY
  • INSIGHT ENGINES
  • INTERNET OF THINGS
  • MOBILE APPLICATION
  • PREDICTIVE ANALYTICS
  • QUANTUM COMPUTING
  • REMOTE TECH
  • SOFTWARE TESTING
  • VIRTUAL DATA ROOM
  • WEB DEVELOPMENT
  • BANKING & INSURANCE
  • CAPITAL MARKETS
  • CONSTRUCTION
  • CONTACT CENTER
  • FOOD AND BEVERAGES
  • LAW ENFORCEMENT
  • MANUFACTURING
  • MEDIA & ENTERTAINMENT
  • PHARMA & LIFE SCIENCES
  • PUBLIC SECTOR
  • SEMICONDUCTOR
  • BUSINESS PROCESS MANAGEMENT
  • CLOUD COST MANAGEMENT
  • CLOUD COST OPTIMIZATION PLATFORM
  • COLLABORATION
  • CONVERSATIONAL
  • CUSTOMER ENGAGEMENT
  • CUSTOMER EXPERIENCE MANAGEMENT
  • CUSTOMER RELATIONSHIP MANAGEMENT
  • CYBER SECURITY
  • DATA CENTER
  • DATA SECURITY
  • DIGITAL ASSET MANAGEMENT
  • DIGITAL EXPERIENCE
  • DIGITAL RIGHTS MANAGEMENT
  • DIGITAL SIGNAGE
  • DISASTER RECOVERY
  • DOCUMENT MANAGEMENT
  • DOCUMENT PROCESSING
  • END-TO-END-ENCRYPTION
  • ENTERPRISE APPLICATION INTEGRATION
  • ENTERPRISE ASSET MANAGEMENT
  • ENTERPRISE CONTENT MANAGEMENT
  • ENTERPRISE DATA MANAGEMENT
  • ENTERPRISE INFORMATION MANAGEMENT
  • ENTERPRISE MOBILITY
  • ENTERPRISE PERFORMANCE MANAGEMENT
  • ENTERPRISE RESOURCE PLANNING
  • ENTERPRISE RISK MANAGEMENT
  • FACILITY MANAGEMENT
  • FIELD SERVICE
  • GAMIFICATION
  • GEOGRAPHIC INFORMATION SYSTEM
  • IDENTITY GOVERNANCE AND ADMINISTRATION
  • INTELLIGENT DATA CAPTURE
  • IT SERVICE MANAGEMENT
  • IT SERVICES
  • KNOWLEDGE MANAGEMENT
  • LEGACY MIGRATION AND MODERNIZATION
  • LOW CODE PLATFORM
  • MANAGED COMMUNICATIONS
  • MANAGED IT SERVICES
  • MANAGED PRINTING
  • MOBILE PAYMENT
  • PAYMENT AND CARD
  • PRESCRIPTIVE ANALYTICS
  • PROCESS ORCHESTRATION
  • PRODUCT LIFECYCLE MANAGEMENT
  • PRODUCT MANAGEMENT
  • PROFESSIONAL SERVICES AUTOMATION
  • PROJECT MANAGEMENT
  • QUALITY MANAGEMENT
  • RISK ANALYTICS
  • SCHEDULING SOFTWARE
  • SMART INFRASTRUCTURE
  • SUBSCRIPTION AND BILLING
  • UNIFIED COMMUNICATIONS
  • VIDEO SOLUTIONS
  • CONTRACT MANAGEMENT
  • DIGITAL MARKETING
  • HUMAN RESOURCE
  • PROCUREMENT
  • SUPPLY CHAIN
  • Whitepapers
  • Conferences

icon

Gilad Raz, CIO, Varonis

Employing Cloud Technology for Effective Learning

Jeffrey Cepull, CIO and VP, Philadelphia University

Storage: What Does 2016 Hold for the Fastest Growing Segment ...

Molly Rector, CMO, DataDirect Networks (DDN)

Solid State Storage, Transforming the Enterprise

Hubbert Smith, Director, Samsung Semiconductor Inc

Move Toward Customized Solutions & Other 2016 Backup Trends

Ridley Ruth, COO, Dropmysite

Business at the Speed of Insights

David A Chapa, Global CTO, EMC

Backup is a Feature, not a Solution!

Mike Nikzad, COO, Syncplicity

Big Data and Storage

Bill Piper, VP of Hardware Engineering, Wells Fargo

right

Three Companies that had to Prove their Disaster Recovery Plan would Work

Pat O’Day, CTO, Bluelock

Given how much modern business relies on technology, you know how important it is to have a Disaster Recovery (DR) plan in place for your IT systems. Imagine if someone asked you today to prove your DR plan works. Worse yet, what if you had to prove it not only internally, but to your constituents? In a decade of working with clients at Bluelock, I’ve found it increasingly common – and in some cases required–that companies provide solid evidence of a successful recovery to auditors, insurers, investors, board members, regulators and customers.

More security incidents and system outages have occurred and made media news. It’s clear that our clients are responding to a broader set of risks than their original disaster recovery plans were designed to address. Security penetrations, DOS attacks, crypto lockers, prolonged network or power outages, and hardware or software failures to heavily-centralized virtual systems have a far greater likelihood and systemic impact than the traditionally-isolated systems and weather-related events most plans are designed around. Consequently, clients have been required to prove recovery success, recovery quality (data) and recovery time to various groups.

Based on Bluelock’s body of knowledge working with companies in modernizing their recovery approaches every day, I’ve compiled some specific areas of questioning that may help you better assess your plan to deter­mine if you are at more risk than you know. To tease out a bit more color and nuance around each point, I’ve included examples from Bluelock’s cli­ent base as a Disaster Recovery-as-a-Service (DRaaS) provider, scrubbed for privacy and security.

disaster recovery plans are effective for business not personal use true false

If you’re a business leader this should help you open a dialogue with your technology team. If you’re on the technology team, this should verify confidence or at least increase awareness. If you happen to be reading this as one of the constituents I mentioned, it’s my hope that these examples will encourage a more productive dialogue with your business and technology leaders. In the end, we are all on the same team and want the best for business and the technology used to support our success.

Proof of Protection

Shortcuts and DR tend to go hand-in-hand. The shortcuts are possible because most companies don’t have to prove their DR plans have worked. DIY recovery environments tend to be outdated or under-scaled due to budget pressure and views of DR as insurance for something that will likely never happen. These shortcuts also impact security in the DR environment. The challenge is that whether a business is using its recovery environment at that moment or not, it most likely contains a complete copy of production data. Thus, protection and security for your recovery environment is the last thing on which to cut corners. As evidenced by some of the more recent large scale data breaches, it’s clear that the intruder community knows it’s easier to attack systems that are adjacent to production than a heavily-guarded proverbial front door. Proving the protection and security of your production environment can be daunting enough, but proving it in recovery can be even more challenging given the system is offline 99 percent of the time.

One of our clients in the legal industry faced external scrutiny from one of their largest customers when an audit of that customer’s internal DR plans realized a significant dependency on third-party services. While third-party services were originally out of scope, this newly-identified risk placed legal services as also accountable for recovery planning, so our client had to prove their DR plan worked and was secure.

For these reasons, they decided to deploy a hybrid configuration where they own and operate their network and security infrastructure, but deploy it around their DR environment at Bluelock. This best-of-both-worlds approach allowed them to leverage their strengths combined with those of a provider with a track record of working with broad sets of applications, security requirements and their own PMO office for secure change management.

Proof of Compliance

HIPAA/HITECH is pretty clear on disaster recovery. You have to have it for any system that is part of the overall healthcare delivery system. It has to work. It has to be proven by the time you are audited.

Doing this while maintaining rapid company growth can be difficult. This was true for a major healthcare provider whose expanding technology environments threatened the risk of non-compliance. They needed to prove to regulators that their environments met requirements, using only existing staff­ing and expertise. They also wanted to leverage the funding that was going to be liberated when they closed down their secondary datacenter site.

The IT department explored doing DR in-house, but realized the task of building a second site for recovery was too time consuming with other priorities. They needed a DR solution that would meet their HIPAA/ HITECH regulations, yet flexible enough to scale new technologies for innovative healthcare.

Leveraging Bluelock’s existing recovery expertise and our elastic pay-for-what-you-use recovery platform achieved not only compliance, but a position for growth and extreme efficiency. Having the test certification process signed off by both parties and fully documented with HIPAA/HITECH controls certified and audited under our SSAE16 Type2 SOC2 handily exceeded audit requirements.

Proof of Recovery

Testing is not proof. Having a copy of your data somewhere else does not ensure that applications can return to service. Being able to “power on” systems at the recovery site does not guarantee they will come back online within the specific time period that the business requires. Only a consistently successful recovery of people, processes, and technology will satisfy external parties that the recovery plan is effective.

One of our clients, a national research firm, needed to gain an insurance renewal that included business impact insurance, which protects revenue in the event of a disaster. They needed to prove continuously successful disaster recovery tests for key systems that supported their client-facing business applications. Each test, done every six months, had to verify that the most recent data and systems could recover within a given timeframe. To show this proof, both our recovery team and someone from the client’s leadership signed the testing certificates, which verified consistent recovery success.

If you haven’t already noticed the trend, effective and flexible DRaaS solutions and expertise help a variety of companies deploy and prove their DR strategies. While the right choice for DR is often dictated by business-specific priorities, timing, budget, and expertise, a good provider alleviates a lot of these pain points.

  • Transforming the Cloud for Big Data
  • A Chief Data Officer's View of Storage Strategies
  • Big Data Retires Your Data Storage Infrastructure... So Now What?
  • Cybersecurity Considerations in Selecting an Enterprise Backup Solution

ON THE DECK

Storage 2023

Cover Story

September2023-Self_Storage-

Storage 2022

Top Vendors

August2022-Data_Storage-

Featured Vendors

Self Storage Manager<span style=

EDITOR'S PICK

cioviewpoint

By Arash Ghazanfari, Field CTO and Principal Technologist,...

cioviewpoint

By Jenny Shiers, VP, Employee Success, Salesforce

cioviewpoint

By Ruohan Liu, Director, Digital Solutions for...

cioviewpoint

By Roland Naidoo, Executive Head, Customer Care Management,...

cioviewpoint

By Erin Byrne, Chief Technology Officer, TE Connectivity

cioviewpoint

By Jenny Arden, Chief Design Officer, Zillow

cioviewpoint

By Lucy Chen, Group Manager, Computational & Data Science,...

cioviewpoint

By Andrew Coward, GM of Software Defined Networking, IBM

cioviewpoint

By Lisa Williams, Contract Labor Strategy Team Leader, and...

cioviewpoint

By Pawel Bober, IT Director – AI Engineering Architecture,...

Enhancing Cyber Risk Management: Integrating Mitre ATT&CK, Fair, and...

The psychology of ai credibility, my journey in it and cybersecurity, revolutionizing it systems: “a new era for a 45-year-old corporate..., the evolution of business analytics, the strengthening of data..., learning from history in the modern era.

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

disaster recovery plans are effective for business not personal use true false

However, if you would like to share the information in this article, you may use the link below:

https://storage.cioreview.com/cxoinsight/three-companies-that-had-to-prove-their-disaster-recovery-plan-would-work-nid-15187-cid-12.html

  • Find Flashcards
  • Why It Works
  • Tutors & resellers
  • Content partnerships
  • Teachers & professors
  • Employee training

Brainscape's Knowledge Genome TM

Entrance exams, professional certifications.

  • Foreign Languages
  • Medical & Nursing

Humanities & Social Studies

Mathematics, health & fitness, business & finance, technology & engineering, food & beverage, random knowledge, see full index, 02- disaster recovery and risk management quiz flashcards preview, custom pen testing > 02- disaster recovery and risk management quiz > flashcards.

Priority is a Disaster Recovery strategy.

Identify the method not used for performing a qualitative project risk analysis. A. Risk tolerance B. Probability impact matrix C. Historic records

It is the measure of willingness of a stakeholder to avoid risk.

It is an example of risk domain.

Answer: C The DRP (disaster recovery plan) is a policy that defines how an organization will recover from a disaster, whether it is natural or manmade disaster.

“Loss of data availability” helps determine which of the following: A. The impact of a given risk B. The likelihood of a risk

Loss of data availability is one set of questions to help determine the impact of a given risk.

______ includes a list of responsible people who will perform the steps for recovery, inventory for the hardware and software, and steps to recover from a disaster. A. Mitigation B. DRP C. Transference D. Response strategy

Answer: B The DRP (disaster recovery plan) includes a list of responsible people who will perform the steps for recovery, inventory for the hardware and software, and steps to recover from a disaster.

Which of the following can function like the primary site within minutes? A. Hot Site B. Warm Site C. Cold Site

Answer: A Hot site is an identical site to the primary site equipped with systems and services just like the primary. Data is duplicated to the hot site and can function just like the primary one in just a few minutes.

In simple terms, Disaster Recovery Plan is: A. A plan used when the main computer systems fails B. Prepared to deal with natural disasters only C. For backup data only D. Plan for business continuity only

Answer: A Disaster Recovery Plan’s first objective is to ensure the security of the people at all cost. The DRP is a policy that defines how an organization will recover from a disaster.

After a disaster, _____ is the maximum duration of time and a service level within which the recovery procedure must be completed in order to avoid unacceptable consequences associated with a break in business continuity. A. MTD B. RTO C. BCP

Answer: B Recovery Time Objective is the maximum duration of time and a service level within which the recovery procedure must be completed in order to avoid undesirable consequences associated with a break in business continuity.

Answer: A and B Journalling is a less expensive method used to protect data. When a disaster strikes, Journaling is used to write the transactions that were missing in the full backup tape. Electronic vaulting is an alternate location to preserve backed up data. In case of a disaster, the backup data stored in the electronic vault is restored.

The switching process is very fast in: A. Warm site B. Hot site C. Cold site

Answer: B Hot site has all the services and systems as that of the primary location and can switch to a full functional one within minutes.

DRP assigns high rank, when a line of service is fully affected, and requires immediate action to recover.

_________ decides which services are sensitive for the regular operations to continue. A. BCP B. DRP C. RTO

Business continuity plan (BCP) decides which services are sensitive for the regular operations to continue.

The risk formula is Risk = Likelihood x Weakness. True False

Answer: False

Risk = Likelihood x Impact

Identification of risk domains and risk exposure are done in the Analysis of Security Risk. True False

Answer: True Analyze Security Risk involves identification of risk domains and risk exposure, SWOT analysis list and rank of the risks. LearnSmart |

Business, cost, technology, and process should be the main focus while planning Software risk impact assessment. True False

Answer: False Performance, support, cost of protective measure, and schedules are the primary things that need to be taken care of while planning for risk management.

Risk monitoring involves only watching the risk indicators defined for the project. True False

Answer: False Risk monitoring involves not only watching the risk indicators defined for the project, but also determining the effectiveness of the risk mitigation steps themselves.

Risk management refers to the various techniques that minimize the risk and mitigating it. True False

Answer: True Risk Management is the process of identifying and mitigating the risks that can make a negative impact on a project or daily operations.

Qualitative risk analysis is done at the later stages of the project. True False

Qualitative risk analysis is done at the earlier project stages.

Likelihood and impact are measured with numbers, from 1 to 9. True False

Response planning phase starts after identifying the risks and ranking them. True False

Answer: True

Response planning phase starts after Qualitative analysis, which identifies the risks and ranks them.

Qualitative analysis use only ranks to measure the impact of identified risk. True False

Qualitative analysis use words or ranks to measure the impact of identified risk.

DRP needs maintenance and evaluation on a timely basis, at least twice a year. True False

Answer: False DRP needs maintenance and evaluation on a timely basis, at least once a year DRP plan should be re-evaluated to make sure of its effectiveness.

Drills when performed should focus on equipment only. True False

Answer: False Drills when performed should focus not only on equipment, but also on personnel, as the operations cannot continue with one of them missing.

Which of the following defines risk management? Choose all that apply. A. Understands how security measures are implemented in your environment B. Gives an idea of threats your system is exposed to C. Can increase the occurrence of negative events D. Calculates the risk

Answer: A, B, and D Every new technology and software comes with a new risk, making risk management a necessity for the proper working of the business. Risk management understands the business procedures and risks involved in it. Risk management can reduce the occurrence of negative events and increase the positive ones. The primary objective of risk management is to calculate the risk involved while using new software to improve the daily business operations.

Which is not involved in the strategy of Risk Management? A. Test new products before deployment B. Risk Response planning C. Perform vulnerability assessment D. Evaluate change against your risk policy

Risk Response planning is a method in the risk analysis strategy.

SWOT analysis comes under the analysis of security risks.

The two ways used to rate risk projection attempts are likelihood and: A. Mitigation B. Transference C. Impact

As per the risk formula, Risk = Likelihood x Impact

To determine the impact of a given risk, ask the following, except: A. What are the benefits and/or motivation for the attacker? B. Is there an exploit already for this vulnerability? C. Is there loss of data integrity? D. Is there sensitive data in risk to be exposed?

Answer: A and B

These are both questions used to find out the likelihood of a risk.

Risk management can increase the occurrence of negative events and reduce the positive ones. True False

Risk management can reduce the occurrence of negative events and increase the positive ones.

Risk Monitoring is a step in risk analysis. True False

Answer: True Risk Identification, Qualitative risk analysis, Quantitative Risk Analysis, Risk Response Planning and Risk Monitoring are the different steps involved in risk analysis.

Decks in Custom Pen Testing Class (12):

  • 01 Intro To Ethical Hacking
  • 02 Disaster Recovery And Risk Management
  • 02 Disaster Recovery And Risk Management Quiz
  • 01 Intro To Ethical Hacking Quiz
  • 03 Penetration Testing
  • 03 Penetration Testing Quiz
  • 04 Vulnerability Assessment
  • 04 Vulnerability Assessment Quiz
  • 05 Physical Security
  • 05 Physical Security Quiz
  • 06 Footprinting
  • 06 Footprinting Quiz
  • Corporate Training
  • Teachers & Schools
  • Android App
  • Help Center
  • Law Education
  • All Subjects A-Z
  • All Certified Classes
  • Earn Money!

IMAGES

  1. How to Create a Disaster Recovery Plan

    disaster recovery plans are effective for business not personal use true false

  2. 52 Effective Disaster Recovery Plan Templates [DRP] ᐅ TemplateLab

    disaster recovery plans are effective for business not personal use true false

  3. 52 Effective Disaster Recovery Plan Templates [DRP] ᐅ TemplateLab

    disaster recovery plans are effective for business not personal use true false

  4. 52 Effective Disaster Recovery Plan Templates [DRP] ᐅ TemplateLab

    disaster recovery plans are effective for business not personal use true false

  5. 52 Effective Disaster Recovery Plan Templates [DRP] ᐅ TemplateLab

    disaster recovery plans are effective for business not personal use true false

  6. 7 Effective Tips to Create a Solid Disaster Recovery Plan

    disaster recovery plans are effective for business not personal use true false

VIDEO

  1. Data Backup and Recovery Planning

  2. Technology and Disaster Recovery Plans

  3. Prepare, Respond, Rebuild : Build a disaster-resilient India

  4. Collaboration and Information Sharing Among Businesses

  5. DR Ready for Wasabi and Veeam

  6. Top 25 IT Disaster Recovery Analyst Interview Questions and Answers

COMMENTS

  1. CI 119 Ch 6 Flashcards

    2) 70% of companies go out of business after a major data loss. 3) 60% of companies that lose their data shut down within 6 months of a disaster. 4) All of the above are true. 4) All of the above are true. ________ are caused by utility failures, high heat and humidity, and solar flares. Business disruptions.

  2. AWR-176 Distaster Recovery Module 1 Flashcards

    It helps ensure that the business stays open in the event of a severe market decline. It helps anticipate what laws are applicable, and the threats to compliance with such laws. It helps prevent liability in the event of a catastrophe. Personnel who need to take part in disaster recovery planning include: Anyone who might be affected by IT/IS ...

  3. What is a Disaster Recovery Plan? Importance & Benefits

    A disaster recovery plan focuses on the restoration of IT infrastructure and data following a disruptive incident. It outlines specific steps and procedures to recover critical systems, applications and data to minimize downtime and ensure operational continuity. On the other hand, a business continuity plan encompasses a broader scope beyond IT.

  4. Quiz #4 Info Sec Flashcards

    The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks. TRUE. A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster. TRUE. The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

  5. What is a Disaster Recovery Plan (DRP) and How Do You Write One?

    A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. A DRP is an essential part of a business continuity plan ( BCP ). It is applied to the aspects of an organization that depend on a functioning information technology (IT) infrastructure.

  6. Business Continuity & Disaster Recovery Planning (BCP & DRP ...

    A disaster recovery plan (DCP) is a second line of defense that enables you to bounce back from the worst disruptions with minimal damage. As the name implies, a disaster recovery plan deals with the restoration of operations after a major disruption. It's defined by two factors: RTO and RPO.

  7. What is business continuity disaster recovery?

    How does BCDR work? Most organizations divide BCDR planning into two separate processes: business continuity and disaster recovery. This is an effective approach because while the two processes share many steps, there are also key differences in how the plans are built, implemented and tested.

  8. Business Continuity vs Disaster Recovery Explained

    A business continuity plan spells out how an organization will continue to run while experiencing a disaster or major disruption. These can include things like natural disasters, data breaches, strong economic downturns, hardware failures, and human errors. The core goal of a business continuity plan is to keep the business' core functions ...

  9. What is a Disaster Recovery Plan?

    Disaster recovery (DR) is an organization's ability to restore access and functionality to IT infrastructure after a disaster event, whether natural or caused by human action (or error). DR is considered a subset of business continuity, explicitly focusing on ensuring that the IT systems that support critical business functions are ...

  10. What is a Disaster Recovery Plan (DRP) and how to build one?

    An IT disaster recovery plan (DRP) is a written document that spells out the policies, step-by-step procedures, and responsibilities to recover an organization's IT systems and data and get IT operations back up and running when a disaster happens.This plan is a sub-component of the organization's Business Continuity Plan (BCP).. Once developed, the DR plan must be tested (or exercised) to ...

  11. National Disaster Recovery Framework

    The National Disaster Recovery Framework defines: Eight principles that guide recovery core capability development and recovery support activities. A coordinating structure that facilitates communication and collaboration among all stakeholders, guidance for pre- and post-disaster recovery planning.

  12. Disaster Recovery: An Introduction

    What is disaster recovery? Disaster recovery (DR) consists of IT technologies and best practices designed to prevent or minimize data loss and business disruption resulting from catastrophic events—everything from equipment failures and localized power outages to cyberattacks, civil emergencies, criminal or military attacks, and natural ...

  13. What is a Disaster Recovery Plan? Definition + Strategies

    A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and more generally promote recovery. The purpose of a disaster recovery ...

  14. What Is a Disaster Recovery Plan?

    The goal of a contingency plan is to keep all systems operational during a disaster. A disaster recovery plan, however, focuses on returning IT operations, and everything they affect, back to normal after a disruption. An effective disaster recovery plan includes creating network maps, backups and policies for rapid recovery of systems and data ...

  15. Disaster Preparedness for Small Business

    Step 2: Develop a plan. The key to developing any good plan is to put a single person in charge of it. This is your disaster plan coordinator. They decide how to develop the plan - but you, as the business owner or manager, should be clear about what they need to include.

  16. What is Your Disaster Recovery Plan? 5 Core Practices to Ensure

    Have a practiced plan in place. It seems obvious enough, but the first component of ensuring business continuity in the face of disaster is to actually have a plan — and then train for it. After any major disaster, people will be under extreme stress and not thinking clearly. Therefore, it is critical to have a thought-out plan in place that ...

  17. The importance of disaster recovery plans for businesses

    The purpose of a disaster recovery plan is to reduce damage or disruption and recover as quickly as possible in the event of a disaster that leads to system failure. DR plans usually have two key components: a recovery time objective (RTO) and a recovery point objective (RPO). The RTO is the time it takes to recover systems after an outage ...

  18. 8 Must-Have Components of an Effective Disaster Recovery Plan

    Your DR plan should exist as part of a comprehensive business continuity plan, and, at a minimum, include these eight elements. 1. Complete Inventory of Hardware/Software/Other Equipment. When creating a DR plan, you have to know what resources may need to be recovered. You will need to do a full inventory of every piece of hardware, software ...

  19. Three Companies that had to Prove their Disaster Recovery Plan would Work

    To tease out a bit more color and nuance around each point, I've included examples from Bluelock's cli­ent base as a Disaster Recovery-as-a-Service (DRaaS) provider, scrubbed for privacy and security. Only a consistently successful recovery of people, processes, and technology will satisfy external parties that the recovery plan is effective

  20. ch4 Flashcards

    Study with Quizlet and memorize flashcards containing terms like Business continuity plan (BCP), False, True and more. ... Disaster recovery plan (DRP) Business impact analysis (BIA) Business continuity plan (BCP) Service level ... Authentication controls include passwords and personal identification numbers (PINs). True False. About us. About ...

  21. Solved QUESTION 1

    One way we can think of a Disaster Recovery Plan is as a part of the Business Continuity Plan. True False QUESTION 2 The overall goal of a BIA is to identify security controls in place in the event of a disaster. True False QUESTION 3 The shorter the RTO, the more expensive the recovery options. True False QUESTION 4

  22. 02- Disaster Recovery and Risk Management QUIZ Flashcards ...

    Likelihood and impact are measured with numbers, from 1 to 9. True. False. Study These Flashcards. A. Answer: False Likelihood and impact are measured with numbers, from 0 to 9, where: 0 -3 is low 3-6 is medium 6-9 is high. 21. Q. Response planning phase starts after identifying the risks and ranking them.

  23. CPPM Ch 14 Flashcards

    a. Create a disaster recovery plan and train the employees on a regular basis. b. Require the employees to be part of creating the disaster recovery plan. c. Require all employees to attend a natural disaster workshop. d. Ask the providers to make sure each of their staff knows what their personal disaster plan is. a.