- Disaster recovery planning and management
disaster recovery plan (DRP)
- Paul Crocetti, Senior Site Editor
What is a disaster recovery plan (DRP)?
A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. A DRP is an essential part of a business continuity plan ( BCP ). It is applied to the aspects of an organization that depend on a functioning information technology (IT) infrastructure. A DRP aims to help an organization resolve data loss and recover system functionality so that it can perform in the aftermath of an incident, even if it operates at a minimal level.
The plan consists of steps to minimize the effects of a disaster so the organization can continue to operate or quickly resume mission-critical functions. Typically, a DRP involves an analysis of business processes and continuity needs. Before generating a detailed plan, an organization often performs a business impact analysis ( BIA ) and risk analysis ( RA ), and it establishes recovery objectives.
As cybercrime and security breaches become more sophisticated, it is important for an organization to define its data recovery and protection strategies. The ability to quickly handle incidents can reduce downtime and minimize financial and reputational damages. DRPs also help organizations meet compliance requirements, while providing a clear roadmap to recovery.
Some types of disasters that organizations can plan for include the following:
- application failure
- communication failure
- power outage
- natural disaster
- malware or other cyber attack
- data center disaster
- building disaster
- campus disaster
- citywide disaster
- regional disaster
- national disaster
- multinational disaster
Recovery plan considerations
When disaster strikes, the recovery strategy should start at the business level to determine which applications are most important to running the organization. The recovery time objective ( RTO ) describes the amount of time critical applications can be down, typically measured in hours, minutes or seconds. The recovery point objective ( RPO ) describes the age of files that must be recovered from data backup storage for normal operations to resume.
This article is part of
What is BCDR? Business continuity and disaster recovery guide
- Which also includes:
- Business resilience vs. business continuity: Key differences
- A free business continuity plan template and guide
- Preparing an annual schedule of business continuity activities
Download this entire guide for FREE now!
Recovery strategies define an organization's plans for responding to an incident, while disaster recovery plans describe how the organization should respond. Recovery plans are derived from recovery strategies.
In determining a recovery strategy, organizations should consider such issues as the following:
- insurance coverage
- resources -- people and physical facilities
- management team's position on risks
- data and data storage
- compliance requirements
Management approval of recovery strategies is important. All strategies should align with the organization's goals. Once DR strategies have been developed and approved, they can be translated into disaster recovery plans.
Types of disaster recovery plans
DRPs can be tailored for a given environment. Some specific types of plans include the following:
- Virtualized disaster recovery plan. Virtualization provides opportunities to implement DR in a more efficient and simpler way. A virtualized environment can spin up new virtual machine instances within minutes and provide application recovery through high availability . Testing is also easier, but the plan must validate that applications can be run in DR mode and returned to normal operations within the RPO and RTO.
- Network disaster recovery plan. Developing a plan for recovering a network gets more complicated as the complexity of the network increases. It is important to provide a detailed, step-by-step recovery procedure; test it properly; and keep it updated. The plan should include information specific to the network, such as in its performance and networking staff.
- Cloud disaster recovery plan. Cloud DR can range from file backup procedures in the cloud to a complete replication. Cloud DR can be space-, time- and cost-efficient, but maintaining the disaster recovery plan requires proper management. The manager must know the location of physical and virtual servers . The plan must address security, which is a common issue in the cloud that can be alleviated through testing.
- Data center disaster recovery plan. This type of plan focuses exclusively on the data center facility and infrastructure. An operational risk assessment is a key part of a data center DRP. It analyzes key components, such as building location, power systems and protection, security and office space. The plan must address a broad range of possible scenarios.
Scope and objectives of DR planning
The main objective of a DRP is to minimize negative effects of an incident on business operations. A disaster recovery plan can range in scope from basic to comprehensive. Some DRPs can be as much as 100 pages long.
DR budgets vary greatly and fluctuate over time. Organizations can take advantage of free resources, such as online DRP templates, like the SearchDisasterRecovery template below.
Several organizations, such as the Business Continuity Institute and Disaster Recovery Institute International, also provide free information and online content how-to articles.
An IT disaster recovery plan checklist typically includes the following:
- critical systems and networks it covers;
- staff members responsible for those systems and networks;
- RTO and RPO information;
- steps to restart, reconfigure, and recover systems and networks; and
- other emergency steps required in the event of an unforeseen incident.
The location of a disaster recovery site should be carefully considered in a DRP. Distance is an important, but often overlooked, element of the DRP process. An off-site location that is close to the primary data center may seem ideal -- in terms of cost, convenience, bandwidth and testing. However, outages differ greatly in scope. A severe regional event can destroy the primary data center and its DR site if the two are located too close together.
How to build a disaster recovery plan
The disaster recovery plan process involves more than simply writing the document. Before writing the DRP, a risk analysis and business impact analysis can help determine where to focus resources in the disaster recovery process.
The BIA identifies the impacts of disruptive events and is the starting point for identifying risk within the context of DR. It also generates the RTO and RPO. The RA identifies threats and vulnerabilities that could disrupt the operation of systems and processes highlighted in the BIA.
The RA assesses the likelihood of a disruptive event and outlines its potential severity.
A DRP checklist should include the following steps:
- establishing the range or extent of necessary treatment and activity -- the scope of recovery;
- gathering relevant network infrastructure documents;
- identifying the most serious threats and vulnerabilities, as well as the most critical assets;
- reviewing the history of unplanned incidents and outages, as well as how they were handled;
- identifying the current disaster recovery procedures and DR strategies;
- identifying the incident response team ;
- having management review and approve the DRP;
- testing the plan;
- updating the plan; and
- implementing a DRP or BCP audit .
Disaster recovery plans are living documents. Involving employees -- from management to entry-level -- increases the value of the plan.
Another component of the DRP is the communication plan . This strategy should detail how both internal and external crisis communication will be handled. Internal communication includes alerts that can be sent using email, overhead building paging systems, voice messages and text messages to mobile devices. Examples of internal communication include instructions to evacuate the building and meet at designated places, updates on the progress of the situation and notices when it's safe to return to the building.
External communications are even more essential to the BCP and include instructions on how to notify family members in the case of injury or death; how to inform and update key clients and stakeholders on the status of the disaster; and how to discuss disasters with the media.
Disaster recovery plan template
An organization can begin its DRP with a summary of vital action steps and a list of important contact information. That makes the most essential information quickly and easily accessible.
The plan should define the roles and responsibilities of disaster recovery team members and outline the criteria to launch the plan into action. The plan should specify, in detail, the incident response and recovery activities.
Get help putting together your disaster recovery plan with SearchDisasterRecovery's free, downloadable IT disaster recovery plan template .
Other important elements of a disaster recovery plan template include the following:
- a statement of intent and a DR policy statement;
- plan goals;
- authentication tools, such as passwords;
- geographical risks and factors;
- tips for dealing with media;
- financial and legal information and action steps; and
- a plan history.
Testing your disaster recovery plan
DRPs are substantiated through testing to identify deficiencies and provide opportunities to fix problems before a disaster occurs. Testing can offer proof that the emergency response plan is effective and hits RPOs and RTOs. Since IT systems and technologies are constantly changing, DR testing also helps ensure a disaster recovery plan is up to date.
Reasons given for not testing DRPs include budget restrictions, resource constraints and a lack of management approval. DR testing takes time, resources and planning. It can also be risky if the test involves using live data.
Build and execute your own disaster recover tests using SearchDisasterRecovery's free, downloadable business continuity testing template .
DR testing varies in complexity. In a plan review, a detailed discussion of the DRP looks for missing elements and inconsistencies. In a tabletop test, participants walk through plan activities step by step to demonstrate whether DR team members know their duties in an emergency. A simulation test uses resources such as recovery sites and backup systems in what is essentially a full-scale test without an actual failover .
Incident management plan vs. disaster recovery plan
An incident management plan ( IMP ) -- or incident response plan -- should also be incorporated into the DRP; together, the two create a comprehensive data protection strategy. The goal of both plans is to minimize the impact of an unexpected incident, recover from it and return the organization to its normal production levels as fast as possible. However, IMPs and DRPs are not the same.
The major difference between an incident management plan and a disaster recovery plan is their primary objectives. An IMP focuses on protecting sensitive data during an event and defines the scope of actions to be taken during the incident, including the specific roles and responsibilities of the incident response team.
In contrast, a DRP focuses on defining the recovery objectives and the steps that must be taken to bring the organization back to an operational state after an incident occurs.
Learn what it takes to develop a disaster recovery plan that considers the cloud and cloud services.
Continue Reading About disaster recovery plan (DRP)
- 10 steps for optimal IT disaster recovery plan design
- 4 components of a disaster recovery plan to prepare for a crisis
- 6 steps to a successful network disaster recovery plan
- What to include in a disaster recovery testing plan
Dig deeper on disaster recovery planning and management.
virtual disaster recovery
business impact analysis (BIA)
Cloud-era disaster recovery planning: Maintenance and continuous improvement
Asigra's forthcoming SaaSBackup platform lets Asigra data protection technology protect SaaS backups. MSPs will be able to sell ...
A new SaaS backup specialist emerges from stealth to protect data in apps such as Trello, GitHub and GitLab, which CEO Rob ...
A growing number of enterprise Kubernetes users presents an opportunity for CloudCasa, currently a division of Catalogic, with ...
Pure Storage expanded its storage offerings with FlashBlade//E designed for the unstructured data market with an acquisition cost...
Data governance manages the availability, usability, integrity and security of data. Follow these best practices for governance ...
Vast Data Universal Storage brought out data services, including set performance, metadata cataloging, better security, container...
Instead of looking at where security operations teams excel, Enterprise Strategy Group asked security pros where teams are least ...
This Risk & Repeat podcast episode discusses the White House's National Cybersecurity Strategy and its proposal to hold ...
The volume of vishing attacks continues to rise. But threat researchers say it's difficult to attribute such threats to ...
While the EU is considering new cryptocurrency regulation, the U.S. Securities and Exchange Commission is focused on heightening ...
Policymakers want federal data privacy legislation limiting businesses' ability to collect data on individuals and banning ...
Public, private, hybrid or consortium, each blockchain network has distinct pluses and minuses that largely drive its ideal uses ...
Disaster recovery plan
Disaster recovery plan definition.
A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and more generally promote recovery.
The purpose of a disaster recovery plan is to comprehensively explain the consistent actions that must be taken before, during, and after a natural or man-made disaster so that the entire team can take those actions. A disaster recovery plan should address both man-made disasters that are intentional, such as fallout from terrorism or hacking, or accidental, such as an equipment failure.
What is a disaster recovery plan ?
Organizations of all sizes generate and manage massive amounts of data, much of it mission critical. The impact of corruption or data loss from human error, hardware failure, malware, or hacking can be substantial. Therefore, it is essential to create a disaster recovery plan for the restoration of business data from a data backup image.
It is most effective to develop an information technology (IT) disaster recovery plan in conjunction with the business continuity plan (BCP). A business continuity plan is a complete organizational plan that consists of five components:
1. Business resumption plan 2. Occupant emergency plan 3. Continuity of operations plan 4. Incident management plan (IMP) 5. Disaster recovery plan
Generally, components one through three do not touch upon IT infrastructure at all. The incident management plan typically establishes procedures and a structure to address cyber attacks against IT systems during normal times, so it does not deal with the IT infrastructure during disaster recovery. For this reason, the disaster recovery plan is the only component of the BCP of interest to IT.
Among the first steps in developing such a strategy is business impact analysis, during which the team should develop IT priorities and recovery time objectives. The team should time technology recovery strategies for restoring applications, hardware, and data to meet business recovery needs.
Every situation is unique and there is no single correct way to develop a disaster recovery plan. However, there are three principal goals of disaster recovery that form the core of most DRPs:
- prevention, including proper backups, generators, and surge protectors
- detection of new potential threats, a natural byproduct of routine inspections
- correction, which might include holding a “lessons learned” brainstorming session and securing proper insurance policies
What should a disaster recovery plan include?
Although specific disaster recovery plan formats may vary, the structure of a disaster recovery plan should include several features:
Goals A statement of goals will outline what the organization wants to achieve during or after a disaster, including the recovery time objective (RTO) and the recovery point objective (RPO). The recovery point objective refers to how much data (in terms of the most recent changes) the company is willing to lose after a disaster occurs. For example, an RPO might be to lose no more than one hour of data, which means data backups must occur at least every hour to meet this objective.
Recovery time objective or RTO refers to the acceptable downtime after an outage before business processes and systems must be restored to operation. For example, the business must be able to return to operations within 4 hours in order to avoid unacceptable impacts to business continuity.
Personnel Every disaster recovery plan must detail the personnel who are responsible for the execution of the DR plan, and make provisions for individual people becoming unavailable.
IT inventory An updated IT inventory must list the details about all hardware and software assets, as well as any cloud services necessary for the company’s operation, including whether or not they are business critical, and whether they are owned, leased, or used as a service.
Backup procedures The DRP must set forth how each data resource is backed up – exactly where, on which devices and in which folders, and how the team should recover each resource from backup.
Disaster recovery procedures These specific procedures, distinct from backup procedures, should detail all emergency responses, including last-minute backups, mitigation procedures, limitation of damages, and eradication of cybersecurity threats.
Disaster recovery sites Any robust disaster recovery plan should designate a hot disaster recovery site. Located remotely, all data can be frequently backed up to or replicated at a hot disaster recovery site — an alternative data center holding all critical systems. This way, when disaster strikes, operations can be instantly switched over to the hot site.
Restoration procedures Finally, follow best practices to ensure a disaster recovery plan includes detailed restoration procedures for recovering from a loss of full systems operations. In other words, every detail to get each aspect of the business back online should be in the plan, even if you start with a disaster recovery plan template. Here are some procedures to consider at each step.
Include not just objectives such as the results of risk analysis and RPOs, RTOs, and SLAs, but also a structured approach for meeting these goals. The DRP must address each type of downtime and disaster with a step-by-step plan, including data loss, flooding, natural disasters, power outages, ransomware, server failure, site-wide outages, and other issues. Be sure to enrich any IT disaster recovery plan template with these critical details.
Create a list of IT staff including contact information, roles, and responsibilities. Ensure each team member is familiar with the company disaster recovery plan before it is needed so that individual team members have the necessary access levels and passwords to meet their responsibilities. Always designate alternates for any emergency, even if you think your team can’t be affected.
Address business continuity planning and disaster recovery by providing details about mission-critical applications in your DRP. Include accountable parties for both troubleshooting any issues and ensuring operations are running smoothly. If your organization will use cloud backup services or disaster recovery services, vendor name and contact information, and a list of authorized employees who can request support during a disaster should be in the plan; ideally the vendor and organizational contacts should know of each other.
Media communication best practices are also part of a robust disaster recovery and business continuity plan. A designated public relations contact and media plan are particularly useful to high profile organizations, enterprises, and users who need 24/7 availability, such as government agencies or healthcare providers. Look for disaster recovery plan examples in your industry or vertical for specific best practices and language.
Benefits of a disaster recovery plan
Obviously, a disaster recovery plan details scenarios for reducing interruptions and resuming operations rapidly in the aftermath of a disaster. It is a central piece of the business continuity plan and should be designed to prevent data loss and enable sufficient IT recovery.
Beyond the clear benefit of improved business continuity under any circumstances, having a company disaster recovery plan can help an organization in several other important ways.
Cost-efficiency Disaster recovery plans include various components that improve cost-efficiency. The most important elements include prevention, detection, and correction, as discussed above. Preventative measures reduce the risks from man-made disasters. Detection measures are designed to quickly identify problems when they do happen, and corrective measures restore lost data and enable a rapid resumption of operations.
Achieving cost-efficiency goals demands regular maintenance of IT systems in their optimal condition, high-level analysis of potential threats, and implementation of innovative cybersecurity solutions. Keeping software updated and systems optimally maintained saves time and is more cost-effective. Adopting cloud-based data management as a part of disaster recovery planning can further reduce the costs of backups and maintenance.
Increased productivity Designating specific roles and responsibilities along with accountability as a disaster recovery plan demands increases effectiveness and productivity in your team. It also ensures redundancies in personnel for key tasks, improving sick day productivity, and reducing the costs of turnover.
Improved customer retention Customers do not easily forgive failures or downtime, especially if they result in loss of sensitive data. Disaster recovery planning helps organizations meet and maintain a higher quality of service in every situation. Reducing the risks your customers face from data loss and downtime ensures they receive better service from you during and after a disaster, shoring up their loyalty.
Compliance Enterprise business users, financial markets, healthcare patients, and government entities, all rely on availability, uptime, and the disaster recovery plans of important organizations. These organizations in turn rely on their DRPs to stay compliant with industry regulations such as HIPAA and FINRA.
Scalability Planning disaster recovery allows businesses to identify innovative solutions to reduce the costs of archive maintenance, backups, and recovery. Cloud-based data storage and related technologies enhance and simplify the process and add flexibility and scalability.
The disaster recovery planning process can reduce the risk of human error, eliminate superfluous hardware, and streamline the entire IT process. In this way, the planning process itself becomes one of the advantages of disaster recovery planning, streamlining the business, and rendering it more profitable and resilient before anything ever goes wrong.
Ways to develop a disaster recovery plan
There are several steps in the development of a disaster recovery plan. Although these may vary somewhat based on the organization, here are the basic disaster recovery plan steps:
Risk assessment First, perform a risk assessment and business impact analysis (BIA) that addresses many potential disasters. Analyze each functional area of the organization to determine possible consequences from middle of the road scenarios to “worst-case” situations, such as total loss of the main building. Robust disaster recovery plans set goals by evaluating risks up front, as part of the larger business continuity plan, to allow critical business operations to continue for customers and users as IT addresses the event and its fallout.
Consider infrastructure and geographical risk factors in your risk analysis. For example, the ability of employees to access the data center in case of a natural disaster, whether or not you use cloud backup, and whether you have a single site or multiple sites are all relevant here. Be sure to include this information, even if you’re working from a sample disaster recovery plan.
Evaluate critical needs Next, establish priorities for operations and processing by evaluating the critical needs of each department. Prepare written agreements for selected alternatives, and include details specifying all special security procedures, availability, cost, duration, guarantee of compatibility, hours of operation, what constitutes an emergency, non-mainframe resource requirements, system testing, termination conditions, a procedure notifying users of system changes, personnel requirements, specs on required processing hardware and other equipment, a service extension negotiation process, and other contractual issues.
Set disaster recovery plan objectives Create a list of mission-critical operations to plan for business continuity, and then determine which data, applications, equipment, or user accesses are necessary to support those functions. Based on the cost of downtime, determine each function’s recovery time objective (RTO). This is the target amount of time in hours, minutes, or seconds an operation or application can be offline without an unacceptable business impact.
Determine the recovery point objective (RPO), or the point in time back to which you must recover the application. This is essentially the amount of data the organization can afford to lose.
Assess any service level agreements (SLAs) that your organization has promised to users, executives, or other stakeholders.
Collect data and create the written document Collect data for your plan using pre-formatted forms as needed. Data to collect in this stage may include:
- lists (critical contact information list, backup employee position listing, master vendor list, master call list, notification checklist)
- inventories (communications equipment, data center computer hardware, documentation, forms, insurance policies, microcomputer hardware and software, office equipment, off-site storage location equipment, workgroup hardware, etc.)
- schedules for software and data files backup/retention
- procedures for system restore/recovery
- temporary disaster recovery locations
- other documentation, inventories, lists, and materials
Organize and use the collected data in your written, documented plan.
Test and revise Next, develop criteria and procedures for testing the plan. This is essential to ensure the organization has adopted compatible, feasible backup procedures and facilities, and to identify areas that should be modified. It also allows the team to be trained, and proves the value of the DRP and ability of the organization to withstand disasters.
Finally, test the plan based on the criteria and procedures. Conduct an initial dry run or structured walk-through test and correct any problems, ideally outside normal operational hours. Types of business disaster recovery plan tests include: disaster recovery plan checklist tests, full interruption tests, parallel tests, and simulation tests.
The recovery point objective, or RPO, refers to how much data (in terms of the most recent changes) the company is willing to lose after a disaster occurs. For example, an RPO might be to lose no more than one hour of data, which means data backups must occur at least every hour to meet this objective.
The RPO answers this question: “How much data could be lost without significantly impacting the business?”
Example: If the RPO for a business is 20 hours and the last available good copy of data after an outage is 18 hours old, we are still within the RPO’s parameters.
In other words, the RTO answers the question: “How much time after notification of business process disruption should it take to recover?”
To compare RPO and RTO, consider that RPO means a variable amount of data that would need to be re-entered after a loss or would be lost altogether during network downtime. In contrast, RTO refers to how much real time can elapse before the disruption unacceptably impedes normal business operations.
It is important to expose the gap between actuals and objectives set forth in the disaster recovery plan. Only business disruption and disaster rehearsals can expose actuals—specifically Recovery Point Actual (RPA) and Recovery Time Actual (RTA). Refining these differences brings the plan up to speed.
Strategies and tools for a disaster recovery plan
The right strategies and tools help implement a disaster recovery plan.
Traditional on-premises recovery strategies The IT team should develop disaster recovery strategies for IT applications, systems, and data. This includes desktops, data, networks, connectivity, servers, wireless devices, and laptops. Identify IT resources that support time-sensitive business processes and functions so their recovery times match.
Information technology systems require connectivity, data, hardware, and software. The entire system may fail due to a single component, so recovery strategies should anticipate the loss of one or more of these system components:
- Secure, climate-controlled computer room environment with backup power supply
- Connectivity to a service provider
- Hardware such as desktop and laptop computers, networks, wireless devices and peripherals, and servers
- Software applications such as electronic mail, electronic data interchange, enterprise resource management, and office productivity
Data and restoration For business applications that cannot tolerate downtime, actual parallel computing, data mirroring, or multiple data center synchronization is possible yet costly. Other solutions for mission critical business applications and sensitive data include cloud backup and cloud-native disaster recovery, which reduce the need for expensive hardware and IT infrastructure.
Internal recovery strategies Some enterprises store data at multiple facilities and configure hardware to run similar applications from data center to data center when needed. Assuming off-site data backup or data mirroring are taking place, processing can continue and data can be restored at an alternate site under these circumstances. However, this is a costly solution, and one that demands an internal solution that is itself infallible.
Cloud-based disaster recovery strategies Cloud-based vendors offer Disaster recovery as a service (DRaaS), which are essentially “hot sites” for IT disaster recovery hosted in the cloud. DRaaS leverages the cloud to provide fully configured recovery sites that mirror the applications in the local data center. This allows users a more immediate response, allowing them the ability to recover critical applications in the cloud, keeping them ready for use at the time of a disaster.
Vendors can host and manage applications, data security services, and data streams, enabling access to information via web browser at the primary business site or other sites. These vendors can typically enhance cybersecurity because their ongoing monitoring for outages offers data filtering and detection of malware threats. If the vendor detects an outage at the client site, they hold all client data automatically until the system is restored. In this sense, the cloud is essential to security planning and disaster recovery.
Does Druva offer a cloud disaster recovery plan ?
With Druva’s cloud-native disaster recovery plan, workloads on-premises or in the cloud back up directly to the Druva Cloud Platform, built on AWS. This eliminates recovery complexities by enabling automated runbook execution and one-click disaster recovery. Druva’s cloud-native disaster recovery includes failover and failback, either back to on-premises systems or to any AWS region or account without hardware, a managed DR site, or excessive administration.
Watch the video below for a demo, and discover Druva’s innovative one-click solutions for on-premises and cloud workloads on the disaster recovery page of the website .
Now that you’ve learned about the disaster recovery plan, brush up on these related terms with Druva’s glossary:
- What is cyber resilience?
- What is an RPO?
- What is an RTO?
Druva Data Resiliency Cloud
- Platform overview
Cloud backup & recovery
- Hybrid workloads
- Druva AWS Backup
Cyber resiliency & compliance
- Accelerated ransomware recovery
- Global deduplication
- Security & trust
- Accelerate & protect cloud projects
- Reduce cost & complexity of data protection
- Improve cyber resilience & compliance
- Enterprise cloud backup
- SaaS apps data protection
- Data center backup & recovery
- Data protection for AWS workloads
- Cloud disaster recovery
- Remote & branch office backup
- Endpoint backup & governance
- Compliance monitoring
- eDiscovery and legal hold
- Cloud archiving & retention
- Microsoft 365
- Dell Technologies
- Compass Partner Program
- Technology partners
- Managed service providers
- Partner portal
- Customer stories
- Analyst reports
- Case studies
- Customer testimonials
- Solution briefs
- Professional services
- Product demos
- White Papers
- Druva glossary of terms
- Data Resilience
- Cloud Data Protection
- Corporate Responsibility
- Data Privacy
- Legal and Compliance
- Modern Slavery Act
- Pandemic response
+44 (0) 20 3750 9440.
Kyndryl has a comprehensive set of Technology Services around hybrid cloud solutions, business resiliency and network services for your IT transformations.
- Core Enterprise and zCloud
- Data and AI
- Digital Workplace
- Network and Edge
- Security and Resiliency
An open integration platform delivering IT solutions.
Co-creating to solve complex business problems
Kyndryl’s industry experts help modernize, digitize and secure your IT to provide outstanding customer experiences.
- Banking and Financial Markets
- Travel and Transportation
- Chemical, Oil and Gas
- Communications and Media
Kyndryl can help you identify and secure state and federal funding to support your critical technology projects.
Empowering progress while modernizing and managing the world’s mission-critical systems and services
- Corporate Responsibility
- Inclusion and Diversity
We’ve built relationships with some of the world’s leading companies. Together we’re disruption-proofing their operations and supporting their customers.
Disaster recovery plans explained
Develop a disaster recovery plan that boosts your cyber resilience and recovery capability
What is a disaster recovery plan and how does it work?
A disaster recovery (DR) plan is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events. The plan contains strategies to minimize the effects of a disaster, so an organization can continue to operate or quickly resume key operations.
Disruptions can lead to lost revenue, brand damage and dissatisfied customers — and the longer the recovery time, the greater the adverse business impact. Therefore, a good disaster recovery plan should enable rapid recovery from disruptions, regardless of the source of the disruption.
A DR plan is more focused than a business continuity plan and does not necessarily cover all contingencies for business processes, assets, human resources and business partners.
A successful DR solution typically addresses all types of operation disruption and not just the major natural or man-made disasters that make a location unavailable. Disruptions can include power outages, telephone system outages, temporary loss of access to a facility due to bomb threats, a "possible fire" or a low-impact non-destructive fire, flood or other event. A DR plan should be organized by type of disaster and location. It must contain scripts (instructions) that can be implemented by anyone.
Before the 1970s, most organizations only had to concern themselves with making copies of their paper-based records. Disaster recovery planning gained prominence during the 1970s as businesses began to rely more heavily on computer-based operations. At that time, most systems were batch-oriented mainframes. Another offsite mainframe could be loaded from backup tapes, pending recovery of the primary site.
In 1983 the U.S. government mandated that national banks must have a testable backup plan. Many other industries followed as they understood the significant financial losses associated with long-term outages.
By the 2000s, businesses had become even more dependent on digital online services. With the introduction of big data, cloud, mobile and social media, companies had to cope with capturing and storing massive amounts of data at an exponential rate. DR plans had to become much more complex to account for much larger amounts of data storage from a myriad of devices. The advent of cloud computing in the 2010s helped to alleviate this disaster recovery complexity by allowing organizations to outsource their disaster recovery plans and solutions.
Another current trend that emphasizes the importance of a detailed disaster recovery plan is the increasing sophistication of cyber attacks. Industry statistics show that many attacks stay undetected for well over 200 days. With so much time to hide in a network, attackers can plant malware that finds its way into the backup sets –infecting even recovery data. Attacks may stay dormant for weeks or months, allowing malware to propagate throughout the system. Even after an attack is detected, it can be extremely difficult to remove malware that is so prevalent throughout an organization.
Business disruption due to a cyber attack can have a devastating impact on an organization. For instance, cyber outage at a package delivery company can disrupt operations across its supply chain, leading to financial and reputational loss. In today’s digitally dependent world, every second of that disruption counts.
Why is a DR plan important?
The compelling need to drive superior customer experience and business outcome is fueling the growing trend of hybrid multicloud adoption by enterprises. Hybrid multicloud, however, creates infrastructure complexity and potential risks that require specialized skills and tools to manage. As a result of the complexity, organizations are suffering frequent outages and system breakdown, coupled with cyber-attacks, lack of skills, and supplier failure. The business impact of outages or unplanned downtime is extremely high, more so in a hybrid multicloud environment. Delivering resiliency in a hybrid multicloud requires a disaster recovery plan that includes specialized skills, an integrated strategy and advanced technologies, including orchestration for data protection and recovery. Organizations must have comprehensive enterprise resiliency with orchestration technology to help mitigate business continuity risks in hybrid multicloud, enabling businesses to achieve their digital transformation goals.
Other key reasons why a business would want a detailed and tested disaster recovery plan include:
•To minimize interruptions to normal operations.
•To limit the extent of disruption and damage.
•To minimize the economic impact of the interruption.
•To establish alternative means of operation in advance.
•To train personnel with emergency procedures.
•To provide for smooth and rapid restoration of service.
To meet today's expectation of continuous business operations, organizations must be able to restore critical systems within minutes, if not seconds of a disruption.
How are organizations using disaster recovery plans?
Many organizations struggle to evolve their disaster recovery plan strategies quickly enough to address today’s hybrid-IT environments and complex business operations. In an always-on, 24/7-world, an organization can gain a competitive advantage –or lose market share –depending on how quickly it can recover from a disaster and recover core business services.
Some organizations use external disaster recovery and business continuity consulting services to address a company’s needs for assessments, planning and design, implementation, testing and full resiliency program management.
There are proactive services to help businesses overcome disruptions with flexible, cost-effective IT DR solutions.
With the growth of cyber attacks, companies are moving from a traditional/manual recovery approach to an automated and software-defined resiliency approach. Other companies turn to cloud-based backup services provide continuous replication of critical applications, infrastructure, data and systems for rapid recovery after an IT outage. There are also virtual server options to protect critical servers in real-time. This enables rapid recovery of your applications to keep businesses operational during periods of maintenance or unexpected downtime.
For a growing number of organizations, the solution is with resiliency orchestration, a cloud-based approach that uses disaster recovery automation and a suite of continuity-management tools designed specifically for hybrid-IT environments and protecting business process dependencies across applications, data and infrastructure components. The solution increases the availability of business applications so that companies can access necessary high-level or in-depth intelligence regarding Recovery Point Objective (RPO) , Recovery Time Objective (RTO) and the overall health of IT continuity from a centralized dashboard.
In today’s always-on world, your business can’t afford downtime, which can result in revenue loss, reputational damage, and regulatory penalties. Learn how Kyndryl can help transform your IT recovery management through automation to simplify disaster recovery process, increase workflow efficiency, and reduce risk, cost, and system testing time.
How is a disaster recovery (DR) plan used in industry?
Hyundai Heavy Industries (HHI) was faced with that harsh reality when a 5.8 magnitude earthquake struck in 2016. Since the company’s backup center was located near headquarters in Ulsan City, Korea, the earthquake served as a wake-up call for HHI to examine its disaster recovery systems and determine preparedness for a full range of potential disruption. In 2016 an earthquake showed just how close a natural disaster could come to damaging Hyundai's mission critical IT infrastructure. The IT leadership responded quickly, working with Kyndryl Business Resiliency Services to implement a robust disaster recovery solution with a remote data center.
What are the key steps of a disaster recovery (DR) plan?
The objective of a disaster recovery (DR) plan is to ensure that an organization can respond to a disaster or other emergency that affects information systems –and minimize the effect on business operations. Kyndryl has a template for producing a basic DR plan. The following are the suggested steps as found in the DR template. Once you have prepared the information, it is recommended that you store the document in a safe, accessible location off site.
- Major goals: The first step is to broadly outline the major goals of a disaster recovery plan.
- Personnel: Record your data processing personnel. Include a copy of the organization chart with your plan.
- Application profile: List applications and whether they are critical and if they are a fixed asset.
- Inventory profile: List the manufacturer, model, serial number, cost and whether each item is owned or leased.
- Information services backup procedures: Include information such as: “Journal receivers are changed at ________ and at ________.” And: “Changed objects in the following libraries and directories are saved at ____.”
- Emergency response procedures to document the appropriate emergency response to a fire, natural disaster, or any other activities in order to protect lives and limit damages.
- Backup operations procedures to ensure that essential data processing operational tasks can be conducted after the disruption.
- Recovery actions procedures to facilitate the rapid restoration of a data processing system following a disaster.
- DR plan for mobile site: The plan should include a mobile site setup plan, a communication disaster plan (including the wiring diagrams) and an electrical service diagram.
- DR plan for hot site: An alternate hot site plan should provide for an alternative (backup) site. The alternate site has a backup system for temporary use while the home site is being reestablished.
- Restoring the entire system: To get your system back to the way it was before the disaster, use the procedures on recovering after a complete system loss in Systems management: Backup and recovery.
- Rebuilding process: The management team must assess the damage and begin the reconstruction of a new data center.
- Testing the disaster recovery and cyber recovery plan: In successful contingency planning, it is important to test and evaluate the DR plan regularly. Data processing operations are volatile in nature, resulting in frequent changes to equipment, programs and documentation. These actions make it critical to consider the plan as a changing document.
- Disaster site rebuilding: This step should include a floor plan of the data center, the current hardware needs and possible alternatives –as well as the data center square footage, power requirements and security requirements.
- Record of plan changes: Keep your DR plan current. Keep records of changes to your configuration, your applications and your backup schedules and procedures.
The object storage buyer’s guide.
Technical/financial benefits; how to evaluate for your environment.
HyperIQ Observability & Analytics
Watch 2-min Intro
Evaluator Group Webinar
Skills Shortage? Ease the Storage Management Burden. Watch On-Demand
Scaling Object Storage with Adaptive Data Management
Get White Paper
Industries , 2021 enterprise ransomware victims report.
Don’t Be a Victim
Scalable S3-Compatible Storage, On-Prem with AWS Outposts
Trending topic: on-prem s3 for data analytics.
Ransomware 2021: A Conversation with Veeam CISO Gil Vega
Hear His Thoughts
How a Private Cloud Addresses the Kubernetes Storage Challenge
Free White Paper
Data Security & Compliance: 3 ?s Every CIO Should Ask
Ask the Right ??s
5 Things Every MSP Should Know About Sovereign Cloud
Get Free eBook
TCO Report: NAS File Tiering
Learn how object storage can dramatically reduce Tier 1 storage costs
Get TCO Analysis
Satellite Application Catapult Deploys Cloudian for Scalable Storage
Replaces conventional NAS, saves 75%
Read Their Story
Veeam & Cloudian: Office 365 Backup – It’s Essential
Blog: How to Grow Your Storage and Not Your CAPEX Spend
Pay as you grow, starting at 1.3 cents/GB/month
Read the Blog
Why the FBI Can’t Stop Cybercrime and How You Can
8 Reasons to Choose Cloudian for State & Local Government Data
Get 8 Reasons
Cloudian HyperStore SEC17a-4 Cohasset Assessment Report
Read the Assessment
Hybrid Cloud for Manufacturers
Tape: does it measure up, customer testimonial: university of leicester.
Hear from Mark
Public Health England: Resilient IT Infrastructure for an Uncertain Time
How to Accelerate Genomics Data Analysis Pipelines by 10X
Hear from Weka
How MSPs Can Build Profitable Revenue Streams with Storage Services
Get IDC’s Take
Get scalable storage on-prem for aws outposts.
Hear from AWS
Lock Ransomware Out with Commvault & Cloudian
Cribl stream with cloudian hyperstore s3 data lake, why object storage is best for advanced analytics apps in greenplum.
Customer Video: NTT Communications
Hear from NTT
How to Store Kasten Backups to Cloudian
Klik.solutions delivers world-class backup-as-a-service with lenovo & cloudian.
Why They Chose Us
Modernize SQL Server with S3 Data Lake
Find Out How
How to Run Cloudian on OpenShift as a Container
Immutable object storage for european smbs from rnt rausch and cloudian, backup/archive to cloudian with rubrik nas cloud direct, on-premises object storage for snowflake analytics workloads.
Get the Details
Splunk, ClearShark, and Cloudian discuss Federal Industry Storage Trends
Teradata & cloudian: modern data analytics for hybrid and multi-cloud, 1-step to data protection: all you need to know about veeam v12 + cloudian.
Step up to Cloudian
Modernize Your Enterprise Archive Storage with Cloudian and Veritas
Read About It
Unified Analytics Data Lake Platform with Vertica and Cloudian HyperStore
Vmware cloud providers: get started in cloud storage, free..
Weka + Cloudian: High-Performance, Exabyte-Scalable Storage for AI/ML
Customers , cloudian enables leading swiss financial institution to retain and analyze more big data.
Read Case Study
Indonesian Financial Services Company Replaces NAS With Cloudian
State of california selects storage-as-a-service offering powered by cloudian, cloudian provides utah state agencies with rubrik-compatible backup target, cuts costs by 75 percent, australian genomic sequencing leader accelerates research with cloudian, swiss education non-profit achieves scale and flexibility of public cloud on-prem with cloudian, indonesia ministry of education deploys cloudian object storage to keep up with data growth, leading german paper company meets growing data backup needs with cloudian, vox media automates archive process to accelerate workflow by 10x, wgbh boston builds a hybrid cloud active archive with cloudian hyperstore, large german retailer consolidates primary and secondary storage to cloudian, how a sovereign cloud provider succeeds in cloud storage services.
IT Service Provider Drives Business Growth with Cloudian-based Offering
Calcasieu parish sheriff deploys hybrid cloud for digital evidence data, montebello bus lines mobile video surveillance with cloudian object storage, resources , storage guides , ransomware protection buyer’s guide.
Get Free Guide
Cloudian named a gartner peer insights customers’ choice for distributed file systems and object storage.
4 Disaster Recovery Plan Examples and 10 Essential Plan Items
What is a disaster recovery plan.
A disaster recovery plan defines instructions that standardize how a particular organization responds to disruptive events, such as cyber attacks, natural disasters, and power outages. A disruptive event may result in loss of brand authority, loss of customer trust, or financial loss.
The plan is a formal document that specifies how to minimize the effects of disaster scenarios, and help the organization minimize damage and restore operations quickly. To ensure effectiveness, organize your plan by the location and the type of disaster, and provide simple step by step instructions that stakeholders can easily implement.
Disaster recovery plan examples can be very useful when developing your own disaster recovery plan. We collected several examples of plans created by leading organizations, and a checklist of items that are essential to include in your new plan.
In this article:
- IBM’s Disaster Recovery Plan
- The Council on Foundations
- Micro Focus
- Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
- Hardware and Software Inventory
- Identify Personnel Roles
- List of Disaster Recovery Sites
- Remote Storage of Physical Documents and Storage Media
- Disaster Response Procedures
- Identify Sensitive Data
- Define a Communication Plan for Disaster Events
- Physical Facility Needs
- Run Disaster Recovery Drills
- Data Protection with Cloudian
4 Great Disaster Recovery Plan Examples
Each of these examples is also a template you can use to develop a disaster recovery plan for your organization.
For more background on how to build a plan from scratch, read our guide to disaster recovery plans
1. IBM’s Disaster Recovery Plan
Created by : IBM Pages : 13 Main sections:
- Major goals of a disaster recovery plan
- Application profile
- Inventory profile
- Information services backup procedures
- Disaster recovery procedures
- Recovery plan for mobile site
- Recovery plan for hot site
- Restoring the entire system
- Rebuilding process
- Testing the disaster recovery plan
Go to template
2. The Council on Foundations
Created by : The Council on Foundations Pages : 59 Main sections :
- Risks and Event Scenarios
- Plan Activation
- Responsibility and Delegation of Authority
- Incident Response Team (IRT)
- Incident Response Team Roles & Responsibilities
- Business Impact Analysis
- Recovery Activity Summary and Needs Assessment
- Vital Records
- Disaster Notification/Communications
- Personnel & Board Contact Information
- Building Evacuation
- Emergency Operations Center
- Business Recovery Locations
- Information Technology/Operations Preparedness
Download .PDF template
3. Evolve IP
Created by: Evolve IP Pages: 17 Main sections:
- Emergency Contact Form
- External Contacts
- Notification Network
- Disaster Management Team
- Network Team
- Server Team
- Applications Team
- Data & Backups
- Restoring IT Functionality
- Network Equipment
- Severity One System
- Plan Testing & Maintenance
- Recovery Completion Form
4. Micro Focus
Created by: Micro Focus Pages: 36 Main sections:
- Key Personnel Contact Info
- Plan Overview
- Financial and Legal Issues
- Technology Disaster Recovery Plan
- Suggested Forms
10 Things You Must Include in Your Disaster Recovery Plan Checklist
1. recovery time objective (rto) and recovery point objective (rpo).
A disaster recovery plan must make it clear what are your organization’s:
- RTO —the maximal time your organization can tolerate for recovering normal operations in case of a disaster (for example, recovery within 30 minutes, 2 hours, 12 hours)
- RPO —the maximal amount of data your organization can afford to lose (for example, an hour of data, 3 hours of data, one day of data)
2. Hardware and Software Inventory
For a plan to be effective, you must have a comprehensive, up-to-date inventory of your IT assets. Categorize them into the following categories:
- Critical —assets without which your business cannot operate
- Important —applications that are used at least once per day and can disrupt normal operations
- Unimportant —applications that are used less frequently than once per day
Ensure that your disaster recovery plan addresses all critical assets, and as many as possible of the important and unimportant assets, in that order.
3. Identify Personnel Roles
The plan should define who in the organization is responsible for disaster recovery processes, with their names and contact details. Critical responsibilities include:
- Ongoing backups and maintenance of business continuity systems
- Responsibility for declaring a disaster
- Responsibility for contacting third-party vendors
- Responsibility for reporting to management and liaising with customers, press, etc.
- Responsibility for managing the crisis and recovering from it
4. List of Disaster Recovery Sites
A disaster recovery plan must specify where the company’s assets are located, and where each group of assets will be moved if a disaster occurs. There are three types of sites:
- Hot sites —a fully functional data center with IT equipment, personnel and up to date customer data.
- Warm sites —a functional data center that allows access to critical systems only, without up-to-date customer data
- Cold sites —used to store backups of systems or data, but without the ability to immediately run operational systems
5. Remote Storage of Physical Documents and Storage Media
Most organizations have a large quantity of physical documents and/or storage media like DVDs, external hard drives or backup tapes, which must be protected in case of a disaster. Unexpected loss of this data can be detrimental to the business or result in compliance violations. Therefore, copies of all critical documents must be stored in a remote location.
6. Disaster Response Procedures
A key element of a disaster recovery plan is a documented procedure for responding to a catastrophic event. The first few hours of an event are critical, and staff should know exactly what to do to minimize damage to organizational systems, and recover systems to resume normal operations.
A DR procedure should include clear action steps, in simple and unambiguous language, including how to fail over to the disaster recovery site and ensure that recovery is successful.
Related content: Read our guide to disaster recovery policy
7. Identify Sensitive Data
All organizations maintain sensitive data, which may also be subject to compliance requirements, such as Personally Identifiable Information (PII), credit cardholder data, or other valuable data like intellectual property (IP).
A disaster recovery plan must identify how this sensitive data is securely backed, and who should have access to the original copy and the backups, both during normal operations and in the event of a disaster.
8. Define a Communication Plan for Disaster Events
When disaster strikes, a company must have a clear plan for delivering essential information to affected parties, including:
- Vendors and suppliers
- Compliance authorities
The communication plan should include elements like public relations (PR), communication on the company websites, and social media. When there is a clear channel of communication with stakeholders about an event, customers and other stakeholders will feel reassured and will be more likely to continue their relationship with the company.
9. Physical Facility Needs
In case of a physical disaster like a flood or earthquake, there will be a need to restore physical facilities. The disaster recovery plan should specify what is the minimal facility that will enable the company to restore normal operations—including office space, location, furniture needed, computing and IT equipment.
10. Run Disaster Recovery Drills
Disaster recovery plans might look great on paper, but fail when they are needed most. To avoid this from happening, run a drill and test your plan in a realistic scenario. Learn the lessons from the drill and update the plan to make it clearer and more effective for all parties involved. Disaster recovery plans must be updated at least once per year.
Protecting Data Effortlessly with Cloudian
If you need to backup data to on-premises storage, Cloudian offers low-cost disk-based storage with capacity up to 1.5 Petabytes. You can also set up a Cloudian appliance in a remote site and save data directly to the remote site using our integrated data management tools.
Alternatively, you can use a hybrid cloud setup. Backup data to a local Cloudian appliance, and configure it to replicate all data to the cloud. This allows you to access data locally for quick recovery, while keeping a copy of data on the cloud in case a disaster affects the on-premise data center.
Learn more about Cloudian’s data protection solution.
Get Started With Cloudian Today
Request a Demo
Join a 30 minute demo with a Cloudian expert.
Download a Free Trial
Try Cloudian in your shop. Run on any VM, even your laptop.
Receive a Cloudian quote and see how much you can save.
Prepare for Emergencies with Business Continuity and Disaster Recovery Plans
How a company responds during an emergency or other unexpected event can drastically impact how quickly it can resume operations and its prospects for future success. Planning ahead and having systems in place for such events can be just as important as the actual response once an event occurs.
To prepare, companies should have both business continuity plans and disaster recovery plans in place. While business continuity and disaster recovery plans are two separate types of plans, they should complement each other as there are many similar concerns for each.
Below, we outline how these plans differ and steps your company can take to design effective plans should an emergency arise:
- What Is a Business Continuity Plan?
- What Is a Disaster Recovery Plan?
- How Does Disaster Recovering Planning Differ from Business Continuity Planning?
- What Types of Events Should Be Included in a Disaster Recovery Plan?
What Are the Benefits of Planning Ahead?
- What Does a Business Continuity Plan Typically Include?
- What Processes and Procedures Belong in a Business Continuity Plan?
- What Is the Purpose of a Disaster Recovery Plan?
- What Does a Disaster Recovery Plan Typically Include?
How Do You Test a Disaster Recovery Plan?
A business continuity plan is a predefined approach and procedure for how a business will continue to run when coping with an emergency.
A disaster recovery plan is a predefined approach and procedure for restoring the business to full functionality, following a system failure or compromise, while keeping the impact to a minimum.
While a business continuity plan focuses on defining how business operations should function under abnormal circumstances during a disaster or emergency, a disaster recovery plan focuses on getting applications and systems back to normal.
Business emergencies can include events that are intentionally or accidentally caused by humans as well as natural disasters.
Potential disasters and threats can include the following:
- Pandemic flu
- Computer and server shutdown or denial-of-service and sabotage
- Ransomware attack
- Bomb threat
- Severe weather or wildfire
Regardless of the origin, business disasters may cause:
- Death or significant injury
- Damage to property or environmental damage
- Closing of business
- Work or service stoppage
- Negative impact on the company’s financial standing or company image
Business continuity planning and disaster recovering planning both provide several benefits to your organization, especially when they’re drafted in tandem, including:
- People and property protection
- Morale boost
- Improved decision-making
- Risk management
People and Property Protection
Having emergency plans in place can help safeguard life and property of the company and its employees. The Occupational Safety and Health Administration (OSHA) even requires companies with more than 10 employees to write these plans in compliance with its Regulation 1910.38 Emergency Action Plans .
When employees know plans are in place, they may feel safer. This can help boost morale and potentially increase business value perception to buyers who recognize the responsibility and preparedness of the company.
Planning ahead allows for systemic, structured, and timely implementation of your plan and helps you make decisions based on the best available information, should an emergency occur.
It also provides room to be dynamic and responsive to change. Flexibility can allow you to take human and cultural factors into account, such as supporting workers with medical needs or managing teams that operate across geographic regions, and allows the company to be transparent and inclusive with its plans.
Even if you haven’t faced an emergency, planning for one can help facilitate continual improvement of the organization and become an integral part of all organizational processes.
Managing risk for organizations includes risks posed by relationships with third parties, such as service providers or vendors. These third parties can play a significant part in the overall risk for an organization based on the types of data they have access to or handle. They can also be used to provide recovery services or high availability for systems that need to meet high levels of up time.
For companies serving highly regulated industries, such as health care, financial services, and utilities, third-party risk management often includes assessing business continuity plans and disaster recovering plans. By documenting and testing these plans, organizations are better equipped to meet the expectations of those they serve.
There are several key factors to consider when creating a business continuity plan. While employees and customer safety should be your top concern, there are also other areas of focus that are especially important.
Business continuity planning should focus on:
- Duration your business can last without its tools, assets, operating locations, and other elements crucial to operations
- Possible outcomes if you’re denied access to facilities, servers, customer records, or other needs
- Length of time you can operate without telephone service, electricity, or temporary electricity if running only on generators, water, and other utilities
- Necessary changes to processes and workflows to maintain critical operations until the situation can be returned to normal
- Scenarios most likely to occur that would create the greatest disruption to the organization
To prepare for those concerns, a business continuity plan should define processes and procedures for the following:
- Assessing and planning for threats to business operations
- Maintaining operations and meeting obligations during emergencies
- Testing your plan, including test types, testing schedules, and documentation requirements
Steps to assess various risks should include the following:
- Estimating the likelihood of the event based on data, such as the historical frequency of natural disasters in an area
- Defining risk categories, such as operational, legal, reputational, or security risks
- Estimating the impact to assets or processes based on the defined risk categories—for example, a natural disaster that causes a server outage may affect a public website hosting a storefront, which could impact revenue or relationships with partners
- Mitigating controls such as backups and alternate operating locations
Primary and secondary points of contact should be determined internally and externally. It may help to create templates or prewritten communications as well as communications schedules that can be deployed immediately in the event of an emergency. This helps put plans into action and address employee and public concerns.
Emergencies can require all hands on deck, so it’s important to identify top personnel and their responsibilities in your plan, as well as team members to serve as alternates in case the primary role player is unavailable.
Responsibilities should be defined and assigned for the following roles:
- Crisis manager or site coordinator
- Engineering or maintenance officer
- Human resources officer
- Communications or public relations officer
- Outside members such as police, fire, and government personnel
Employees will need to be notified and provided instruction in an emergency situation. Employee contact information should be up-to-date and easily accessible with departmental organizational charts as well as cell and home phone numbers and emergency contact information included.
Planning should also consider the likelihood that communications systems may be inaccessible and define alternative means of connecting with employees and team members, including any third parties supporting business continuity efforts.
What Safety and Security Measures Are Included?
First-aid kits and other resources should be inspected at least on a monthly basis. Identify local hospitals, medical treatment options, and available 911 services so the correct parties can be contacted as quickly as possible if needed.
Evacuation and Access to Property
Evacuation plans from all company buildings should be readily available, and employees can be instructed on evacuation routes through drills. Additionally, they should be provided directions to shelter and safe areas.
For those not at a company location or to plan for how to access property following an emergency, alternate routes to key facilities should also be provided in the event of damaged roads.
How Will You Access Contractors, Support Equipment, and Utility Companies?
Should you require the assistance of emergency personnel, repairs to infrastructure, or equipment, it’s important to consider how you’ll access these resources. Contractor contact information and tools and equipment requirements, as well as rentals, should be readily available.
Equipment you should consider having access to includes the following:
- Generators for backup power including portable options such as trailers
- Computing equipment and storage
- Trailers to transport fuel to generators, equipment for repairs, or sandbags before storms
In addition to requesting these materials, it’s important to make sure anyone who will come in contact with the equipment has a deep knowledge of how to properly operate machinery and assess any safety concerns.
Other important vendors and contacts to have easy access to include the following:
- Banks and financial institutions
- Computer and IT backup support providers
- Building contractors
- Fuel companies
Do You Have Proper Insurance?
Should damage take place to your property or if people are harmed, you’ll want to make sure the proper insurance protocol is in place. You should be able to easily access the contact and claims reporting information for the following:
- Property-casualty agent
- Group health insurance
- Life or accidental death and dismemberment insurance
Insurance concerns can also extend to cars and other vehicles, so it’s important to have access to vehicle identification numbers (VINs) in case they go missing or are damaged.
The purpose of disaster recovery planning is to support critical operations by returning IT systems to full functionality. This should be prioritized based on customer needs, regulatory requirements, and the importance to your organization or the operations that the IT system supports.
You should be able to determine the availability of workaround options compared to work stoppages to do the following:
- Reduce the likelihood or impact of an event through technology and controls
- Maintain minimum mission-critical systems to allow for eventual full restoration
- Recover post-disaster by bringing all systems back online to full operational state
A disaster recovery plan has many of the same elements of a business continuity plan that need to be documented and defined ahead of time, but there are several key elements that are different. These elements include:
- Business impact analysis
- Assumptions and constraints
- Communication processes
- Data and system backup plan
- Damage and impact assessment
- Response communication and action plan
A business impact analysis is essential for determining and evaluating the effects of an interruption to critical business operations. It assesses a disaster’s impact over time and helps establish recovery strategies, priorities, and requirements based on system criticality.
Business leaders and management should be involved in determining the system recovery priorities as this analysis will be used to document the critical systems, document dependencies with other systems, and prioritize the system recovery efforts.
What Is the Importance of Communication Processes and Role Assignments?
Communication is a key process during the recovery effort so recovery teams should understand their roles and responsibilities. A disaster recovery coordinator should be established, along with a backup to this position. These persons will be responsible for coordinating, communicating, and managing staff during the recovery efforts.
An emergency response team should also be documented as these personnel will be responsible for the actual recovery of the systems. They will need to prepare the recovery site for operation, coordinate recovery steps and activities, interface with system vendors, and ensure recovery is complete once systems are restored.
Disaster preparedness is rooted in an agreed-upon backup strategy that addresses acceptable recovery time and data loss, adequate system redundancy, and sound data restoration processes. The data backup plan details the backup strategy employed to ensure that data is available in order to restore systems during emergency and nonemergency situations.
This plan outlines the backup strategy for all of the critical systems identified in the business impact analysis. The recovery and response action plan provides detailed steps on the recovery procedures that need to be performed in order to restore systems and data. The recovery steps are critical as they will help guide staff in the steps necessary to fully recover a system.
Once a plan is in place, perform tests that help verify that it can be properly executed.
Diverse testing methods must be deployed so that multiple scenarios can be addressed and tested. Suggested testing methods include the following:
- Walkthrough testing
- Simulation testing
- Checklist testing
- Full-interruption testing
- Parallel testing
Testing can be done for several purposes including the following:
- Exercising the recovery processes and procedures
- Familiarizing staff with the recovery process and documentation
- Verifying the effectiveness of the recovery documentation and site
- Establishing if recovery objectives are achievable
- Identifying improvements to the disaster recovery strategy, infrastructure, and recovery processes
We’re Here to Help
Emergency preparedness is all about planning, training, and maintaining a supportive culture. To learn more about how your business can organize business continuity and disaster recovery plans and confidently test and execute them, contact your Moss Adams professional.
Assurance, tax, and consulting offered through Moss Adams LLP. ISO/IEC 27001 services offered through Cadence Assurance LLC, a Moss Adams company. Wealth management offered through Moss Adams Wealth Advisors LLC. Services from India provided by Moss Adams (India) LLP.
Contact us with questions.
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
IT Disaster Recovery Plan
Businesses use information technology to quickly and effectively process information. Employees use electronic mail and Voice Over Internet Protocol (VOIP) telephone systems to communicate. Electronic data interchange (EDI) is used to transmit data including orders and payments from one company to another. Servers process information and store large amounts of data. Desktop computers, laptops and wireless devices are used by employees to create, process, manage and communicate information. What do you when your information technology stops working?
An information technology disaster recovery plan (IT DRP) should be developed in conjunction with the business continuity plan . Priorities and recovery time objectives for information technology should be developed during the business impact analysis . Technology recovery strategies should be developed to restore hardware, applications and data in time to meet the needs of the business recovery.
Businesses large and small create and manage large volumes of electronic information or data. Much of that data is important. Some data is vital to the survival and continued operation of the business. The impact of data loss or corruption from hardware failure, human error, hacking or malware could be significant. A plan for data backup and restoration of electronic information is essential.
Resources for Information Technology Disaster Recovery Planning
- Computer Security Resource Center - National Institute of Standards and Technology (NIST), Computer Security Division Special Publications
- Contingency Planning Guide for Federal Information Systems - NIST Special Publication 800-34 Rev. 1
- Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities – NIST Special Publication 800-84
- Building An Information Technology Security Awareness and Training Program - NIST Special Publication 800-50
IT Recovery Strategies
Recovery strategies should be developed for Information technology (IT) systems, applications and data. This includes networks, servers, desktops, laptops, wireless devices, data and connectivity. Priorities for IT recovery should be consistent with the priorities for recovery of business functions and processes that were developed during the business impact analysis . IT resources required to support time-sensitive business functions and processes should also be identified. The recovery time for an IT resource should match the recovery time objective for the business function or process that depends on the IT resource.
Information technology systems require hardware, software, data and connectivity. Without one component of the “system,” the system may not run. Therefore, recovery strategies should be developed to anticipate the loss of one or more of the following system components:
- Computer room environment (secure computer room with climate control, conditioned and backup power supply, etc.)
- Hardware (networks, servers, desktop and laptop computers, wireless devices and peripherals)
- Connectivity to a service provider (fiber, cable, wireless, etc.)
- Software applications (electronic data interchange, electronic mail, enterprise resource management, office productivity, etc.)
- Data and restoration
Some business applications cannot tolerate any downtime. They utilize dual data centers capable of handling all data processing needs, which run in parallel with data mirrored or synchronized between the two centers. This is a very expensive solution that only larger companies can afford. However, there are other solutions available for small to medium sized businesses with critical business applications and data to protect.
Internal Recovery Strategies
Many businesses have access to more than one facility. Hardware at an alternate facility can be configured to run similar hardware and software applications when needed. Assuming data is backed up off-site or data is mirrored between the two sites, data can be restored at the alternate site and processing can continue.
Vendor Supported Recovery Strategies
There are vendors that can provide “hot sites” for IT disaster recovery. These sites are fully configured data centers with commonly used hardware and software products. Subscribers may provide unique equipment or software either at the time of disaster or store it at the hot site ready for use.
Data streams, data security services and applications can be hosted and managed by vendors. This information can be accessed at the primary business site or any alternate site using a web browser. If an outage is detected at the client site by the vendor, the vendor automatically holds data until the client’s system is restored. These vendors can also provide data filtering and detection of malware threats, which enhance cyber security.
Developing an IT Disaster Recovery Plan
Businesses should develop an IT disaster recovery plan. It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and wireless devices), software applications and data. The plan should include a strategy to ensure that all critical information is backed up.
Identify critical software applications and data and the hardware required to run them. Using standardized hardware will help to replicate and reimage new hardware. Ensure that copies of program software are available to enable re-installation on replacement equipment. Prioritize hardware and software restoration.
Document the IT disaster recovery plan as part of the business continuity plan . Test the plan periodically to make sure that it works.
Businesses generate large amounts of data and data files are changing throughout the workday. Data can be lost, corrupted, compromised or stolen through hardware failure, human error, hacking and malware. Loss or corruption of data could result in significant business disruption.
Data backup and recovery should be an integral part of the business continuity plan and information technology disaster recovery plan. Developing a data backup strategy begins with identifying what data to backup, selecting and implementing hardware and software backup procedures, scheduling and conducting backups and periodically validating that data has been accurately backed up.
Developing the Data Backup Plan
Identify data on network servers, desktop computers, laptop computers and wireless devices that needs to be backed up along with other hard copy records and information. The plan should include regularly scheduled backups from wireless devices, laptop computers and desktop computers to a network server. Data on the server can then be backed up. Backing up hard copy vital records can be accomplished by scanning paper records into digital formats and allowing them to be backed up along with other digital data.
Options for Data Backup
Tapes, cartridges and large capacity USB drives with integrated data backup software are effective means for businesses to backup data. The frequency of backups, security of the backups and secure off-site storage should be addressed in the plan. Backups should be stored with the same level of security as the original data.
Many vendors offer online data backup services including storage in the “cloud”. This is a cost-effective solution for businesses with an internet connection. Software installed on the client server or computer is automatically backed up.
Data should be backed up as frequently as necessary to ensure that, if data is lost, it is not unacceptable to the business. The business impact analysis should evaluate the potential for lost data and define the “recovery point objective.” Data restoration times should be confirmed and compared with the IT and business function recovery time objectives.
Last Updated: 02/17/2021
Return to top
Business Continuity vs. Disaster Recovery: 5 Key Differences
Fill out the form below and we’ll email you more information about UCF’s online Leadership and Management programs.
- Name * First Last
- Degree * Career and Technical Education, BS Career and Workforce Education, MA College Teaching and Leadership Corrections Leadership Destination Marketing and Management Educational Leadership, MA Emergency and Crisis Management, MECM Engineering Management, MS Event Management Health Informatics and Information Management, BS Health Services Administration, BS Hospitality Management, BS Industrial Engineering, MSIE Local Director of Career & Technical Education Lodging and Restaurant Management, BS Master of Public Administration, MPA Nonprofit Management Nonprofit Management, MNM Police Leadership Project Engineering Public Administration Senior Living Management, BS
- Name This field is for validation purposes and should be left unchanged.
Many professionals operate under the assumption that their workplace will remain largely unchanged from one day to the next, finding comfort in rhythms and routines. Sometimes, however, events disrupt business as usual. A critical aspect of leadership is preparing for those interruptions, creating strategies and plans that can keep core business functions intact even under duress.
Two specific fields address potential business interruptions: business continuity and disaster recovery. These disciplines minimize the impact that a catastrophic event might have on a business’s ability to reliably deliver its products and services.
While both fields are important, and even similar in some aspects, they are not synonymous. There are important differences in business continuity vs. disaster recovery, and those in leadership or emergency preparedness roles can benefit from understanding the core distinctions.
One way to develop a clear understanding of business continuity vs. disaster recovery is through studying emergency management. An online program in this field can offer professionals the skills needed to successfully lead companies through different kinds of crises.
Why Business Continuity and Disaster Recovery Matter
Business continuity outlines exactly how a business will proceed during and following a disaster. It may provide contingency plans, outlining how the business will continue to operate even if it has to move to an alternate location. Business continuity planning may also take into account smaller interruptions or minor disasters, such as extended power outages.
Disaster recovery refers to the plans a business puts into place for responding to a catastrophic event, such as a natural disaster, fire, act of terror, active shooter or cybercrime. Disaster recovery involves the measures a business takes to respond to an event and return to safe, normal operation as quickly as possible.
The Importance of Advanced Planning
When businesses face disasters and don’t have the proper plans in place, the effects can be catastrophic. The most obvious effect is financial loss; the longer a business goes without delivering its products and services, the greater its financial losses. Eventually, these losses may force a business to make tough decisions, such as cutting employees. But there can also be technological consequences, including the loss of important or sensitive data.
Having business continuity and disaster recovery plans in place can help companies minimize the consequences of a catastrophic event. They can also provide peace of mind; employees and business owners alike may feel more comfortable in a work setting where there are clear policies for how to respond to disasters.
In many companies, crisis management professionals are responsible for developing and implementing these plans, evaluating and revising them as needed, and training employees to ensure they know how to follow the specified strategies.
Similarities Between Business Continuity and Disaster Recovery
Business continuity planning and disaster recovery planning often seem interdependent. While the two concepts are not the same, they overlap in some areas and work best when developed in tandem.
- Both are proactive strategies that help a business prepare for sudden, cataclysmic events. Instead of reacting to a disaster, both disciplines take a preemptive approach, seeking to minimize the effects of a catastrophe before it occurs.
- Businesses can use both to prepare for a range of ecological and human-made disasters. Business continuity and disaster recovery are instrumental to preparing for pandemics, natural disasters, wildfires and even cyberattacks.
- Both require regular review, and they may sometimes require revision to ensure they match the company’s evolving goals. An emergency management leader will continually test and modify these plans as needed.
Differences Between Business Continuity and Disaster Recovery
A closer look at business continuity vs. disaster recovery reveals some key distinctions. Ultimately, these differences highlight the fact that businesses need to have plans of both kinds in place to be sufficiently prepared for disaster.
- Business continuity focuses on keeping business operational during a disaster, while disaster recovery focuses on restoring data access and IT infrastructure after a disaster. In other words, the former is concerned with keeping the shop open even in unusual or unfavorable circumstances, while the latter focuses on returning it to normal as expediently as possible.
- Unlike business continuity plans, disaster recovery strategies may involve creating additional employee safety measures, such as conducting fire drills or purchasing emergency supplies. Combining the two allows a business to place equal focus on maintaining operations and ensuring that employees are safe.
- Business continuity and disaster recovery have different goals. Effective business continuity plans limit operational downtime, whereas effective disaster recovery plans limit abnormal or inefficient system function. Only by combining the two plans can businesses comprehensively prepare for disastrous events.
- A business continuity strategy can ensure communication methods such as phones and network servers continue operating in the midst of a crisis. Meanwhile, a disaster recovery strategy helps to ensure an organization’s ability to return to full functionality after a disaster occurs. To put it differently, business continuity focuses on keeping the lights on and the business open in some capacity, while disaster recovery focuses on getting operations back to normal.
- Some businesses may incorporate disaster recovery strategies as part of their overall business continuity plans. Disaster recovery is one step in the broader process of safeguarding a company against all contingencies.
Leadership in Times of Crisis
Crisis management is an important skill for all business leaders. In fact, crisis management draws upon many of the other skills necessary for business success. Analytical and problem-solving skills as well as flexibility in decision making are essential for assessing potential threats and determining how to proactively address them. Communication skills, both verbal and written, are necessary for articulating a plan and training employees on how they should act in response to a crisis.
“Leadership in managing crises can minimize the damage imposed by an incident while lack of effective leadership worsens the impact,” says Naim Kapucu, Pegasus Professor and director of the School of Public Administration at the University of Central Florida (UCF) . “Organizations should have leaders with crisis management competencies to effectively manage disasters and crises based on the contingencies and environmental and organizational factors.”
Crisis management skills matter because any company can experience a catastrophe that limits its ability to function as normal, and often it will have little time to pivot and adapt. “Crises are not a good time to reorganize adequately operating organizational systems, much less try to implement wholesale organizational changes or reforms,” says Kapucu. Having a plan in place, ready to be executed, can make all the difference. The COVID-19 pandemic has brought into stark relief the uncertainty that businesses face and the extreme disruptions that can take place.
Programs such as the University of Central Florida’s online Master of Emergency and Crisis Management can help leaders fortify the knowledge, competencies, and skills they need to help their enterprises weather these times of crisis.
Crisis Management Careers
Crisis management is a key part of several careers. Each of the following positions offers a different level of leadership through tumultuous times.
Emergency Management Director
Emergency management directors develop and execute the plans that businesses follow to respond to natural disasters and other emergencies. Strong analytical, problem-solving, delegation and communication skills are essential. According to the U.S. Bureau of Labor Statistics, the annual median salary for emergency management directors in 2019 was $74,590.
Disaster Program Manager
Disaster program managers may coordinate shelters, manage triage centers or organize other services in the wake of a disaster. These professionals must be skilled in remaining calm under extreme pressure; empathy and understanding are also important. The annual median salary for this role was around $48,000, according to May 2020 PayScale data.
Geographic Systems Information Coordinator
Geographic systems information coordinators use a wide range of data sources, such as land surveys, to help anticipate and prepare for different disasters. Technical skills and data analysis competencies are vital for success in this role. PayScale reports that the annual median salary for these coordinators was around $58,000 as of May 2020.
Emergency Preparedness Manager
Emergency preparedness managers are typically responsible for making sure employees and customers are safe. They may report directly to the emergency preparedness director, whose role is more comprehensive. The annual median salary of emergency preparedness managers was around $69,000 as of May 2020, according to PayScale.
Developing a Career in Emergency Management
Business continuity and disaster recovery plans help businesses prepare for worst-case scenarios; they provide peace of mind, a sense of stability and key safeguards against major loss and disruption. The University of Central Florida’s online Master of Emergency and Crisis Management (MECM) degree program helps professionals prepare for this important work.
The MECM curriculum exposes students to key emergency management skills, including developing, testing and communicating plans. It emphasizes the financial, ethical, political and practical dimensions of disaster response. Find out more about the MECM degree program today and embark on a new career on the front lines of crisis management.
Online Leadership and Management Degrees at UCF
- Career and Technical Education, BS
- Career and Workforce Education, MA
- College Teaching and Leadership
- Corrections Leadership
- Destination Marketing and Management
- Educational Leadership, MA
- Emergency and Crisis Management, MECM
- Engineering Management, MS
- Event Management
- Health Informatics and Information Management, BS
- Health Services Administration, BS
- Hospitality Management, BS
- Industrial Engineering, MSIE
- Local Director of Career & Technical Education
- Lodging and Restaurant Management, BS
- Master of Public Administration, MPA
- Nonprofit Management
- Nonprofit Management, MNM
- Police Leadership
- Project Engineering
- Public Administration
- Senior Living Management, BS
You May Also Enjoy
- en Português Italiano Français Español Deutsch
The Key Differences Between a Disaster Recovery Plan vs. a Business Continuity Plan
As a managed services provider (MSP), you may have been asked for your recommendation on whether to implement a disaster recovery plan or a business continuity plan. At face value, these two terms have a lot in common—they both share the long-term goal of keeping your business up and running. There are, however, key differences between the purposes of a business disaster recovery plan versus a business continuity plan, which is why it’s so important for businesses to prepare both. Your customers should know that these two plans are not interchangeable, because they each perform a specific role.
Manage large networks or scale IT operations with RMM made for growing service providers.
To help you answer this question for your customers, this guide will outline the key differences between a disaster recovery plan, sometimes called a data recovery plan, and a business continuity plan . It will also explain the importance of each and how to go about creating them.
What is a business continuity plan?
A business continuity plan is a broad plan designed to keep a business running, even in the event of a disaster. This plan focuses on the business as a whole, but drills down to specific scenarios that might create operational risks. With business continuity planning, the aim is to keep critical operations functioning, so that your business can continue to conduct regular business activities even under unusual circumstances.
When followed correctly, a business continuity plan should be able to continue to provide services to customers, with minimal disruption, either during or immediately after a disaster. A comprehensive plan should also address the needs of business partners and vendors.
The continuity plan itself should live as a written document that outlines the business’ critical functions. This is likely to include a list of critical supplies, crucial business functions, copies of important records, and employee contact information. The information included in the plan should allow the business to be up and running as soon as possible after a disruptive event has occurred.
What is a disaster recovery plan?
A disaster or data recovery plan is a more focused, specific part of the wider business continuity plan. The scope of a disaster recovery plan is sometimes narrowed to focus on the data and information systems of a business. In the simplest of terms, a disaster recovery plan is designed to save data with the sole purpose of being able to recover it quickly in the event of a disaster. With this aim in mind, disaster recovery plans are usually developed to address the specific requirements of the IT department to get back up and running—which ultimately affects the business as a whole.
Depending on the type of disaster that occurs, the plan could involve everything from recovering a small data set to an entire datacenter. Most businesses are heavily reliant on information technology, which is why the disaster recovery plan is such an important part of successful business continuity planning.
In some cases, disaster recovery planning may also refer to protocols that exist outside the IT department. For example, disaster recovery plans could include steps for recovery personnel to seek a backup business location so that critical operations can be resumed. This might be useful in the event of an environmental disaster, such as flooding, which might render the existing business premises unusable. The plan might also include guidance on how to restore communication between emergency staff if the usual communication lines are unavailable. If your IT department is creating an IT-focused plan, you should include all non-IT recovery protocols in the wider business continuity plan.
A disaster recovery plan vs. business continuity plan
To summarize, disaster recovery refers to the way data, servers, files, software applications, and operating systems are restored following a damaging event. In contrast, business continuity refers to the way a business maintains operations during a time of technological malfunction or outage. In other words, a disaster or data recovery plan dictates how a business should respond to a disaster, while a business continuity plan dictates how a business can continue to operate throughout a disaster.
What specific ways can disaster recovery plans be tested?
To help ensure that any disaster recovery plan can hold its own in the event of a real disaster, it’s advisable to run a series of disaster recovery tests. Here are five common types of disaster recovery tests:
- Paper test: individuals in your IT department read and annotate recovery plans to flag any issues
- Walkthrough test: in a group, your IT department walks through the plans to identify any problems and recommend changes
- Simulation: your IT department simulates a disaster to determine whether the response plans are appropriate
- Parallel test: recovery systems are implemented and tested to see if they can perform actual business transactions in the event of a disaster. Primary systems still carry the full production workload
- Cutover test: primary systems are disconnected and recovery systems are implemented and assume the full production workload to see if they can perform business operations in the event of a disaster
What should you include in a disaster recovery plan?
A disaster recovery plan should encompass all the procedures, technologies, and objectives necessary for making a rapid recovery after a disaster. At minimum, your plan should account for the following:
- Recovery technologies: all systems currently implemented, or those that should be, in support of recovery
- Recovery time objective (RTO) : this refers to your desired timeframe for completing recovery before the situation becomes critical
- Recovery point objective (RPO) : RPO refers to the age of data backups—it’s the desired recovery point for restoring data from a backup
- Recovery protocols: these protocols should identify who does what in the event of a disaster, including clearly defined roles and how you expect recovery personnel to communicate with each other
- Vendors, suppliers, and other third parties: your plan should include a list of any parties who may be needed to support recovery, as well as their emergency contact details
- Recovery testing: outline periodic tests and mock disaster scenarios to confirm your recovery systems work as they should
Your disaster recovery plan and all the above facets should be updated regularly to help ensure that it remains accurate, as you never know when disaster might strike.
What does a business continuity plan typically include?
Your business continuity plan should act as a single, multifaceted document for managing every aspect of disaster preparedness in your business.
A typical business continuity plan will usually require the following sections:
- Contact details: specifically for those who developed the plan, as well as any key recovery personnel
- Plan objectives: describes the overall aim of the plan and what it will try to accomplish
- Risk assessment: this involves conducting a thorough assessment of disaster scenarios, their likelihood, and their impact
- Impact analysis: an outline of how each possible disaster scenario could impact your business (i.e., costs of repair, disruption to services, etc.)
- Prevention: steps and systems for helping prevent each of the disasters listed, such as implementing anti malware to prevent cyberattacks
- Response: this section should detail how the business will respond to each disaster to minimize the impact
- Areas for improvement: any weaknesses identified during the creation of the plan, as well as recommended solutions
- Contingencies: a list of secondary backup assets, such as a backup office location to be used in the event of a disaster
- Communication: protocols for maintaining communication with recovery personnel, such as a text alert system
Choosing the right disaster recovery and business continuity software
Devising a disaster recovery and business continuity plan is a time-consuming, complicated, and ongoing process. For MSPs, creating these types of plans is even more of a challenge, as they typically manage the recovery and continuity strategy for multiple customers. To do this effectively, it’s crucial that MSPs have access to reliable software so they can manage their approach to business continuity and disaster recovery in a cost-efficient and streamlined way.
N-able ® N-central ® helps MSPs tackle disaster recovery and business continuity with an all-in-one solution. N-central is a powerful option because it provides a scalable solution to disaster recovery and business continuity planning—alongside a whole slew of other critical MSP capabilities. N-central includes the capabilities necessary for MSPs to effectively manage complex networks with maximum precision—all from one powerful dashboard.
This remote monitoring and management tool offers a range of backup management features to support effective disaster recovery and business continuity . This includes cloud and on-premises backup, bare metal recovery, virtual machine support, private keys, data archiving, and more. By having such features alongside patch management, network topology mapping , remote monitoring, and more, MSPs gain access to a single dashboard that allows them to offer more streamlined customer services. To learn more, a 30-day free trial of N-central is available.
Want to stay up to date?
Get the latest MSP tips, tricks, and ideas sent to your inbox each week.
If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.
If this issue persists, please visit our Contact Sales page for local phone numbers.
Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site
- Bahasa Indonesia
- Sign out of AWS Builder ID
- AWS Management Console
- Account Settings
- Billing & Cost Management
- Security Credentials
- AWS Personal Health Dashboard
- Support Center
- Knowledge Center
- AWS Support Overview
- AWS re:Post
- What is Cloud Computing?
- Cloud Computing Concepts Hub
What Is Disaster Recovery?
What is disaster recovery.
Disaster recovery is the process by which an organization anticipates and addresses technology-related disasters. IT systems in any company can go down unexpectedly due to unforeseen circumstances, such as power outages, natural events, or security issues. Disaster recovery includes a company's procedures and policies to recover quickly from such events.
Why is disaster recovery important?
A disaster is an unexpected problem resulting in a slowdown, interruption, or network outage in an IT system. Outages come in many forms, including the following examples:
- An earthquake or fire
- Technology failures
- System incompatibilities
- Simple human error
- Intentional unauthorized access by third parties
These disasters disrupt business operations, cause customer service problems, and result in revenue loss. A disaster recovery plan helps organizations respond promptly to disruptive events and provides key benefits.
Ensures business continuity
When a disaster strikes, it can be detrimental to all aspects of the business and is often costly. It also interrupts normal business operations, as the team’s productivity is reduced due to limited access to tools they require to work. A disaster recovery plan prompts the quick restart of backup systems and data so that operations can continue as scheduled.
Enhances system security
Integrating data protection, backup, and restoring processes into a disaster recovery plan limits the impact of ransomware, malware, or other security risks for business. For example, data backups to the cloud have numerous built-in security features to limit suspicious activity before it impacts the business.
Improves customer retention
If a disaster occurs, customers question the reliability of an organization’s security practices and services. The longer a disaster impacts a business, the greater the customer frustration. A good disaster recovery plan mitigates this risk by training employees to handle customer inquiries. Customers gain confidence when they observe that the business is well-prepared to handle any disaster.
Reduces recovery costs
Depending on its severity, a disaster causes both loss of income and productivity. A robust disaster recovery plan avoids unnecessary losses as systems return to normal soon after the incident. For example, cloud storage solutions are a cost-effective data backup method. You can manage, monitor, and maintain data while the business operates as usual.
How does disaster recovery work?
Disaster recovery focuses on getting applications up and running within minutes of an outage. Organizations address the following three components.
To reduce the likelihood of a technology-related disaster, businesses need a plan to ensure that all key systems are as reliable and secure as possible. Because humans cannot control a natural disaster, prevention only applies to network problems, security risks, and human errors. You must set up the right tools and techniques to prevent disaster. For example, system-testing software that auto-checks all new configuration files before applying them can prevent configuration mistakes and failures.
Anticipation includes predicting possible future disasters, knowing the consequences, and planning appropriate disaster recovery procedures. It is challenging to predict what can happen, but you can come up with a disaster recovery solution with knowledge from previous situations and analysis. For example, backing up all critical business data to the cloud in anticipation of future hardware failure of on-premises devices is a pragmatic approach to data management.
Mitigation is how a business responds after a disaster scenario. A mitigation strategy aims to reduce the negative impact on normal business procedures. All key stakeholders know what to do in the event of a disaster, including the following steps.
- Updating documentation
- Conducting regular disaster recovery testing
- Identifying manual operating procedures in the event of an outage
- Coordinating a disaster recovery strategy with corresponding personnel
What are the key elements of a disaster recovery plan?
An effective disaster recovery plan includes the following key elements.
Internal and external communication
The team responsible for creating, implementing, and managing the disaster recovery plan must communicate with each other about their roles and responsibilities. If a disaster happens, the team should know who is responsible for what and how to communicate with employees, customers, and each other.
The disaster recovery team must decide on goals and time frames for when systems should be back to normal operations after a disaster. Some industries’ timelines may be longer than others, while others need to be back to normal in a matter of minutes.
The timeline should address the following two objectives.
Recovery time objective
The recovery time objective (RTO) is a metric that determines the maximum amount of time that passes before you complete disaster recovery. Your RTOs may vary depending on impacted IT infrastructure and systems.
Recovery point objective
A recovery point objective (RPO) is the maximum amount of time acceptable for data loss after a disaster. For example, if your RPO is minutes or hours, you will have to back up your data constantly to mirror sites instead of just once at the end of the day.
The disaster recovery plan determines how you back up your data. Options include cloud storage, vendor-supported backups, and internal offsite data backups. To account for natural disaster events, backups should not be onsite. The team should determine who will back up the data, what information will be backed up, and how to implement the system.
Testing and optimization
You must test your disaster recovery plan at least once or twice per year. You can document and fix any gaps that you identify in these tests. Similarly, you should update all security and data protection strategies frequently to prevent inadvertent unauthorized access.
How can you create a disaster recovery team?
A disaster recovery team includes a collaborative team of experts, such as IT specialists and individuals in leadership roles, who will be crucial to the team. You should have somebody on the team who takes care of the following key areas.
The individual in charge of crisis management implements the disaster recovery plan right away. They communicate with other team members and customers, and they coordinate the disaster recovery process.
The business continuity manager ensures that the disaster recovery plan aligns with results from business impact analysis. They include business continuity planning in the disaster recovery strategy.
Impact recovery and assessment
Impact assessment managers are experts in IT infrastructure and business applications. They assess and fix network infrastructure, servers, and databases. They also manage other disaster recovery tasks, such as the following examples.
- Application integrations
- Data consistency maintenance
- Application settings and configuration
What are the best disaster recovery methods?
When disaster recovery planning, businesses implement one or several of the following methods.
Backing up data is one of the easiest methods of disaster recovery that all businesses implement. Backing up important data entails storing data offsite, in the cloud, or on a removable drive. You should back up data frequently to keep it up to date. For example, by backing up to AWS , businesses get a flexible and scalable infrastructure that protects all data types.
Data center disaster recovery
In the event of certain types of natural disasters, appropriate equipment can protect your data center and contribute to rapid disaster recovery. For example, fire suppression tools help equipment and data survive through a blaze, and backup power sources support businesses’ continuity in case of power failure. Similarly, AWS data centers have innovative systems that protect them from human-made and natural risks.
Businesses back up their data and operations using offsite virtual machines (VMs) not affected by physical disasters. With virtualization as part of the disaster recovery plan, businesses automate some processes, recovering faster from a natural disaster. The continuous transfer of data and workloads to VMs like Amazon Elastic Compute Cloud (Amazon EC2) is essential for effective virtualization.
Disaster recovery as a service
Disaster recovery services like AWS Elastic Disaster Recovery can move a company’s computer processing and critical business operations to its own cloud services in the event of a disaster. Therefore, normal operations can continue from the provider’s location, even if on-premises servers are down. Elastic Disaster Recovery also protects from Regions in the cloud going down.
In the event of a natural disaster, a company moves its operations to another rarely used physical location, called a cold site. This way, employees have a place to work, and business functions can continue as normal. This type of disaster recovery does not protect or recover important data, so another disaster recovery method must be used alongside this one.
How can AWS help with disaster recovery?
Elastic Disaster Recovery is a disaster recovery service that reduces downtime and data loss with the fast, reliable recovery of on-premises and cloud-based applications. It can decrease your RPO to seconds and RTO to just a few minutes. You can quickly recover operations after unexpected events, such as software issues or data center hardware failures. It is also a flexible solution, so you can add or remove replicating servers and test various applications without specialized skill sets.
Elastic Disaster Recovery includes the following benefits.
- Reduces costs by removing idle recovery site resources, so you pay for the full disaster recovery site only when needed
- Converts cloud-based applications to run natively on AWS
- Restores applications within minutes, at their most up-to-date state, or from a previous point in time in case of security incidents
Get started with disaster recovery on AWS by creating an AWS account today.
A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident.
A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to
A disaster recovery (DR) plan is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such
What Is a Disaster Recovery Plan? · Recovery Time Objective (RTO) and Recovery Point Objective (RPO) · Hardware and Software Inventory · Identify Personnel Roles
While a business continuity plan focuses on defining how business operations should function under abnormal circumstances during a disaster or
Businesses should develop an IT disaster recovery plan. It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and
Business continuity and disaster recovery have different goals. Effective business continuity plans limit operational downtime, whereas effective disaster
A business continuity plan is a broad plan designed to keep a business running, even in the event of a disaster. This plan focuses on the
9 steps to create a small business disaster recovery plan · 1. Create an emergency response plan · 2. Develop a business continuity plan · 3.
A robust disaster recovery plan avoids unnecessary losses as systems return to normal soon after the incident. For example, cloud storage solutions are a cost-