• Español – América Latina
  • Português – Brasil

What is a Disaster Recovery Plan?

Disaster recovery (DR) is an organization’s ability to restore access and functionality to IT infrastructure after a disaster event, whether natural or caused by human action (or error). DR is considered a subset of business continuity, explicitly focusing on ensuring that the IT systems that support critical business functions are operational as soon as possible after a disruptive event occurs.

Today, disaster recovery planning is crucial for any business, especially those operating either partially or entirely in the cloud. Disasters that interrupt service and cause data loss can happen anytime without warning—your network could have an outage, a critical bug could get released, or your business might have to weather a natural disaster. Organizations with robust and well-tested disaster recovery strategies can minimize the impact of disruptions, achieve faster recovery times, and resume core operations rapidly when things go awry.   

Learn more about Google Cloud backup and disaster recovery features and products and how they can be used to build the right DR solution for your business.

IT disaster recovery defined

IT disaster recovery is a portfolio of policies, tools, and processes used to recover or continue operations of critical IT infrastructure, software, and systems after a natural or human-made disaster.

The first and foremost aspect of a disaster recovery plan is cloud. The cloud is considered the best solution for both business continuity and disaster recovery. The cloud eliminates the need to run a separate disaster recovery data center (or recovery site). 

What is a disaster recovery site? 

It’s a second, physical data center that’s costly to build and maintain—and with the cloud, made unnecessary.

What is considered a disaster?

Dr planning and strategies focus on responding to and recovering from disasters—events that disrupt or completely stop a business from operating..

While these events can be natural disasters like a hurricane, they can also be caused by a severe system failure, an intentional attack, or even human error. 

Types of disasters can include: 

  • Natural disasters (for example, earthquakes, floods, tornados, hurricanes, or wildfires)
  • Pandemics and epidemics
  • Cyber attacks (for example, malware, DDoS, and ransomware attacks)
  • Other intentional, human-caused threats such as terrorist or biochemical attacks
  • Technological hazards (for example, power outages, pipeline explosions, and transportation accidents)
  • Machine and hardware failure 

Importance of disaster recovery

Technology plays an increasingly important role in every aspect of business, with applications and services enabling companies to be more agile, available, and connected. This trend has contributed to the widespread adoption of cloud computing by organizations to drive growth, innovation, and exceptional customer experience. 

However, the migration to cloud environments—public, private, hybrid, or multicloud—and the rise of remote workforces are introducing more infrastructure complexity and potential risks. Disaster recovery for cloud-based systems is critical to an overall business continuity strategy. A system breakdown or unplanned downtime can have serious consequences for enterprises that rely heavily on cloud-based resources, applications, documents, and data storage to keep things running smoothly. 

In addition, data privacy laws and standards stipulate that most organizations are now required to have a disaster recovery strategy. Failure to follow DR plans can result in compliance violations and steep regulatory fines. 

Every business needs to be able to recover quickly from any event that stops day-to-day operations, no matter what industry or size. Without a disaster recovery plan, a company can suffer data loss, reduced productivity, out-of-budget expenses, and reputational damage that can lead to lost customers and revenue. 

How disaster recovery works

Disaster recovery relies on having a solid plan to get critical applications and infrastructure up and running after an outage—ideally within minutes..

An effective DR plan addresses three different elements for recovery: 

  • Preventive: Ensuring your systems are as secure and reliable as possible, using tools and techniques to prevent a disaster from occurring in the first place. This may include backing up critical data or continuously monitoring environments for configuration errors and compliance violations. 
  • Detective: For rapid recovery, you’ll need to know when a response is necessary. These measures focus on detecting or discovering unwanted events as they happen in real time. 
  • Corrective: These measures are aimed at planning for potential DR scenarios, ensuring backup operations to reduce impact, and putting recovery procedures into action to restore data and systems quickly when the time comes. 

Typically, disaster recovery involves securely replicating and backing up critical data and workloads to a secondary location or multiple locations—disaster recovery sites. A disaster recovery site can be used to recover data from the most recent backup or a previous point in time. Organizations can also switch to using a DR site if the primary location and its systems fail due to an unforeseen event until the primary one is restored.

Types of disaster recovery

The types of disaster recovery you’ll need will depend on your it infrastructure, the type of backup and recovery you use, and the assets you need to protect..

Here are some of the most common technologies and techniques used in disaster recovery: 

  • Backups: With backups, you back up data to an offsite system or ship an external drive to an offsite location. However, backups do not include any IT infrastructure, so they are not considered a full disaster recovery solution. 
  • Backup as a service (BaaS): Similar to remote data backups, BaaS solutions provide regular data backups offered by a third-party provider. 
  • Disaster recovery as a service (DRaaS): Many cloud providers offer DRaaS, along with cloud service models like IaaS and PaaS . A DRaaS service model allows you to back up your data and IT infrastructure and host them on a third-party provider’s cloud infrastructure. During a crisis, the provider will implement and orchestrate your DR plan to help recover access and functionality with minimal interruption to operations.  
  • Point-in-time snapshots: Also known as point-in-time copies, snapshots replicate data, files, or even an entire database at a specific point in time. Snapshots can be used to restore data as long as the copy is stored in a location unaffected by the event. However, some data loss can occur depending on when the snapshot was made. 
  • Virtual DR: Virtual DR solutions allow you to back up operations and data or even create a complete replica of your IT infrastructure and run it on offsite virtual machines (VMs). In the event of a disaster, you can reload your backup and resume operation quickly. This solution requires frequent data and workload transfers to be effective. 
  • Disaster recovery sites: These are locations that organizations can temporarily use after a disaster event, which contain backups of data, systems, and other technology infrastructure.

Benefits of disaster recovery

Stronger business continuity.

Every second counts when your business goes offline, impacting productivity, customer experience, and your company’s reputation. Disaster recovery helps safeguard critical business operations by ensuring they can recover with minimal or no interruption. 

Enhanced security

DR plans use data backup and other procedures that strengthen your security posture and limit the impact of attacks and other security risks. For example, cloud-based disaster recovery solutions offer built-in security capabilities, such as advanced encryption, identity and access management, and organizational policy. 

Faster recovery

Disaster recovery solutions make restoring your data and workloads easier so you can get business operations back online quickly after a catastrophic event. DR plans leverage data replication and often rely on automated recovery to minimize downtime and data loss.

Reduced recovery costs

The monetary impacts of a disaster event can be significant, ranging from loss of business and productivity to data privacy penalties to ransoms. With disaster recovery, you can avoid, or at least minimize, some of these costs. Cloud DR processes can also reduce the operating costs of running and maintaining a secondary location.

High availability

Many cloud-based services come with high availability (HA) features that can support your DR strategy. HA capabilities help ensure an agreed level of performance and offer built-in redundancy and automatic failover, protecting data against equipment failure and other smaller-scale events that may impact data availability. 

Better compliance

DR planning supports compliance requirements by considering potential risks and defining a set of specific procedures and protections for your data and workloads in the event of a disaster. This usually includes strong data backup practices, DR sites, and regularly testing your DR plan to ensure that your organization is prepared. 

Planning a disaster recovery strategy

A comprehensive disaster recovery strategy should include detailed emergency response requirements, backup operations, and recovery procedures. DR strategies and plans often help form a broader business continuity strategy, which includes contingency plans to mitigate impact beyond IT infrastructure and systems, allowing all business areas to resume normal operations as soon as possible. 

When it comes to creating disaster recovery strategies, you should carefully consider the following key metrics: 

  • Recovery time objective (RTO): The maximum acceptable length of time that systems and applications can be down without causing significant damage to the business. For example, some applications can be offline for an hour, while others might need to recover in minutes.
  • Recovery point objective (RPO) : The maximum age of data you need to recover to resume operations after a major event. RPO helps to define the frequency of backups. 

These metrics are particularly useful when conducting risk assessments and business impact analysis (BIA) for potential disasters, from moderate to worst-case scenarios. Risk assessments and BIAs evaluate all functional areas of a business and the consequences of any risks, which can help define DR goals and the actions needed to achieve them before or after an event occurs. 

When creating your recovery strategy, it’s useful to consider your RTO and RPO values and pick a DR pattern that will enable you to meet those values and your overall goals. Typically, the smaller your values (or the faster your applications need to recover after an interruption), the higher the cost to run your application. 

Cloud disaster recovery can greatly reduce the costs of RTO and RPO when it comes to fulfilling on-premises requirements for capacity, security, network infrastructure, bandwidth, support, and facilities. A highly managed service on Google Cloud can help you avoid most, if not all, complicating factors and allow you to reduce many business costs significantly. 

For more guidance on using Google Cloud to address disaster recovery, you can read our Disaster recovery planning guide or contact your account manager for help with creating a DR plan.

Solve your business challenges with Google Cloud

What is disaster recovery used for, ensure business resilience.

No matter what happens, a good DR plan can ensure that the business can return to full operations rapidly, without losing data or transactions.

Maintain competitiveness

When a business goes offline, customers are rarely loyal. They turn to competitors to get the goods or services they require. A DR plan prevents this.

Avoid regulatory risks

Many industries have regulations dictating where data can be stored and how it must be protected. Heavy fines result if these mandates are not met.

Avoid data loss

The longer a business’s systems are down, the greater the risk that data will be lost. A robust DR plan minimizes this risk.

Keep customers happy

Meeting customer service level agreements (SLAs) is always a priority. A well-executed DR plan can help businesses achieve SLAs despite challenges.

Maintain reputation

A business that has trouble resuming operations after an outage can suffer brand damage. For that reason, a solid DR plan is critical.

Related products and services

Google offers many products that can be used as building blocks when creating a secure and reliable DR plan, including Cloud Storage .

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Start your next project, explore interactive tutorials, and manage your account.

  • Need help getting started? Contact sales
  • Work with a trusted partner Find a partner
  • Continue browsing See all products
  • Get tips & best practices See tutorials
  • Bahasa Indonesia
  • Sign out of AWS Builder ID
  • AWS Management Console
  • Account Settings
  • Billing & Cost Management
  • Security Credentials
  • AWS Personal Health Dashboard
  • Support Center
  • Expert Help
  • Knowledge Center
  • AWS Support Overview
  • AWS re:Post
  • What is Cloud Computing?
  • Cloud Computing Concepts Hub

What is Disaster Recovery?

Disaster recovery is the process by which an organization anticipates and addresses technology-related disasters. The process of preparing for and recovering from any event that prevents a workload or system from fulfilling its business objectives in its primary deployed location, such as power outages, natural events, or security issues. Disaster recovery targets are measured with Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO). The failures handled by disaster recovery tend to be rarer than those covered by high availability and are larger scale disaster events. Disaster recovery includes an organization's procedures and policies to recover quickly from such events.

Why is disaster recovery important?

A disaster is an unexpected problem resulting in a slowdown, interruption, or network outage in an IT system. Outages come in many forms, including the following examples:

  • An earthquake or fire
  • Technology failures
  • System incompatibilities
  • Simple human error 
  • Intentional unauthorized access by third parties

These disasters disrupt business operations, cause customer service problems, and result in revenue loss. A disaster recovery plan helps organizations respond promptly to disruptive events and provides key benefits.

Ensures business continuity

When a disaster strikes, it can be detrimental to all aspects of the business and is often costly. It also interrupts normal business operations, as the team’s productivity is reduced due to limited access to tools they require to work. A disaster recovery plan prompts the quick restart of backup systems and data so that operations can continue as scheduled. 

Enhances system security

Integrating data protection, backup, and restoring processes into a disaster recovery plan limits the impact of ransomware, malware, or other security risks for business. For example, data backups to the cloud have numerous built-in security features to limit suspicious activity before it impacts the business. 

Improves customer retention

If a disaster occurs, customers question the reliability of an organization’s security practices and services. The longer a disaster impacts a business, the greater the customer frustration. A good disaster recovery plan mitigates this risk by training employees to handle customer inquiries. Customers gain confidence when they observe that the business is well-prepared to handle any disaster. 

Reduces recovery costs

Depending on its severity, a disaster causes both loss of income and productivity. A robust disaster recovery plan avoids unnecessary losses as systems return to normal soon after the incident. For example, cloud storage solutions are a cost-effective data backup method. You can manage, monitor, and maintain data while the business operates as usual. 

How does disaster recovery work?

Disaster recovery focuses on getting applications up and running within minutes of an outage. Organizations address the following three components.

To reduce the likelihood of a technology-related disaster, businesses need a plan to ensure that all key systems are as reliable and secure as possible. Because humans cannot control a natural disaster, prevention only applies to network problems, security risks, and human errors. You must set up the right tools and techniques to prevent disaster. For example, system-testing software that auto-checks all new configuration files before applying them can prevent configuration mistakes and failures. 

Anticipation

Anticipation includes predicting possible future disasters, knowing the consequences, and planning appropriate disaster recovery procedures. It is challenging to predict what can happen, but you can come up with a disaster recovery solution with knowledge from previous situations and analysis. For example, backing up all critical business data to the cloud in anticipation of future hardware failure of on-premises devices is a pragmatic approach to data management.

Mitigation is how a business responds after a disaster scenario. A mitigation strategy aims to reduce the negative impact on normal business procedures. All key stakeholders know what to do in the event of a disaster, including the following steps.

  • Updating documentation
  • Conducting regular disaster recovery testing
  • Identifying manual operating procedures in the event of an outage
  • Coordinating a disaster recovery strategy with corresponding personnel

what is a disaster recovery plan it

What are the key elements of a disaster recovery plan?

An effective disaster recovery plan includes the following key elements. 

Internal and external communication

The team responsible for creating, implementing, and managing the disaster recovery plan must communicate with each other about their roles and responsibilities. If a disaster happens, the team should know who is responsible for what and how to communicate with employees, customers, and each other. 

Recovery timeline

The disaster recovery team must decide on goals and time frames for when systems should be back to normal operations after a disaster. Some industries’ timelines may be longer than others, while others need to be back to normal in a matter of minutes. 

The timeline should address the following two objectives.

Recovery time objective 

The recovery time objective (RTO) is a metric that determines the maximum amount of time that passes before you complete disaster recovery. Your RTOs may vary depending on impacted IT infrastructure and systems.

Recovery point objective

A recovery point objective (RPO) is the maximum amount of time acceptable for data loss after a disaster. For example, if your RPO is minutes or hours, you will have to back up your data constantly to mirror sites instead of just once at the end of the day.

Data backups

The disaster recovery plan determines how you back up your data. Options include cloud storage, vendor-supported backups, and internal offsite data backups. To account for natural disaster events, backups should not be onsite. The team should determine who will back up the data, what information will be backed up, and how to implement the system.

Testing and optimization 

You must test your disaster recovery plan at least once or twice per year. You can document and fix any gaps that you identify in these tests. Similarly, you should update all security and data protection strategies frequently to prevent inadvertent unauthorized access.

How can you create a disaster recovery team?

A disaster recovery team includes a collaborative team of experts, such as IT specialists and individuals in leadership roles, who will be crucial to the team. You should have somebody on the team who takes care of the following key areas.

Crisis management

The individual in charge of crisis management implements the disaster recovery plan right away. They communicate with other team members and customers, and they coordinate the disaster recovery process. 

Business continuity

The business continuity manager ensures that the disaster recovery plan aligns with results from business impact analysis. They include business continuity planning in the disaster recovery strategy. 

Impact recovery and assessment

Impact assessment managers are experts in IT infrastructure and business applications. They assess and fix network infrastructure, servers, and databases. They also manage other disaster recovery tasks, such as the following examples.

  • Application integrations
  • Data consistency maintenance
  • Application settings and configuration

What are the best disaster recovery methods?

When disaster recovery planning, businesses implement one or several of the following methods.

Backing up data is one of the easiest methods of disaster recovery that all businesses implement. Backing up important data entails storing data offsite, in the cloud, or on a removable drive. You should back up data frequently to keep it up to date. For example, by backing up to AWS , businesses get a flexible and scalable infrastructure that protects all data types. 

Data center disaster recovery

In the event of certain types of natural disasters, appropriate equipment can protect your data center and contribute to rapid disaster recovery. For example, fire suppression tools help equipment and data survive through a blaze, and backup power sources support businesses’ continuity in case of power failure. Similarly, AWS data centers have innovative systems that protect them from human-made and natural risks.

Virtualization 

Businesses back up their data and operations using offsite virtual machines (VMs) not affected by physical disasters. With virtualization as part of the disaster recovery plan, businesses automate some processes, recovering faster from a natural disaster. The continuous transfer of data and workloads to VMs like Amazon Elastic Compute Cloud (Amazon EC2) is essential for effective virtualization. 

Disaster recovery as a service

Disaster recovery services like AWS Elastic Disaster Recovery can move a company’s computer processing and critical business operations to its own cloud services in the event of a disaster. Therefore, normal operations can continue from the provider’s location, even if on-premises servers are down. Elastic Disaster Recovery also protects from Regions in the cloud going down. 

In the event of a natural disaster, a company moves its operations to another rarely used physical location, called a cold site. This way, employees have a place to work, and business functions can continue as normal. This type of disaster recovery does not protect or recover important data, so another disaster recovery method must be used alongside this one.    

How can AWS help with disaster recovery?

Elastic Disaster Recovery is a disaster recovery service that reduces downtime and data loss with the fast, reliable recovery of on-premises and cloud-based applications. It can decrease your RPO to seconds and RTO to just a few minutes. You can quickly recover operations after unexpected events, such as software issues or data center hardware failures. It is also a flexible solution, so you can add or remove replicating servers and test various applications without specialized skill sets.

Elastic Disaster Recovery includes the following benefits.

  • Reduces costs by removing idle recovery site resources, so you pay for the full disaster recovery site only when needed
  • Converts cloud-based applications to run natively on AWS
  • Restores applications within minutes, at their most up-to-date state, or from a previous point in time in case of security incidents

Get started with disaster recovery on AWS by creating an AWS account today. 

Next steps on AWS

what is a disaster recovery plan it

Ending Support for Internet Explorer

  • Skip to content
  • Skip to search
  • Skip to footer

What Is Disaster Recovery?

disaster recovery plan

Disaster recovery (DR) is the process an organization implements to recover from a security event that disrupts its technology operations. Developing an IT disaster recovery plan (DRP) allows organizations to resume operations quickly after a security event.  

  • Cisco Talos cybersecurity response
  • Cisco crisis response

Contact Cisco

  • Get a call from Sales

Call Sales:

  • 1-800-553-6387
  • US/CAN | 5am-5pm PT
  • Product / Technical Support
  • Training & Certification

Why is disaster recovery important?

Unexpected disasters can result in outages that impact networked IT systems. Cyberattacks, tech and equipment failures, natural disasters, and power outages are examples of disasters. The most important part of disaster recovery is having a safety plan in place that will help minimize disruption of business operations, customer frustration, data loss, and expensive recovery costs. Developing a plan beforehand reduces chaos during an event, when response time is critical.

Cisco Crisis Response global relief response teams respond in the event of an emergency such as a natural disaster or humanitarian relief crisis. 

Cisco Talos cybersecurity response teams are professionals who can assist in the event of a security breach such as a cyberattack. This emergency task force assists with active incidents and provides proactive services to strengthen cybersecurity resilience. 

What are potential impacts of a disaster or attack?

Cyberattacks are disasters. Just like any disaster, some of the impacts due to downtime from a disaster include:

  • Impact to your organization and your customers' organization due to system downtime
  • Loss of customer confidence from systems outages Impact on brand integrity
  • Loss of employee confidence
  • Diversion of resources from business-critical projects Financial loss such as reduction in stock price
  • Subject to legal action, due to reliability issues in your service level agreement (SLA)
  • Revocation of security accreditations
  • Other unforeseeable impacts to the business

What is an IT disaster recovery plan?

We encourage organizations to develop a disaster-response and recovery plan, a set of well-documented policies and processes to follow in response to security incidents and other disruptive events. The purpose of a disaster-recovery plan is to help you mitigate the impact of events and resume operations as quickly as possible. Make sure it is up to date and tested. The following are detailed points to consider when generating your plan.

What is included in a DRP?

An plan often includes:

  • Recovery time objective (RTO)
  • Recovery point objective (RPO)
  • Personnel involved and their roles
  • Inventories of equipment, hardware, software, networks, and systems
  • Data backup and recovery procedures
  • Steps to restore and recover systems

What is the difference between BCP and DRP?

Though sometimes used interchangeably, business continuity planning (BCP) is different from disaster recovery planning (DRP). BCP focuses on keeping all aspects of a business running after a disaster, while DRP is an essential technology component of a BCP for recovering IT systems after a disaster.

What is the 3-2-1 rule for data backup?

The 3-2-1 rule is a data backup and disaster recovery strategy for maintaining three complete copies of your data on two different types of storage, with one physical copy stored offsite. A backup and restore strategy is an important element of an emergency preparedness checklist.

Example of disaster recovery plan

Disaster recovery procedures.

A disaster recovery plan describes procedures to follow in response to three main elements of disaster recovery:

  • Physical damage to data, systems, or equipment
  • Data backup, including last-minute backups
  • Recovery of data assets from backups

Disaster-recovery goals

An IT disaster-recovery policy typically includes timeline goals for recovery, such as recovery point objectives (RPO) and recovery time objectives (RTO). RPO indicates how often a backup should be performed and the maximum acceptable age of a backup file, while RTO is the maximum amount of system downtime that doesn't cause significant business damage. 

Personnel and responsibilities

The DRP defines the disaster recovery team members' roles, responsibilities, and contact information. The plan gives every member an understanding of what to do in an emergency, when to implement specific actions, and whom to contact.

IT inventory

A thorough inventory of the organization's IT assets is an essential element of an IT DR plan. The organization's IT provider can conduct an assessment and risk analysis to prepare documentation for the DRP and help ensure compliance to regulations.

Backup procedures

In addition to the RPO and RTO, disaster backup procedures and recovery strategy describes how each data resource is backed up, the locations of these backups, the time required to back up resources (backup window) and how to recover resources from backup.

Disaster recovery sites

A hot site, or alternative site, is included in a disaster recovery plan. In an IT disaster, operations can switch to the alternative, remote data center that contains all critical systems and frequently backed-up data until the local systems are restored.

Steps to restore

The final step of the IT disaster recovery process is to restore systems and operations. An IT disaster plan includes a step-by-step procedure for  restoring the entire system after a complete system loss. If the systems can actually be restored properly, it doesn't matter how fast backup windows are if backups are not tested in full-scale recovery scenarios. The RTO determines how much time teams have to recover systems to normal operations. 

How to write a disaster recovery plan

Analyze assets.

Identify your business's most critical IT assets. Keep an inventory of assets, including applications, hardware, software, networks, and servers. Rank their priority based on business value, stakeholder impact, financial impact, and legal compliance, among other factors.  

Analyze risk

One of the most important disaster preparedness steps is to perform a risk-management assessment to identify your business's security vulnerabilities and threats. A risk assessment and analysis is typically conducted by your IT team.

Learn about risk management

Set objectives and procedures

Define your disaster recovery objectives. Determine your RTO, or the period of downtime your business can sustain in the event of a disaster, and your RPO, or the maximum age of backup files used in recovery after a disaster.

Write disaster-recovery procedures

Use your asset inventory, risk analysis, RTO, and RPO to develop an emergency plan for teams to follow in a disaster. Write procedures for:

  • Data backup : Frequency and location of backups
  • Physical damage : Emergency responses to physical damage to assets
  • Recovery : Actions to restore data assets from backup following a disaster

Manage backups

Use the 3-2-1 rule for backup storage in disaster recovery management. Keep one physical copy stored offsite, two digital copies of different types, and keep all three complete copies up to date according to the RTO.

It's also important to scan backups for malware before you restore.

Test and optimize

Train your team and test the recovery procedure to help ensure the plan is relevant and effective for rapid restoration of systems operations. Perform disaster recovery drills by restoring systems from backups and assess how it went to improve and update your plan. Continually reassess and improve the DRP, keeping records of changes made.

Types of disaster recovery

Data center disaster recovery.

Data center disaster recovery involves replicating and backing up critical data and applications to a physical offsite location for quick recovery in the event of a disaster. Data centers can be a reliable solution to help ensure business continuity in case of natural disasters or power failures.

Network disaster recovery

Network disaster recovery aims to restore and maintain network connectivity during and after a disaster. It involves redundant network infrastructure, failover mechanisms, and alternate network paths. This type of solution helps ensure uninterrupted communication and data transfer, mitigating the impact of a disaster on network operations.

Disaster recovery as a service (DRaaS)

Disaster recovery as a service, or DRaaS, is a cloud-based service that outsources the disaster-recovery process to a third-party service provider. DRaaS automatically replicates and stores data offsite in the event of a disaster to help ensure its availability. DRaaS helps minimize downtime, ensure data integrity, and rapidly restore operations.

Cloud-based disaster recovery

Cloud-based disaster recovery is a disaster recovery solution that leverages the cloud for data backup, replication, and recovery. With cloud-based disaster recovery, organizations can securely store and quickly recover their data and applications, helping ensure business continuity in the face of disaster.

Virtualized disaster recovery

Virtualized disaster recovery uses virtualization tech to create copies of servers, apps, and data. In a disaster, virtual resources are deployed quickly to alternate locations or the cloud. This minimizes downtime, simplifies recovery, and reduces dependency on hardware.

Get started

  • XDR self-guided demo
  • Get risk prioritization
  • Cisco security resilience solutions

Related security topics

  • What Is an Incident Response Plan for IT?
  • What Is Business Continuity?
  • What Is Extended Detection and Response (XDR)?
  • What Is Risk Management?
  • What Is Security Resilience?

what is a disaster recovery plan it

  • UpGuard BreachSight
  • UpGuard Vendor Risk

Product Features

Vendor risk assessments, security questionnaires.

  • Security Ratings

Data Leak Detection

  • Integrations
  • Financial Services

eBooks, Reports, & more

What is a disaster recovery plan + complete checklist.

Kyle Chin

A disaster recovery plan (DRP) is a set of detailed, documented guidelines that outline a business’ critical assets and explain how the organization will respond to unplanned incidents. Unplanned incidents or disasters typically include cyber attacks , system failures, power outages, natural disasters, equipment failures, or infrastructure disasters.

More specifically, a disaster recovery plan measures how capable an organization’s ability to restore IT infrastructure functionality and access to critical data, regardless of the disaster event.

A DRP should identify the responsibilities of staff within the organization, outline the step-by-step instructions for the disaster recovery process, and create plans to mitigate and reduce the impact of the incident so that the company can resume basic operations.

Why Is Having a Disaster Recovery Plan Important?

Disaster recovery plans are just one part of an overall security plan and should be established and implemented along with business continuity plans and incident response plans . Without these plans in place, companies can suffer catastrophic damage in form of data loss, data exposure, significantly reduced productivity, penalties and fines, reputational damage, lost revenue, and unplanned recovery expenses.

Creating disaster recovery plans, along with business continuity and incident response plans, can help build confidence with stakeholders, investors, clients, and business partners that demonstrate the capability and preparation to deal with any incident.

What is a Business Continuity Plan?

A business continuity plan (BCP) is similar to a disaster recovery plan, but a continuity plan is an overarching plan that outlines the steps needed for a business to continue operating in the event of an incident or disaster. A disaster recovery plan considers a more structured approach to the recovery process rather than the continuity process.

Learn more about business continuity plans >

What is an Incident Response Plan?

Incident response plans are critical to any security program because they provide detailed actions for responding and reacting to specific incidents. An incident response plan is focused on handling a cybersecurity incident and its fallout from start to finish, whereas a DR plan is a more robust plan that considers the potential of serious damage to the whole enterprise and how to restore technology.

Learn more about incident response plans >

Disaster Recovery Plan Checklist

Clear disaster response procedures are critical. Implementing disaster recovery quickly minimizes damage and speeds up recovery. The first few hours, in particular, can be critical. The disaster recovery plan’s emergency response procedures section should comprise clear, practical steps in language sufficient for widespread understanding.

A disaster recovery plan should be organized by location and type of disaster. No single disaster recovery plan template exists because every business is different, but a comprehensive disaster recovery plan should cover the following factors:

1. Perform a Business Impact Analysis (BIA)

A business impact analysis should be performed before creating a disaster recovery or business continuity plan . The analysis should determine the entire scope of potential aftereffects and impacts in case of a disruption to critical business operations.

Each potential disaster scenario must be planned for, and the systems and subsequent parties that will be affected must also be identified to determine which business components must be protected first to continue operating. The main difference between a BIA and BCP is that a BIA assesses the potential impact while a BCP outlines a plan based on the BIA to ensure operations are minimally affected.

Impacts that should be considered include:

  • Loss of sales or income
  • Cost of recovery (time, labor, equipment, staffing, public relations)
  • Total business downtime
  • Regulatory fines for failed compliance
  • Damage to reputation or customer trust

Ultimately, a BIA provides the necessary context and data for businesses to progress in their risk management and disaster recovery processes.

2. Perform Risk Analysis and Vulnerability Assessments

Risk analysis and vulnerability assessments identify the biggest threats and vulnerabilities that could potentially affect the business. The risk and vulnerability assessment process is designed to help businesses prioritize risk and vulnerability mitigation processes.

Different threats and vulnerabilities can affect different industries, so it’s important to identify which ones pose the biggest risk to your organization. Risks should be classified by the likelihood of occurrence and impact on assets, so the company can begin to plan business recovery processes surrounding those threats.

Risk analyses are important to anticipate and plan for the worst-case scenario and have plans in place to minimize the impact of a critical disaster. Once the risks and vulnerabilities have been identified, businesses can begin to build a risk management plan.

Risk analysis can be accomplished in two ways: qualitative and quantitative risk analysis methods . Qualitative risk analysis assesses risk using subjective data (such as perceived reputational impact) and hypothetical scenarios to determine disaster impact. Quantitative risk analysis measures risk through statistical probabilities and estimated quantifiable impact to determine risk tolerance and risk management cost investments.

Both processes should be conducted together to have a complete overview of the organization’s risk acceptance and resilience, which can then be used to make more informed business decisions.

Learn more about how to perform a cyber risk analysis >

2. Identify Roles and Responsibilities

A disaster recovery plan needs to define the roles and responsibilities of the disaster recovery team or those within the organization responsible for the following processes:

  • Maintaining business continuity systems
  • Incident reporting to executive management, stakeholders, and related authorities
  • Who is in charge of overseeing the crisis and ensuring recovery
  • Team members’ roles in securing and protecting critical business components
  • Contacting third-party vendors or affected parties
  • Liaising with people external to the organization, such as customers, clients, and the press

3. Take Inventory of Assets

To properly manage a cyber incident or cyber threat , it’s important to understand the complete overview of the assets an organization handles. Taking inventory of the organization’s IT infrastructure, including hardware, software, applications, and critical data allows the organization to prioritize the most valuable systems and assets to protect.

Asset inventory should be updated regularly in the disaster recovery plan, especially if there are large changes to the asset management strategy. To facilitate prioritization, the inventory should categorize inventory as follows:

  • Critical assets essential to business operations
  • Important assets, such as applications used once or more per day and whose absence would disrupt typical operations
  • Unimportant assets, which are accessed or used less than once per day

Sensitive data , such as payment details, intellectual property, and personally identifiable information (PII) , can also be subject to compliance requirements . A disaster recovery plan needs to address how critical data is handled during a crisis or disaster in relation to compliance standards.

In addition, it’s important to note that the people with the authority to access sensitive data during normal business operations may differ from those who can access sensitive data during a disaster to ensure its safety.

4. Disaster Recovery Sites

Disaster recovery sites refer to where the company’s assets are located and where they will be moved if disaster strikes. Businesses need to have the sites defined ahead of time should an incident occur, whether the assets are physical or digital.

The three types of recovery sites are as follows:

  • Cold sites — Used to store data backups but cannot immediately run systems.
  • Warm sites — Functional data centers that allow access to critical systems. However, up-to-date customer data may be unavailable.
  • Hot sites — Functioning data centers that contain IT equipment and personnel to use it, as well as up-to-date customer data.

In the event that businesses are still using physical documents and storage media that are still important to business operations, the disaster recovery plan also needs to include where these physical copies will be stored offsite in case of disaster.

As good practice, recovery sites and data backups should be updated regularly. Organizations should implement backup procedures at least a few times per week to ensure business continuity.

5. Disaster Recovery Testing

Much a fire or earthquake drill, it’s necessary to test the disaster recovery procedure and its procedures at least once a year. The plan should be tested in a simulated situation that varies in complexity to ensure protection against all threats.

Testing phases should accomplish the following steps:

  • Identify faults and inconsistencies within the plan that can lead to potential miscommunication or improper incident management
  • Ensure all relevant team members know their specific roles, duties, and workloads
  • Simulate a live cyber attack or other disasters
  • Test success of recovery site upload and backup processes

Regular testing should include updates to the plan and any new threats or vulnerabilities that pose a risk to critical assets.

6. Communication or Reporting Plan

Communicating information about the nature, impact, and cause of a disaster can be critical to the company’s reputation. Timely communication and incident reporting may also be required to comply with cybersecurity regulations . Therefore, the disaster recovery plan needs to define who will deliver what information to whom in the event of a disaster.

Parties that need to be kept up to date will include any or all of the following:

  • Stakeholders or investors
  • Executive management
  • Staff and employees
  • Relevant third-party vendors
  • Governing authorities
  • Customers and clients
  • Media outlets and press
  • Legal counsel

To ensure that communication is clear and prompt, the plan should outline who has primary communication responsibilities and which communication channels they should use.

7. Minimum Physical Facility Requirements

A part of the disaster recovery plan should include the minimum physical facilities a business needs to operate if its usual facility is rendered unusable by a disaster, such as an earthquake. Minimum physical facility requirements should include how much space is required, where it needs to be located, and what equipment is required.

8. RTO and RPO

As part of the disaster recovery planning process, businesses also need to define its RTO and RPO as part of its recovery strategy:

  • Recovery Time Objective (RTO) - A business’s RTO is how long it can tolerate an interruption to normal operations. This can be anything from a few minutes to many hours, depending on the nature of the business.
  • Recovery Point Objective (RPO) - The RPO refers to how much data the organization can stand to lose and is normally measured in time, such as an hour of data or 24 hours of data. A business that backs up once daily considers its RPO 24 hours.

Benefits of a Disaster Recovery Plan

Ultimately, the aim of a thorough disaster recovery plan is to facilitate faster response and smoother restoration if disaster strikes, such as a data breach or cyber attack that results in data loss or downtime .

With the increasing prevalence of cyber attacks and human error in the information technology (IT) sphere involving malware like ransomware , affected businesses are seeing rising costs and damages due to poor recovery execution and extended downtimes. It’s imperative to have strong disaster recovery processes as part of the entire business strategy

  • Lower Cyber Insurance Premiums - The modern threat landscape is such that more businesses require cyber insurance to protect themselves in case of a severe cyber attack. The cyber liability insurance industry has reached a point where it can no longer insure all businesses unless they have clearly defined security programs that minimize its overall risk. Having a disaster recovery plan can significantly lower the overall risk profile of a business and thus lower the associated cyber liability insurance premiums .
  • Fewer Recovery Costs - Formal policies and procedures demonstrating a firm’s preparedness for unplanned events can also lower costs during a data breach by helping team members respond to the issues, shortening the data breach lifecycle. The more time that is spent responding to the disaster can lead to increased damages and loss of business.
  • Minimal Penalties - In heavily-regulated sectors like healthcare or public entities, penalties for a data breach and non-compliance with cybersecurity regulations can be costly. The longer a data breach lasts, the more significant the potential penalties can be for non-compliance. A business with a disaster recovery plan will likely recover far more quickly than a company without one.
  • Minimal Business Interruption - Anything facilitating restoring technology will reduce costs for the organization if an unplanned incident interrupts operations. An excellent IT disaster recovery plan can differentiate between minimal impact and complete operational shutdown. When a cyber attack or another incident interrupts critical services, organizations must do all they can to restore technology and normal business processes as quickly as possible.

What Is a Disaster Recovery as a Service (DRaaS)?

A DRaaS provider is a third-party provider that uses cloud technology to facilitate rapid restoration of data servers and applications in case of an emergency or disaster.

A third-party solution provider’s security policies and procedures will impact data and database recovery, so it’s highly recommended to work with a trusted vendor that includes data protection as a core part of their offering. Subscribers should also consider the capacity of the provider to ensure it can handle the data transfer required for backing up and restoring the business’s information systems effectively.

Cloud disaster recovery solutions can have the following benefits for modern businesses.

  • Connectivity - One of the benefits of DRaaS is that restorations can be initiated from any location using various kinds of computers, which is ideal in a disaster scenario that may affect physical locations and data. It makes sense to use a provider in another region to avoid the likelihood of the DRaaS provider being affected by the same physical disaster as the subscriber. This way, a business affected by a geographically-specific disaster can use cloud services to create a functional data center in a new location to restore its applications and customer data.
  • Instant Mirroring - Another benefit of DRaaS is that they mirror data changes instantly. This cloud service creates a backup database server that copies the master database server created on the fly. With such a system, restoration can be performed from a point seconds before an outage.
  • Cost-Effective - For many organizations, migrating to cloud services for data management and disaster recovery processes is a cost-effective contingency plan for disruptive events. Excellent cloud service DR providers provide around-the-clock data protection and data management , keeping software up-to-date and monitoring the network to prevent data breaches in the first place. They can also respond quickly and automatically in the event of a disaster.

Reviewed by

Kaushik Sen

Kaushik Sen

Ready to see upguard in action, join 27,000+ cybersecurity newsletter subscribers.

 alt=

Related posts

The top cybersecurity websites and blogs of 2023.

Abi Tyas Tunggal

14 Cybersecurity Metrics + KPIs You Must Track in 2024

What are security ratings cyber performance scoring explained, why is cybersecurity important, what is typosquatting (and how to prevent it), introducing upguard's new sig lite questionnaire.

Caitlin Postal

  • Product Video
  • Release notes
  • SecurityScorecard
  • All comparisons
  • Security Reports
  • Instant Security Score
  • Third-Party Risk Management
  • Attack Surface Management
  • Cybersecurity

U.S. flag

An official website of the United States government

Here’s how you know

world globe

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

what is a disaster recovery plan it

IT Disaster Recovery Plan

world globe

IT Recovery

Data backup.

Data Backup Plan

Businesses large and small create and manage large volumes of electronic information or data. Much of that data is important. Some data is vital to the survival and continued operation of the business. The impact of data loss or corruption from hardware failure, human error, hacking or malware could be significant. A plan for data backup and restoration of electronic information is essential.

An information technology disaster recovery plan (IT DRP) should be developed in conjunction with the business continuity plan . Priorities and recovery time objectives for information technology should be developed during the business impact analysis . Technology recovery strategies should be developed to restore hardware, applications and data in time to meet the needs of the business recovery.

Priorities for IT recovery should be consistent with the priorities for recovery of business functions and processes that were developed during the business impact analysis . IT resources required to support time-sensitive business functions and processes should also be identified. The recovery time for an IT resource should match the recovery time objective for the business function or process that depends on the IT resource.

Recovery strategies should be developed to anticipate the loss of one or more of the following system components:

  • Computer room environment (secure computer room with climate control, conditioned and backup power supply, etc.)
  • Hardware (networks, servers, desktop and laptop computers, wireless devices and peripherals)
  • Connectivity to a service provider (fiber, cable, wireless, etc.)
  • Software applications (electronic data interchange, electronic mail, enterprise resource management, office productivity, etc.)
  • Data and restoration

Developing an IT Disaster Recovery Plan

Businesses should develop an IT disaster recovery plan. It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and wireless devices), software applications and data. The plan should include a strategy to ensure that all critical information is backed up.

Identify critical software applications and data and the hardware required to run them. Using standardized hardware will help to replicate and reimage new hardware. Ensure that copies of program software are available to enable re-installation on replacement equipment. Prioritize hardware and software restoration.

Document the IT disaster recovery plan as part of the business continuity plan . Test the plan periodically to make sure that it works.

Businesses generate large amounts of data and data files are changing throughout the workday. Data can be lost, corrupted, compromised or stolen through hardware failure, human error, hacking and malware. Loss or corruption of data could result in significant business disruption.

Data backup and recovery should be an integral part of the business continuity plan and information technology disaster recovery plan. Developing a data backup strategy begins with identifying what data to backup, selecting and implementing hardware and software backup procedures, scheduling and conducting backups and periodically validating that data has been accurately backed up.

Developing the Data Backup Plan

Identify data on network servers, desktop computers, laptop computers and wireless devices that needs to be backed up, along with other hard copy records and information. The backup plan should include regularly scheduled backups from wireless devices, laptop computers and desktop computers to a network server. Data on the server then can be backed up. Backing up hard copy vital records can be accomplished by scanning paper records into digital formats and allowing them to be backed up along with other digital data.

Data should be backed up frequently. The business impact analysis should evaluate the potential for lost data and define the “recovery point objective.” Data restoration times should be confirmed and compared with the IT and business function recovery time objectives.

Resources for Information Technology Disaster Recovery Planning

  • Computer Security Resource Center - National Institute of Standards and Technology (NIST), Computer Security Division Special Publications
  • Contingency Planning Guide for Federal Information Systems - NIST Special Publication 800-34 Rev. 1
  • Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities – NIST Special Publication 800-84
  • Building An Information Technology Security Awareness and Training Program - NIST Special Publication 800-50

Last Updated: 09/07/2023

Return to top

2023 AWS Global Storage Partner of the Year | 2023 AWS Global Storage PoY | Schedule a meeting

Disaster Recovery Plan

Disaster recovery plan definition.

What is a disaster recovery plan? A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and more generally promote recovery.

The purpose of a disaster recovery plan is to comprehensively explain the consistent actions that must be taken before, during, and after a natural or man-made disaster so that the entire team can take those actions. A disaster recovery plan should address both man-made disasters that are intentional, such as fallout from terrorism or hacking, or accidental, such as an equipment failure.

What is a disaster recovery plan ?

Organizations of all sizes generate and manage massive amounts of data, much of it mission critical. The impact of corruption or data loss from human error, hardware failure, malware, or hacking can be substantial. Therefore, it is essential to create a disaster recovery plan for the restoration of business data from a data backup image.

It is most effective to develop an information technology (IT) disaster recovery plan in conjunction with the business continuity plan (BCP). A business continuity plan is a complete organizational plan that consists of five components:

1. Business resumption plan 2. Occupant emergency plan 3. Continuity of operations plan 4. Incident management plan (IMP) 5. Disaster recovery plan

Generally, components one through three do not touch upon IT infrastructure at all. The incident management plan typically establishes procedures and a structure to address cyber attacks against IT systems during normal times, so it does not deal with the IT infrastructure during disaster recovery. For this reason, the disaster recovery plan is the only component of the BCP of interest to IT.

Among the first steps in developing such adisaster recovery strategy is business impact analysis, during which the team should develop IT priorities and recovery time objectives. The team should time technology recovery strategies for restoring applications, hardware, and data to meet business recovery needs.

Every situation is unique and there is no single correct way to develop a disaster recovery plan. However, there are three principal goals of disaster recovery that form the core of most DRPs:

  • prevention, including proper backups, generators, and surge protectors
  • detection of new potential threats, a natural byproduct of routine inspections
  • correction, which might include holding a “lessons learned” brainstorming session and securing proper insurance policies

What should a disaster recovery plan include?

Although specific disaster recovery plan formats may vary, the structure of a disaster recovery plan should include several features:

Goals A statement of goals will outline what the organization wants to achieve during or after a disaster, including the recovery time objective (RTO) and the recovery point objective (RPO). The recovery point objective refers to how much data (in terms of the most recent changes) the company is willing to lose after a disaster occurs. For example, an RPO might be to lose no more than one hour of data, which means data backups must occur at least every hour to meet this objective.

Recovery time objective or RTO refers to the acceptable downtime after an outage before business processes and systems must be restored to operation. For example, the business must be able to return to operations within 4 hours in order to avoid unacceptable impacts to business continuity.

Personnel Every disaster recovery plan must detail the personnel who are responsible for the execution of the DR plan, and make provisions for individual people becoming unavailable.

IT inventory An updated IT inventory must list the details about all hardware and software assets, as well as any cloud services necessary for the company’s operation, including whether or not they are business critical, and whether they are owned, leased, or used as a service.

Backup procedures The DRP must set forth how each data resource is backed up – exactly where, on which devices and in which folders, and how the team should recover each resource from backup.

Disaster recovery procedures These specific procedures, distinct from backup procedures, should detail all emergency responses, including last-minute backups, mitigation procedures, limitation of damages, and eradication of cybersecurity threats.

Disaster recovery sites Any robust disaster recovery plan should designate a hot disaster recovery site. Located remotely, all data can be frequently backed up to or replicated at a hot disaster recovery site — an alternative data center holding all critical systems. This way, when disaster strikes, operations can be instantly switched over to the hot site.

Restoration procedures Finally, follow best practices to ensure a disaster recovery plan includes detailed restoration procedures for recovering from a loss of full systems operations. In other words, every detail to get each aspect of the business back online should be in the plan, even if you start with a disaster recovery plan template. Here are some procedures to consider at each step.

Include not just objectives such as the results of risk analysis and RPOs, RTOs, and SLAs, but also a structured approach for meeting these goals. The DRP must address each type of downtime and disaster with a step-by-step plan, including data loss, flooding, natural disasters, power outages, ransomware, server failure, site-wide outages, and other issues. Be sure to enrich any IT disaster recovery plan template with these critical details.

Create a list of IT staff including contact information, roles, and responsibilities. Ensure each team member is familiar with the company disaster recovery plan before it is needed so that individual team members have the necessary access levels and passwords to meet their responsibilities. Always designate alternates for any emergency, even if you think your team can’t be affected.

Address business continuity planning and disaster recovery by providing details about mission-critical applications in your DRP. Include accountable parties for both troubleshooting any issues and ensuring operations are running smoothly. If your organization will use cloud backup services or disaster recovery services, vendor name and contact information, and a list of authorized employees who can request support during a disaster should be in the plan; ideally the vendor and organizational contacts should know of each other.

Media communication best practices are also part of a robust disaster recovery and business continuity plan. A designated public relations contact and media plan are particularly useful to high profile organizations, enterprises, and users who need 24/7 availability, such as government agencies or healthcare providers. Look for disaster recovery plan examples in your industry or vertical for specific best practices and language.

Benefits of a disaster recovery plan

Obviously, a disaster recovery plan details scenarios for reducing interruptions and resuming operations rapidly in the aftermath of a disaster. It is a central piece of the business continuity plan and should be designed to prevent data loss and enable sufficient IT recovery.

Beyond the clear benefit of improved business continuity under any circumstances, having a company disaster recovery plan can help an organization in several other important ways.

Cost-efficiency Disaster recovery plans include various components that improve cost-efficiency. The most important elements include prevention, detection, and correction, as discussed above. Preventative measures reduce the risks from man-made disasters. Detection measures are designed to quickly identify problems when they do happen, and corrective measures restore lost data and enable a rapid resumption of operations.

Achieving cost-efficiency goals demands regular maintenance of IT systems in their optimal condition, high-level analysis of potential threats, and implementation of innovative cybersecurity solutions. Keeping software updated and systems optimally maintained saves time and is more cost-effective. Adopting cloud-based data management as a part of disaster recovery planning can further reduce the costs of backups and maintenance.

Increased productivity Designating specific roles and responsibilities along with accountability as a disaster recovery plan demands increases effectiveness and productivity in your team. It also ensures redundancies in personnel for key tasks, improving sick day productivity, and reducing the costs of turnover.

Improved customer retention Customers do not easily forgive failures or downtime, especially if they result in loss of sensitive data. Disaster recovery planning helps organizations meet and maintain a higher quality of service in every situation. Reducing the risks your customers face from data loss and downtime ensures they receive better service from you during and after a disaster, shoring up their loyalty.

Compliance Enterprise business users, financial markets, healthcare patients, and government entities, all rely on availability, uptime, and the disaster recovery plans of important organizations. These organizations in turn rely on their DRPs to stay compliant with industry regulations such as HIPAA and FINRA.

Scalability Planning disaster recovery allows businesses to identify innovative solutions to reduce the costs of archive maintenance, backups, and recovery. Cloud-based data storage and related technologies enhance and simplify the process and add flexibility and scalability.

The disaster recovery planning process can reduce the risk of human error, eliminate superfluous hardware, and streamline the entire IT process. In this way, the planning process itself becomes one of the advantages of disaster recovery planning, streamlining the business, and rendering it more profitable and resilient before anything ever goes wrong.

Ways to develop a disaster recovery plan

There are several steps in the development of a disaster recovery plan. Although these may vary somewhat based on the organization, here are the basic disaster recovery plan steps:

Risk assessment First, perform a risk assessment and business impact analysis (BIA) that addresses many potential disasters. Analyze each functional area of the organization to determine possible consequences from middle of the road scenarios to “worst-case” situations, such as total loss of the main building. Robust disaster recovery plans set goals by evaluating risks up front, as part of the larger business continuity plan, to allow critical business operations to continue for customers and users as IT addresses the event and its fallout.

Consider infrastructure and geographical risk factors in your risk analysis. For example, the ability of employees to access the data center in case of a natural disaster, whether or not you use cloud backup, and whether you have a single site or multiple sites are all relevant here. Be sure to include this information, even if you’re working from a sample disaster recovery plan.

Evaluate critical needs Next, establish priorities for operations and processing by evaluating the critical needs of each department. Prepare written agreements for selected alternatives, and include details specifying all special security procedures, availability, cost, duration, guarantee of compatibility, hours of operation, what constitutes an emergency, non-mainframe resource requirements, system testing, termination conditions, a procedure notifying users of system changes, personnel requirements, specs on required processing hardware and other equipment, a service extension negotiation process, and other contractual issues.

Set disaster recovery plan objectives Create a list of mission-critical operations to plan for business continuity, and then determine which data, applications, equipment, or user accesses are necessary to support those functions. Based on the cost of downtime, determine each function’s recovery time objective (RTO). This is the target amount of time in hours, minutes, or seconds an operation or application can be offline without an unacceptable business impact.

Determine the recovery point objective (RPO), or the point in time back to which you must recover the application. This is essentially the amount of data the organization can afford to lose.

Assess any service level agreements (SLAs) that your organization has promised to users, executives, or other stakeholders.

Collect data and create the written document Collect data for your plan using pre-formatted forms as needed. Data to collect in this stage may include:

  • lists (critical contact information list, backup employee position listing, master vendor list, master call list, notification checklist)
  • inventories (communications equipment, data center computer hardware, documentation, forms, insurance policies, microcomputer hardware and software, office equipment, off-site storage location equipment, workgroup hardware, etc.)
  • schedules for software and data files backup/retention
  • procedures for system restore/recovery
  • temporary disaster recovery locations
  • other documentation, inventories, lists, and materials

Organize and use the collected data in your written, documented plan.

Test and revise Next, develop criteria and procedures for testing the plan. This is essential to ensure the organization has adopted compatible, feasible backup procedures and facilities, and to identify areas that should be modified. It also allows the team to be trained, and proves the value of the DRP and ability of the organization to withstand disasters.

Finally, test the plan based on the criteria and procedures. Conduct an initial dry run or structured walk-through test and correct any problems, ideally outside normal operational hours. Types of business disaster recovery plan tests include: disaster recovery plan checklist tests, full interruption tests, parallel tests, and simulation tests.

The recovery point objective, or RPO, refers to how much data (in terms of the most recent changes) the company is willing to lose after a disaster occurs. For example, an RPO might be to lose no more than one hour of data, which means data backups must occur at least every hour to meet this objective.

The RPO answers this question: “How much data could be lost without significantly impacting the business?”

Example: If the RPO for a business is 20 hours and the last available good copy of data after an outage is 18 hours old, we are still within the RPO’s parameters.

In other words, the RTO answers the question: “How much time after notification of business process disruption should it take to recover?”

To compare RPO and RTO , consider that RPO means a variable amount of data that would need to be re-entered after a loss or would be lost altogether during network downtime. In contrast, RTO refers to how much real time can elapse before the disruption unacceptably impedes normal business operations.

It is important to expose the gap between actuals and objectives set forth in the disaster recovery plan. Only business disruption and disaster rehearsals can expose actuals—specifically Recovery Point Actual (RPA) and Recovery Time Actual (RTA). Refining these differences brings the plan up to speed.

Strategies and tools for a disaster recovery plan

The right strategies and tools help implement a disaster recovery plan.

Traditional on-premises recovery strategies The IT team should develop disaster recovery strategies for IT applications, systems, and data. This includes desktops, data, networks, connectivity, servers, wireless devices, and laptops. Identify IT resources that support time-sensitive business processes and functions so their recovery times match.

Information technology systems require connectivity, data, hardware, and software. The entire system may fail due to a single component, so recovery strategies should anticipate the loss of one or more of these system components:

  • Secure, climate-controlled computer room environment with backup power supply
  • Connectivity to a service provider
  • Hardware such as desktop and laptop computers, networks, wireless devices and peripherals, and servers
  • Software applications such as electronic mail, electronic data interchange, enterprise resource management, and office productivity

Data and restoration For business applications that cannot tolerate downtime, actual parallel computing, data mirroring, or multiple data center synchronization is possible yet costly. Other solutions for mission critical business applications and sensitive data include cloud backup and cloud-native disaster recovery, which reduce the need for expensive hardware and IT infrastructure.

Internal recovery strategies Some enterprises store data at multiple facilities and configure hardware to run similar applications from data center to data center when needed. Assuming off-site data backup or data mirroring are taking place, processing can continue and data can be restored at an alternate site under these circumstances. However, this is a costly solution, and one that demands an internal solution that is itself infallible.

Cloud-based disaster recovery strategies Cloud-based vendors offer Disaster recovery as a service (DRaaS), which are essentially “hot sites” for IT disaster recovery hosted in the cloud. DRaaS leverages the cloud to provide fully configured recovery sites that mirror the applications in the local data center. This allows users a more immediate response, allowing them the ability to recover critical applications in the cloud, keeping them ready for use at the time of a disaster.

Vendors can host and manage applications, data security services, and data streams, enabling access to information via web browser at the primary business site or other sites. These vendors can typically enhance cybersecurity because their ongoing monitoring for outages offers data filtering and detection of malware threats. If the vendor detects an outage at the client site, they hold all client data automatically until the system is restored. In this sense, the cloud is essential to security planning and disaster recovery.

Does Druva offer a cloud disaster recovery plan ?

With Druva’s cloud-native disaster recovery plan, workloads on-premises or in the cloud back up directly to the Druva Cloud Platform, built on AWS. This eliminates recovery complexities by enabling automated runbook execution and one-click disaster recovery. Druva’s cloud-native disaster recovery includes failover and failback, either back to on-premises systems or to any AWS region or account without hardware, a managed DR site, or excessive administration.

Watch the video below for a demo, and discover Druva's innovative one-click solutions for on-premises and cloud workloads on the disaster recovery page of the website .

Related Terms

Now that you’ve learned about the disaster recovery plan, brush up on these related terms with Druva’s glossary:

  • What is cyber resilience?
  • What is an RPO?
  • What is an RTO?

Choose region and language

  • Brasil Português
  • Mexico Español
  • United States + Canada English

Asia-Pacific

  • Chinese Simplified 简体中文
  • Chinese Traditional 繁體中文
  • Indonesia Bahasa Indonesia
  • Singapore English
  • Vietnam Tiếng Việt
  • India हिन्दी

What is a disaster recovery plan (DRP) and how to create one?

Acronis

Disasters that affect your IT capabilities happen more often than you think, but only 6% are caused by a natural disaster. The vast majority of disasters that cause significant IT downtime are human error, hardware and software failure, and cyberattacks. There are even stories circulating that talk of how a newly hired IT technician inadvertently deleted all company data on his first day!

During the past three years, 93% of businesses have been hit by a natural or human-made disaster – and many of these organizations could not recover.  

Whether your organization is large or small, the only way to prepare for a disaster is to develop and exercise a disaster recovery plan.

What is a disaster recovery plan (DRP)?

An IT disaster recovery plan (DRP ) is a written document that spells out the policies, step-by-step procedures, and responsibilities to recover an organization's IT systems and data and get IT operations back up and running when a disaster happens. This plan is a sub-component of the organization's  Business Continuity Plan (BCP) .

Once developed, the DR plan must be tested (or exercised) to ensure that the IT team can fully recover the organization's IT systems regardless of the type of disaster. 

Disasters arrive unannounced, so it is essential to get an IT DR plan in place as soon as possible. A fully operational plan will help minimize risk exposure, reduce disruption, and ensure economic stability. It will also reduce insurance premiums and potential liability, and ensure your organization complies with regulatory requirements. Most importantly, a well-executed plan can save your organization thousands – even hundreds of thousands – of dollars in the event of a disaster.

Data is a valuable asset: Customer data; financial, human resource, and R&D documents; and emails are irreplaceable. Each document represents hours of work, and the ability to retrieve it is essential. To determine how much a disaster can cost your organization, consider the cost of system downtime – the impact on employee productivity, the loss of billable hours, missed sales from a down e-commerce website, and penalties for failure to meet regulatory compliance obligations.

In a worst-case scenario, your DR plan may save your company.  

Acronis

What are the different Types of Disaster Recovery Plans?

There are four types of disaster recovery plans.

Virtualized Disaster Recovery Plan

With a virtual DR plan, your IT organization replicates the entire IT infrastructure and stores it on an  offsite Virtual Machine (VM) . Since VMs are hardware independent, you do not need the same hardware as the primary site, so you can quickly  back up your systems  and data to dissimilar hardware. When a disaster happens, you can failover IT operations to the offsite VM and recover from a disaster in just a few minutes. 

Network Disaster Recovery Plan

A disaster recovery plan helps your IT team respond to an unplanned interruption of network services during a disaster, including voice, data, internet, etc. The plan must include procedures for recovering an organization's network operations, including local area networks (LANs), wide-area networks (WANs), and wireless networks.

An unplanned interruption of network services can range from performance degradation to a complete outage.

Cloud Disaster Recovery Plan

With this type of plan, your systems and data are backed up to a public cloud located at least 150 miles from the primary site. When a disaster happens, IT can easily failover their operations to the disaster recovery site and fail back to the same or new hardware – even if that hardware is dissimilar - to resume normal operations. Public  cloud DR services  are available pay-as-you-go and can be accessed from anywhere.

Data Center Disaster Recovery Plan

This type of plan requires your organization to set up a separate facility only used when a disaster happens. There are three primary types of disaster recovery data centers - cold, warm, and hot.

  • A cold DR site is an office or data center located away from the primary site with power, heat, air conditioning, etc. but no running IT systems. Depending on the length of the disaster, an organization may install the necessary systems after the disaster hits.
  • A warm DR site offers office space and a technology infrastructure used when a disaster hits the primary site. A warm site has power, heat, air conditioning, network connectivity, and redundant hardware/software already up and running.  Backups  from the primary to the warm site are performed daily or weekly, which can result in some data loss. 
  • A hot site offers office space and a complete replica of the primary site's IT infrastructure, systems, applications, and up-to-date data. A hot site enables rapid recovery of all business processes. It is most expensive to maintain compared to other data center types, but, for many businesses, it's the most optimal solution.

The disaster recovery process

Every business needs a disaster recovery plan unique to its data requirements. To define the best approach for your business, you must weigh the value of your data, systems, and applications against the risk your organization can afford to assume. When creating disaster recovery plans, be sure to include the following steps:  

  • Establish a planning group.
  • Perform a risk assessment and define an acceptable  Recovery Point Objective (RPO)  and Recovery Time Objective (RTO).
  • Prepare an inventory of IT assets.
  • Identify dependencies and establish priorities.
  • Develop recovery strategies.
  • Develop a communication plan.
  • Develop documentation, verification criteria, procedures, and responsibilities.
  • Test, test, test the plan.
  • Implement the plan.
  • Maintain the IT infrastructure.

What are the five major elements of a disaster recovery plan?

We've outlined the basic steps in disaster recovery planning. Now, let's explore the five primary elements of a DR plan below.

Assign it recovery management team

A dedicated disaster recovery plan requires proper development, updates, and testing. It's best to form a dedicated disaster recovery team to cover all of those. Ideally, the team should include managers and employees from all branches of your organization.

The team's ultimate purpose is to design, develop, implement, test, and upgrade the DR plan to ensure you can recover core business services as quickly as possible following a disaster.

Moreover, the DR team should assign specific roles for each team member and their contact details in the DR plan document. The plan should also identify the first contact point (a responsible individual) in the event of a disaster.

Lastly, all company staff must have access to the detailed disaster recovery plan, know the disaster recovery processes, and understand their specific roles to cut down recovery time and quickly resume key operations after a disaster occurs.

Identify potential disaster risks

Organizations must identify potential data risks - human-made, due to natural disaster or cyber-attacks. Restoring important systems and business operations in a disaster can reduce downtime and minimize financial and reputational loss, which is critical to your company's success.

Once you've identified the potential risks applicable to your company, you can calculate the Recovery point objective (RPO) and Recovery time objectives (RTOs). Having a precise RPO and RTO lets you manage disaster recovery systems easier, thus leading to a smooth and rapid restoration.

Classify critical data, apps, and resources

The next step comprises your company's critical systems - apps, data, documents, and resources. (buildings, machinery, onsite IT infrastructure, human and intellectual resources, etc.)

The DRP should focus on successful contingency planning - how to continue revenue generation and ensure cash flow as a short-term goal. In the mid-and-long term, the DRP must define how to get your entire system back up and running to resume normal operations.

Outline and specify backup and offsite disaster recovery procedures

You can rely on a  Disaster-recovery-as-a-Service (DRaaS)  to manage onsite and offsite coordination or use a robust disaster recovery solution to manage the process individually.

In both cases, you should aim to present the disaster recovery plan strategies to all data-processing personnel, assign critical business operations, outline backup operations procedures, and determine internal recovery strategies for your primary business site and emergency response procedures for your offsite disaster recovery sites.

(if you rely on a fully-equipped secondary site, you should also create an alternate hot site plan; if you rely on a mobile data center, you should implement a mobile site setup plan)

Test and polish the plan

As your company grows, your DR risks and needs will also evolve. For example, if your company opens a new data center, it should be reflected in your DRP as soon as possible.

If you have more than one alternate site, it's best to use full resiliency program management. Bringing all of your information services backup procedures under one umbrella will let you design an appropriate emergency response for your data processing operations, mitigate business continuity risks, and, ultimately, enable rapid recovery to resume normal operations in the event of power outages and natural disasters.

Moreover, you will benefit from disaster recovery automation, which simplifies testing all technology recovery strategies. A tested disaster recovery plan ensures continuous innovation in line with the increased risk to your company data. Be it during power outages, natural disasters, or cyber-attacks, your organization will be prepared to restore even complex business operations rapidly.

What should you avoid during disaster recovery planning?

A disaster can cause chaos and create an environment where your DR team members make mistakes. To overcome this challenge, build your list of do's and don'ts for plan development and use it before, during, and after the crisis.

Here is a quick synopsis of some of the most important “dos and don'ts.”

What not to do:

  • Do not discount the importance of an IT disaster recovery plan because you have backups or have implemented high availability. You need such a plan no matter what!
  • Do not consider DR an expense. It's an investment.
  • Do not apply a single data protection strategy to all applications.
  • Do not assume that your network can handle the traffic during an emergency. Identify alternative forms of communication if you cannot use the network.
  • Do not create a DR plan just for the sake of having one or to simply satisfy executive management and your auditors.
  • Do not simplify disaster recovery process milestones. It may speed up the planning phase but will rarely be optimal in the long run.

What to do:

  • Be sure to get sponsorship for the DR plan from the executive team.
  • Look for disaster recovery plan examples to use as a template to speed the development and improve the accuracy of your plan.
  • Include key contact members from various departments in your planning committee. Include decision-makers from multiple departments - financial associates, customer service representatives, and IT personnel.
  • Safeguard data not stored centrally, including data stored on desktops, laptops, and mobile devices. Also, consider the following:
  • Virtual environments
  • Application-specific agents
  • Snapshot storage requirements
  • Server activation and documentation
  • Backup and recovery
  • Create a disaster recovery plan checklist to use as a quick reference when developing the DR plan and during an actual disaster. A list helps your team work quickly and perform tasks accurately.
  • Perform end-user acceptance testing.
  • Be sure to test a broad range of disaster scenarios regularly.
  • Update and test your disaster recovery plan regularly.
  • Choose a DR location that is not too close to your production site and can be remotely activated in the event of an emergency.
  • Plan frequent meetings to ensure that resources are still available during a disaster.

How are DR and business continuity plans different?

DR addresses the recovery of IT infrastructure during or following disruptive events. DR relies on data security services to restore critical systems and complement your business continuity planning (BCP).

A good disaster recovery plan ensures you can always access essential company data. Focusing on the bigger picture, BCP encompasses all necessary precautions to safeguard your data and employees to ensure continuous business operations.

BCP focuses on optimizing your data processing system, disaster site rebuilding, enterprise resource management, and more to ensure no unforeseen event will disrupt your business processes.

Your BCP team must examine all disaster recovery plan examples created by your DR team, consult on the best one, and implement it to fortify your backup system, minimize your Recovery Time Objective, and turn the perceived disaster recovery complexity into an understandable, easy-to-follow guideline for all responsible employees.

Disaster recovery plan templates

If you are a small- to medium-sized business (SMB), consider using an IT disaster recovery plan template to help guide you and your team through the plan development process.

There are many DR and business recovery plan templates available on the internet, including templates offered by Solutions Review, Smartsheet, and template.net. You can also find IT disaster recovery templates for small businesses at SupremusGroup. 

If this is the first time your organization is developing a plan, using a DR plan template ensures you do not miss important steps in the process and eliminates the costs associated with engaging a consultant. 

Testing your DR plan

You must test your disaster recovery plan and ensure you have all the elements in place for a successful test. This includes having a detailed script of test activities, ensuring that all IT components are in place and ready to use, documenting what happens during the test, and preparing a post-DR-test, after-action review.

Finding the right DRP solution

Implementing your DR plan means you'll need to find a DR solution that fits your IT requirements and is realistic about managing and testing. Many SMBs now work with managed service providers (MSPs) who deliver and administer their IT needs – outsourcing the expense of that mission-critical expertise. Many of those MSPs offer managed DR services that are built on Acronis'  disaster recovery solution . That's because, with Acronis, an MSP can add disaster recovery to your backup in a matter of minutes – so not only will you have backups that protect your data, applications, and systems, but when disaster strikes, you can spin up your IT systems in the cloud to keep your organization running. After the disaster passes, you'll be able to easily recover to the same, new, or dissimilar hardware.

How to Develop a Disaster Recovery Plan for Your IT Systems

About Acronis

Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 1,800 employees in 45 locations. The Acronis Cyber Protect Cloud solution is available in 26 languages in over 150 countries and is used by 20,000 service providers to protect over 750,000 businesses.

How the New Acronis #CyberFit Academy Empowers Partners asdasd…

As the novel coronavirus/COVID-19 continues to spread, impacting individuals, organizations, and communities across the globe, we want to share how Acronis is responding to the pandemic.

New update adds vulnerability assessments to Acronis True …

Working from home has become a critical part of containing the virus, but for small to mid-size businesses tackling remote work for the first time, there are security considerations to keep in mind.

With the coronavirus on the verge of being declared a global pandemic and thousands dead in its wake, there are sick attempts by criminals to scam unsuspected victims to profit from the illness.

Looking Forward to Better Days

Travel may be restricted and conferences canceled, but this crisis will eventually pass. To give us something to look forward to, let’s look at the session tracks for the 2020 Acronis Global Cyber Summit.

© 2024 Acronis International GmbH. Rheinweg 9, 8200 Schaffhausen, Switzerland. © All rights reserved.

Your information is used in accordance with our privacy statement . You receive this email because you are subscribed for a blog newsletter.

  • Customer Service
  • Send Feedback
  • Manage Subscriptions
  • Company Blog

More from Acronis

Acronis

Disarm BEC, phishing, ransomware, supply chain threats and more.

Defend your data from careless, compromised and malicious users.

Prevent identity risks, detect lateral movement and remediate identity threats in real time.

Reduce risk, control costs and improve data visibility to ensure compliance.

Leverage proactive expertise, operational continuity and deeper insights from our skilled experts.

what is a disaster recovery plan it

AI-powered protection against BEC, ransomware, phishing, supplier risk and more with inline+API or MX-based deployment

Protect your people from email and cloud threats with an intelligent and holistic approach.

Help your employees identify, resist and report attacks before the damage is done.

Prevent data loss via negligent, compromised and malicious insiders by correlating content, behavior and threats.

Manage risk and data retention needs with a modern compliance and archiving solution.

Keep your people and their cloud apps secure by eliminating threats, avoiding data loss and mitigating compliance risk.

Learn about this growing threat and stop attacks by securing today’s top ransomware vector: email.

Implement the very best security and compliance solution for your Microsoft 365 collaboration suite.

Secure access to corporate resources and ensure business continuity for your remote workers.

Protect your email deliverability with DMARC.

Today’s cyber attacks target people. Learn about our unique people-centric approach to protection.

Become a channel partner. Deliver Proofpoint solutions to your customers and grow your business.

Learn about Proofpoint Extraction Partners.

Learn about our global consulting and services partners that deliver fully managed and integrated solutions.

Learn about our relationships with industry-leading firms to help protect your people, data and brand.

Learn about the technology and alliance partners in our Social Media Protection Partner program.

Small Business Solutions for channel partners and MSPs.

Find the information you're looking for in our library of videos, data sheets, white papers and more.

Keep up with the latest news and happenings in the ever‑evolving cybersecurity landscape.

Learn about the human side of cybersecurity. Episodes feature insights from experts and executives.

Get the latest cybersecurity insights in your hands – featuring valuable knowledge from our own industry experts.

Learn about the latest security threats and how to protect your people, data, and brand.

Connect with us at events to learn how to protect your people and data from ever‑evolving threats.

Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges.

Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity.

Get free research and resources to help you protect against threats, build a security culture, and stop ransomware in its tracks.

Proofpoint is a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people.

Stand out and make a difference at one of the world's leading cybersecurity companies.

Read the latest press releases, news stories and media highlights about Proofpoint.

Learn about how we handle data and make commitments to privacy and other regulations.

Learn about our people-centric principles and how we implement them to positively impact our global community.

Access the full range of Proofpoint support services.

What Is Disaster Recovery?

Table of contents, what is a disaster recovery plan, how does it work, essential elements of a disaster recovery plan, steps to create a disaster recovery plan, what roles make up a disaster recovery team, what is disaster recovery testing, types of disaster recovery, disaster recovery vs. business continuity, incident management vs. disaster recovery, disaster recovery solutions by proofpoint.

Disaster recovery is broadly defined as an organization's ability to respond to and recover from a catastrophic event that negatively affects its operations or infrastructure. It’s the basis for identifying, evaluating, and mitigating disasters and their subsequent recovery strategies.

In the wake of a cyber attack, teams need to have a disaster recovery plan in place to address problems as promptly and effectively as possible. Without it, every minute wasted can increase the cost of damages and the ability to recover.

Cybersecurity is an increasingly common area where disaster recovery is critical to handling threats. This glossary covers the fundamentals of disaster recovery and what you need to know about having a concrete plan in place.

A disaster recovery plan is an organization's strategic documentation and process to restore access to compromised systems and infrastructure after a cyber attack , human error, natural disaster, or other catastrophic events.

It's the systematic methodology by which a team allocates its resources to efficiently regain control over critical data and information systems following a disaster.

Disaster recovery works two-fold to both maintain and reestablish critical IT systems and infrastructure following an incident. Maintenance works by properly replicating and backing up data and assets to specific restore points. Recovery is a reactionary effort to regain functionality and control over systems and data that become infected or breached.

A disaster recovery plan can be used to address matters both large and small. These could be specific program issues, like faulty software. Or they could be devastating tragedies, like a system-wide data breach or a pandemic. What makes a disaster recovery plan effective is anticipating threats before they arise and testing different threat scenarios to ensure the plan works.

An effective disaster recovery plan addresses an organization's unique assets, infrastructure, and vulnerabilities. While every organization should have a customized plan specific to its needs, several fundamental elements should be considered as part of any disaster recovery plan.

  • Risk Assessment: Teams should thoroughly evaluate all possible threats and weaknesses in the organization's IT infrastructure and target areas of interest that are especially susceptible to cyber attacks.
  • Business Continuity: Determine the procedures and resources that will be utilized to maintain critical business operations in the event of a disaster.
  • Data Archiving, Backups, and Recovery: Document and implement the maintenance processes for regularly backing up critical data and systems, including plans to restore these assets if compromised due to a disaster or attack.
  • Incident Response: Develop a flow of procedures and exercises that clearly articulates how a team should respond to a cyber attack, breach , or disaster, including how to identify and contain the threat, assess damages, and restore affected systems.
  • Communication: A disaster recovery plan for enterprise organizations should include instructions on how to communicate the situation with key stakeholders in the event of an attack. This includes affected employees, customers, vendors, investors, and the media.
  • Training and Education: Build a system to properly train and educate employees on cybersecurity and disaster response best practices, particularly key exercises outlined in an organization's plan and what to be ready for if disaster strikes.
  • Testing and Drills: Consistent disaster recovery plan practice and testing are vital to ensure its effectiveness and that your team is confident in their roles and responsibilities to handle threats as they arise.

Understanding the components of a disaster recovery plan ensures your team can write and test a plan that best meets your organization's or department's demands.

Cybersecurity and IT-related disaster recovery plans can involve many working parts, from preparation and anticipatory planning to talent and resource allocation when an incident occurs. Dovetailing on the core elements mentioned above, here are some of the key considerations to keep in mind when creating a disaster recovery plan:

  • Assemble Your Team: Determine the roles and responsibilities across all members of your team as well as various departments within the organization. In short, everyone should know their duties as part of the disaster recovery plan.
  • Develop an Incident Management Plan: This should be a comprehensive documentation of the procedures used to pinpoint and report threats and cyber attacks, including incident response , investigation, and recovery procedures.
  • Conduct a Business Impact Analysis (BIA): This type of analysis , which helps inform the priorities and objectives of disaster recovery, focuses on identifying the critical systems, assets, and processes essential to the organization and its operations.
  • Establish a Recovery Point Objective (RPO): This metric defines the maximum acceptable amount of data loss measured in time. In the wake of a disaster or disruption, an RPO is a point in time or condition at which an organization's data or systems must be recovered to return to a normal, operable state.
  • Determine a Recovery Time Objective (RTO): This metric determines the maximum acceptable time an organization's operations can be down after a disaster. RTO represents the target duration time for restoring systems and infrastructure to an operational state.
  • - Dependencies: Determine the systems and processes that are dependent on one another and how they interact. This ensures that recovery efforts won’t cause additional problems.
  • - Key Vendors: Identify all critical vendors and partners for your organization's operations. Determine a plan to maintain continuity with these parties in a disaster.
  • - Sites and Locations: If geography and physical infrastructure are affected, your plan should detail the recovery locations, including primary and secondary alternatives.
  • - Recovery Procedures: Identify and document the procedures and tools that will be used to recover compromised systems, applications, and data based on specific types of attacks and cybersecurity threats .
  • - Communication Procedures: Determine what alternative technologies you’ll use to communicate, especially if primary communication systems are unavailable. Also, consider the messaging strategy to relay information to customers, partners, and employees.
  • - Testing Protocols: Document the testing protocols used to assess your plan's efficacy and each protocol's specific steps. This should also include the cadence and scope of testing.
  • Consistently Test the Disaster Recovery Plan: As part of assembling your team and having proper procedures in place, it's important to schedule regular testing and ensure your plan effectively handles all potential cyber attacks, errors, and disasters.
  • Regularly Review and Update the Plan: Evaluate and revise the disaster recovery plan to ensure it's up-to-date with the organization's changing needs and the evolving landscape of cybersecurity threats.

The effectiveness of a disaster recovery plan is only as good as its team. Depending on the organization's size and complexity, certain professionals are integral to a disaster recovery team. Some teams include highly specialized roles like cybersecurity engineers, incident and intrusion analysts, vulnerability analysts, security analysts , and IT auditors. But in many cases, the team is a combination of professionals within the organization's greater IT ecosystem.

Chief Information Security Officer

In larger enterprise environments with sophisticated IT systems, the CISO is responsible for the organization's overall cybersecurity strategy. They help lead disaster recovery efforts and oversee all information systems and data to protect them from cyber attacks.

IT Security Team

Often seen as the specialized support crew under the CISO's wing, the IT security team monitors and protects the organization's networks and systems. They're usually the first line of defense in mitigating cyber attacks and executing incident response processes.

Network Administrators

These professionals may have more diversified roles in maintaining and securing the organization's networks, servers, and other infrastructure. Network admins may play a critical role in cybersecurity and disaster recovery for smaller operations.

IT Operations and Support

While not always directly responsible for security monitoring and incident response, these IT professionals help run an organization's servers, data storage, and other hardware systems. They may also be responsible for tech support and issue troubleshooting, making the assets to any disaster recovery team.

Risk Management Experts

These specialists assess and manage the organization's risk related to cyber attacks and other IT threats. They're effective in helping predict and simulate potential attacks to identify vulnerabilities, and they help suggest improvements to prevent real-world attacks.

Legal and Compliance

These professionals work within a disaster recovery to ensure that the organization's incident response strategies and recovery efforts comply with specific legal and regulatory requirements.

Crisis Communications, Media, and Public Relations

Often a separate department that remains integrated with disaster recovery efforts, an organization's PR and media team relay news, findings, and updates to key stakeholders surrounding an incident.

Business Continuity Plan (BCP) Manager

This dedicated role is designated to a qualified professional who can develop, maintain, and implement an organization's continuity plan amid a disaster, ensuring operations proceed as anticipated. BCP managers are also responsible for regularly testing and updating the plan as needed.

In smaller businesses, one person may adopt the duties of multiple roles. However, these roles may be highly individualized in larger organizations, with specialized talent allocated to particular responsibilities.

Disaster recovery testing is a fundamental component of an organization's business continuity and disaster recovery plan. It involves simulating a disaster, like a cyber attack like ransomware , data breach, power outage, or natural disaster, to assess an organization's ability to regain control over its IT systems.

Disaster recovery testing can help identify any weaknesses or gaps in an organization's plan and ensure the strategic processes effectively restore critical systems and data in the event of an incident. This type of testing can be implemented through various methods, including walk-through tests, functional tests, tabletop exercises, and full-interruption simulations.

Disasters come in different forms and threaten the health and stability of various systems and assets. Some of the most common types of disaster recovery and the strategic initiative behind them include:

Data Center Disaster Recovery

This form of disaster recovery targets the security of physical IT infrastructure and data backups. Strategies here involve utilizing a failover site at a secondary location to maintain operational continuity during a disaster.

Cloud Disaster Recovery

A critical component of any cloud-based disaster recovery plan, the strategies here leverage cloud solutions to replicate and host an organization's virtual and physical servers. This disaster recovery approach provides automatic workload failover to a public cloud in the event of a disaster, thereby eliminating the need for a secondary location.

Network Disaster Recovery

Network operability is vital to maintain data sharing, application access, and communication when threats strike. This component focuses on having backup data and sites in place and a plan to regain control over network services.

Virtualized Disaster Recovery

Virtualized disaster recovery is a set of strategies designed to replicate workloads to an alternative cloud or physical location. This process provides cybersecurity teams with greater flexibility, efficiency, and ease of implementation.

Disaster Recovery as a Service

DRaaS is a commercial service provided by outsourced third parties that duplicate and host an organization's virtual and physical servers. The third party takes ownership of implementing and managing the most appropriate disaster recovery strategy and plan.

While related and interwoven within an organization's cybersecurity operations, both disaster recovery and business continuity are two different things. Disaster recovery is a set of procedures focused on restoring data access and IT infrastructure after a disaster. Business continuity centers on keeping the organization's operations running during a disaster.

Disaster recovery planning orchestrates the team to restore systems and data effectively after a disaster or attack. Business continuity planning focuses on maintaining functional operations during the incident.

The underlying goal of disaster recovery is to minimize the damages of a disaster and help the organization return to standard operations as quickly as possible. The goal of business continuity is to enable the organization to continue operating internally and provide services to customers, vendors, and partners, even in the face of a disaster.

Both disaster recovery and incident management are similar concepts but are fundamentally different. Incident management focuses on responding to and resolving single incidents, while disaster-recovery plans focus on restoring operations for the entire organization.

Incident management is a more granular subset of disaster recovery that tackles the immediate response to a particular incident to restore normal operations as timely as possible.

As a leader in enterprise cybersecurity solutions, Proofpoint specializes in data protection, recovery, and business continuity resources for a range of organizations and industries. Proofpoint can help your team establish a disaster recovery plan and support systems to remediate any lost data and restore systems for continued business productivity and minimized downtime.

Learn more about the solutions and capabilities of Proofpoint .

Security Awareness Training During A Crisis

Proofpoint essentials: emergency inbox, what is data protection.

Data protection is meant to safeguard information from compromise and loss. Learn what data protection is, why it matters, what to consider, and more.

what is a disaster recovery plan it

Whether your industry faces challenges from geopolitical strife, fallout from a global pandemic or rising aggression in the cybersecurity space, the threat vector for modern enterprises is undeniably powerful. Disaster recovery strategies provide the framework for team members to get a business back up and running after an unplanned event.

Worldwide, the popularity of disaster recovery strategies is understandably increasing. Last year, companies spent USD 219 billion on  cybersecurity  and solutions alone, a 12% increase from 2022,  according to a recent report by the International Data Corporation (IDC)  (link resides outside ibm.com).

A disaster recovery strategy lays out how your businesses will respond to a number of unplanned incidents. Strong disaster recovery strategies consist of disaster recovery plans (DR plans), business continuity plans (BCPs) and incident response plans (IRPs). Together, these documents help ensure businesses are prepared to face a variety of threats including power outages,  ransomware  and  malware  attacks, natural disasters and many more.

What is a disaster recovery plan (DRP)?

Disaster recovery plans (DRPs) are detailed documents describing how companies will respond to different types of disasters. Typically, companies either build DRPs themselves or outsource their disaster recovery process to a third-party DRP vendor. Along with business continuity plans (BCPs) and incident response plans (IRPs), DRPs play a critical role in the effectiveness of disaster recovery strategy.

What are business continuity plans and incident response plans?

Like DRPs, BCPs and IRPs are both parts of a larger disaster recovery strategy that a business can rely on to help restore normal operations in the event of a disaster. BCPs typically take a broader look at threats and resolution options than DRPs, focusing on what a company needs to restore connectivity. IRPs are a type of DRP that focuses exclusively on  cyberattacks  and threats to IT systems. IRPs clearly outline an organization’s real-time emergency response from the moment a threat is detected through its mitigation and resolution. 

Why having a disaster recovery strategy is important

Disasters can impact businesses in different ways, causing all kinds of complex problems. From an earthquake that affects physical infrastructure and worker safety to a cloud services outage that closes off access to sensitive data storage and customer services, having a sound disaster recovery strategy helps ensure businesses will recover quickly. Here are some of the greatest benefits of building a strong disaster recovery strategy:

  • Maintaining business continuity:  Business continuity and  business continuity disaster recovery (BCDR)  help ensure organizations return to normal operations after an unplanned event, providing data protection, data backup and other critical services.
  • Reducing costs:  According to  IBM’s recent Cost of Data Breach Report , the average cost of a data breach in 2023 was USD 4.45 million—a 15% increase over the last 3 years. Enterprises without disaster recovery strategies in place are risking costs and penalties that could far outweigh the money saved by not investing in the solution.
  • Incurring less downtime:  Modern enterprises rely on complex technologies like cloud-based infrastructure solutions and cellular networks. When an unplanned incident disrupts business operations, it can cost millions. Additionally, the high-profile nature of cyberattacks, lengthy downtime, or human-error-related interruptions can cause customers and investors to flee.
  • Maintaining compliance:  Businesses that operate in heavily regulated sectors like healthcare and personal finance face heavy fines and penalties for data breaches because of the critical nature of the data they manage. Having a strong disaster recovery strategy helps shorten response and recovery processes after an unplanned incident, which is critical in sectors where the amount of financial penalty is often tied to the duration of the breach.

How disaster recovery strategies work

The strongest disaster recovery strategies prepare businesses to face a wide variety of threats. A strong template for restoring normal operations can help build investor and customer confidence and increase the likelihood you will recover from whatever threats your business faces. Before we get into the actual components of disaster recovery strategies, let’s look at a few key terms.

  • Failover /failback:  Failover is a widely used process in IT disaster recovery where operations are moved to a secondary system when a primary one fails due to a power outage, cyberattack or other threat. Failback is the process of switching back to the original system once normal processes have been restored. For example, a business could failover from its  data center  onto a secondary site where a redundant system will kick in instantly. If executed properly, failover/failback can create a seamless experience where a user/customer isn’t even aware they are being moved to a secondary system.
  • Recovery time objective  (RTO):  RTO refers to the amount of time it takes to restore business operations after an unplanned incident. Establishing a reasonable RTO is one of the first things businesses need do when they’re creating their disaster recovery strategy.  
  • Recovery point objective  (RPO):  Your business’ RPO is the amount of data it can afford to lose and still recover. Some enterprises constantly copy data to a remote data center to ensure continuity. Others set a tolerable RPO of a few minutes (or even hours) and know they will be able to recover from whatever was lost during that time.
  • Disaster Recovery-as-a-Service (DRaaS):  DRaaS  is an approach to disaster recovery that’s been gaining popularity due to a growing awareness around the importance of data security. Companies that take a DRaaS approach to disaster recovery are essentially outsourcing their disaster recovery plans (DRPs) to a third party. This third party hosts and manages the necessary infrastructure for recovery, then creates and manages response plans and ensures a swift resumption of business-critical operations.  According to a recent report by Global Market Insights (GMI)  (link resides outside ibm.com), the market size for DRaaS was USD 11.5 billion in 2022 and was poised to grow by 22% in the years ahead.

Five steps to creating a strong disaster recovery strategy

Disaster recovery planning starts with a deep analysis of your most critical business processes—known as business impact analysis (BIA) and risk assessment (RA). While every business is different and will have unique requirements, there are several steps you can take regardless of your size or industry that will help ensure effective disaster recovery planning.

Step 1: Conduct a business impact analysis

Business impact analysis (BIA) is a careful assessment of every threat your company faces, along with the possible outcomes. Strong BIA looks at how threats might impact daily operations, communication channels, worker safety and other critical parts of your business. Examples of a few factors to consider when conducting BIA include loss of revenue, length and cost of downtime, cost of reputational repair (public relations), loss of customer or investor confidence (short and long term), and any penalties you might face because of compliance violations caused by an interruption.

Step 2: Perform a risk analysis

Threats vary greatly depending on your industry and the type of business you run. Conducting sound risk analysis (RA) is a critical step in crafting your strategy. You can assess each potential threat separately by considering two things——the likelihood it will occur and its potential impact on business operations. There are two widely used methods for this: qualitative and quantitative risk analysis. Qualitative risk analysis is based on perceived risk and quantitative analysis is performed using verifiable data.

Step 3: Create your asset inventory

Disaster recovery relies on having a complete picture of every asset your enterprise owns. This includes hardware, software, IT infrastructure, data and anything else that’s critical to your business operations. Here are three widely used labels for categorizing your assets:

  • Critical:  Only label assets critical if they are required for normal business operations.
  • Important:  Assign this label to assets your business uses at least once a day and, if disrupted, would have an impact on business operations (but not shut them down entirely).
  • Unimportant:  These are assets your business uses infrequently that are not essential for normal business operations.

Step 4: Establish roles and responsibilities 

Clearly assigning roles and responsibilities is arguably the most important part of a disaster recovery strategy. Without it, no one will know what to do in the event of a disaster. While actual roles and responsibilities vary greatly according to company size, industry and type of business, there are a few roles and responsibilities that every recovery strategy should contain:

  • Incident reporter:  An individual who is responsible for communicating with stakeholders and relevant authorities when disruptive events occur and maintaining up-to-date contact information for all relevant parties.
  • Disaster recovery plan manager:  Your DRP manager ensures disaster recovery team members perform the tasks they’ve been assigned and that the strategy you put in place runs smoothly. 
  • Asset manager:  You should assign someone the role of securing and protecting critical assets when a disaster strikes and reporting back on their status throughout the incident.

Step 5: Test and refine

To ensure your disaster recovery strategy is sound, you’ll need to practice it constantly and regularly update it according to any meaningful changes. For example, if your company acquires new assets after the formation of your DRP strategy, they will need to be folded into your plan to ensure they are protected going forward. Testing and refinement of your disaster recovery strategy can be broken down into three simple steps:

  • Create an accurate simulation:  When rehearsing your DRP, try to create an environment as close to the actual scenario your company will face without putting anyone at physical risk.
  • Identify problems:  Use the DRP testing process to identify faults and inconsistencies with your plan, simplify processes and address any issues with your backup procedures.
  • Test your disaster recovery procedures:  Seeing how you’ll respond to an incident is vital, but it’s just as important to test the procedures you’ve put in place for restoring critical systems once the incident is over. Test how you’ll turn networks back on, recover any lost data and resume normal business operations. 

Disaster recovery solutions

Modern enterprises rely more than ever on technology to serve their customers. Even minor outages can cause critical downtime and impact customer and investor confidence. The IBM FlashSystem Cyber Recovery Guarantee is designed for anyone who purchases a new FlashSystem Array with IBM Storage expert care and IBM Storage Insights Pro.

More from Cloud

Innovation with ibm® linuxone.

4 min read - The IBM® LinuxONE server leverages six decades of IBM expertise in engineering infrastructure for the modern enterprise to provide a purpose-built Linux server for transaction and data-serving. As such, IBM LinuxONE is built to deliver security, scalability, reliability and performance, while it’s engineered to offer efficient use of datacenter power and footprint for sustainable and cost-effective cloud computing. We are now on our fourth generation of IBM LinuxONE servers with the IBM LinuxONE Emperor 4 (available since September 2022), and IBM…

6 ways to elevate the Salesforce experience for your users

3 min read - Customers and partners that interact with your business, as well as the employees who engage them, all expect a modern, digital experience. According to the Salesforce Report, nearly 90% Of buyers say the experience a company provides matters as much as products or services. Whether using Experience Cloud, Sales Cloud, or Service Cloud, your Salesforce user experience should be seamless, personalized and hyper-relevant, reflecting all the right context behind every interaction. At the same time, Salesforce is a big investment,…

IBM Tech Now: February 12, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 92 On this episode, we're covering the following topics: The GRAMMYs + IBM watsonx Audio-jacking with generative AI Stay plugged in You can check out the IBM Blog Announcements for a full rundown of…

Public cloud vs. private cloud vs. hybrid cloud: What’s the difference?

7 min read - It’s hard to imagine a business world without cloud computing. There would be no e-commerce, remote work capabilities or the IT infrastructure framework needed to support emerging technologies like generative AI and quantum computing.  Determining the best cloud computing architecture for enterprise business is critical for overall success. That’s why it is essential to compare the different functionalities of private cloud versus public cloud versus hybrid cloud. Today, these three cloud architecture models are not mutually exclusive; instead, they work…

IBM Newsletters

United Kingdom

Today’s Multi-Cloud Reality: Cloud Chaos

87% of enterprises use two or more cloud environments to run their applications. multi-cloud accelerates digital transformation, but also introduces complexity and risk, resulting in a chaotic reality for many organizations., conquer cloud chaos with vmware cross-cloud services.

VMware is addressing cloud chaos with our portfolio of multi-cloud services, VMware Cross-Cloud services, which enable you to build, run, manage, secure, and access applications consistently across cloud environments. With VMware Cross-Cloud services, you can address cloud chaos and shift to a cloud smart approach – one where you can choose the best environment for every application, without multiplying your complexity.

Anywhere Workspace

Access Any App on Any Device Securely

App Platform

Build and Operate Cloud Native Apps

Cloud & Edge Infrastructure

Run Enterprise Apps Anywhere

  • Telco Cloud

Cloud Management

Automate and Optimize Apps and Clouds

Desktop Hypervisor

Manage apps in a local virtualization sandbox

  • Fusion for Mac
  • Workstation Player
  • Workstation Pro

Security & Networking

Connect and Secure Apps and Clouds

Run VMware on any Cloud. Any Environment. Anywhere.

On public & hybrid clouds.

alibaba

On Private & Local Clouds

emc

Anywhere Workspace Access Any App on Any Device Securely

App platform build and operate cloud native apps, cloud infrastructure run enterprise apps anywhere, cloud management automate and optimize apps and clouds, edge infrastructure enable the multi-cloud edge, networking enable connectivity for apps and clouds, security secure apps and clouds, by industry.

  • Communications Service Providers
  • Department of Defense
  • Federal Government
  • Financial Services
  • Healthcare Providers
  • State and Local Government

VMware AI Solutions

Accelerate and ensure the success of your generative AI initiatives with multi-cloud flexibility, choice, privacy and control.

For Customers

  • Find a Cloud Provider
  • Find a Partner
  • VMware Marketplace
  • Work with a Partner

For Partners

  • Become a Cloud Provider
  • Cloud Partner Navigator
  • Get Cloud Verified
  • Learning and Selling Resources
  • Partner Connect Login
  • Partner Executive Edge
  • Technology Partner Hub
  • Work with VMware

Working Together with Partners for Customer Success

See how we work with a global partner to help companies prepare for multi-cloud.

Tools & Training

  • VMware Customer Connect
  • VMware Trust Center
  • Learning & Certification
  • Product Downloads
  • Product Trials
  • Cloud Services Engagement Platform
  • Hands-on Labs
  • Professional Services
  • Customer Success
  • Support Offerings
  • Support Customer Welcome Center

Marketplace

  • Cloud Marketplace
  • VMware Video Library
  • VMware Explore Video Library

Blogs & Communities

  • News & Stories
  • Communities
  • Customer Stories
  • VMware Explore
  • All Events & Webcasts
  • Topics 
  • VMware Glossary 
  • Content 
  • Disaster Recovery Planning

What is a disaster recovery plan?

A disaster recovery plan is the preparation of a strategy for restoring IT systems following an unexpected outage. The goal of disaster recovery planning, which is a component of business continuity , is to ensure that businesses can perform disaster recovery efficiently and return to normal operations as quickly as possible in the wake of a disruption. Disaster recovery planning also helps to minimize the cost of disruptions and the harm that they cause to the business's brand.

Disaster recovery plans can address any type of disruption, including equipment failures, cyber-attacks, power outages, accidental data deletion and any other event that could render an organization's IT systems and services unusable.

what is a disaster recovery plan it

App Mobility & Disaster Recovery with NSX

what is a disaster recovery plan it

The VMware Guide to Disaster Recovery Readiness

Why is a disaster recovery plan important.

Recovering IT systems from major disasters often requires complex operations and the coordination of multiple stakeholders. Coupled with the fact that it is impossible to know when a disaster will occur or which form it will take, the complexity of recovery operations means that planning ahead is essential for restoring systems efficiently and quickly.

Benefits of a disaster recovery plan

With a disaster recovery plan, businesses can minimize the risk that an unexpected disruption will cause significant financial harm or bring normal business operations to a standstill for a long time. In addition, recovery planning helps ensure that staff can return to their normal responsibilities as rapidly as possible in the wake of a disruption.

What are the key steps of a disaster recovery plan?

To develop an effective disaster recovery plan, businesses should:

  • Designate a recovery team: Determine who will be responsible for helping restore systems and maintain business continuity after a disruption, and what each team member's specific responsibilities will entail. When formulating a recovery team, be sure to include not just IT experts who can perform system recovery, but also representatives of other parts of the business who have a role to play during recovery operations. For example, including a Public Relations representative helps ensure that the business can manage communications with the public about the anticipated duration of a disruption. Assigning a disaster recovery leader to oversee recovery operations and to make executive decisions is important, too.
  • Evaluate and prioritize risks: Assess the systems and services that your business depends on and identify those that are most critical. You can then prioritize those assets when developing recovery plans. For example, recovering customer-facing applications hosted in a production environment is likely to be more important than recovering a dev/test environment, and this prioritization should be reflected in your recovery plan.
  • Develop recovery plans and procedures: Once you know which systems you will need to recover and which ones to prioritize, develop recovery plans that spell out how your disaster recovery team will go about restoring systems. The plans should specify in as much detail as possible which technical procedures to follow to restore systems. Where possible, the plans may also include mitigation measures – such as disabling some services within a failed application to get the application back up and running, albeit with limited functionality – that your team can apply to reduce the impact of an outage while it works to achieve complete recovery. Be sure as well to plan for the possibility that normal communications systems will become unavailable during a disaster, requiring your team to have a fallback communications solution in place.
  • Design and implement backups: Disaster recovery plans typically depend on the availability of backup data, which engineers can use to restore information lost during a disruption. Thus, you should determine which backups your team will require to implement its recovery plans, as well as how often your organization should perform backups to meet its recovery goals. The two key factors to consider in this regard are Recovery Time Objective (RTO), which identifies how long systems can remain non-operational following a failure, and Recovery Point Objective (RPO), which measures how much data loss your business can tolerate due to a disaster. The more stringent your RTO and RPO requirements, the more frequently you will need to perform backups.
  • Test and optimize recovery plans: Disaster recovery plan testing is critical for ensuring that your recovery team can carry out recovery plans as intended. Testing also provides an opportunity to identify shortcomings, such as lack of clarity about how to perform a recovery process and address them before a real disaster strikes.

Given that it is impossible to know in advance exactly which types of disasters your business may encounter, there is no way to guarantee that your recovery plans fully address all potential disruptions. However, by following the procedures outlined above, businesses can prepare to address most disruptions in a way that minimizes the harm they cause.

How does VMware help?

With disaster recovery planning, businesses gain:

  • Preset roles and processes that define who should do what during disaster recovery. By establishing these policies in advance of a disruption, organizations avoid having to waste precious time on formulating recovery plans during a disaster.
  • The ability to determine ahead of time which systems and/or data to prioritize during disaster recovery to minimize the financial and operational impact of a disaster.
  • Recovery plans that can be tested ahead of time to ensure they deliver the intended results, and to identify opportunities to improve or optimize recovery strategies.
  • A plan for maintaining communication between stakeholders if normal communication channels, such as email or instant messaging systems, go offline.

VMware's suite of disaster recovery solutions helps organizations achieve these advantages. VMware NSX and VMware HCX make it easy to move, rebalance and migrate workloads within and across data centers and clouds with the simplicity of a network software overlay, improving the consistency, repeatability, and resilience of your applications. VMware Site Recovery Manager (SRM) automates complex recovery operations, helping teams to implement recovery plans as quickly and efficiently as possible. In addition, VMware Cloud Disaster Recovery offers a SaaS-based solution for planning and coordinating recovery operations across any type of major cloud architecture or environment.

Recommended for You

  • Disaster Recovery
  • Disaster recovery as a service
  • Business continuity
  • Business continuity plan

Related Solutions and Products

App mobility, migration and disaster recovery with nsx.

Simplify your disaster recovery and avoidance architecture with consistent networking and security policies across locations.

VMware Site Recovery Manager (SRM)

Minimize downtime with automated recovery orchestration and policy-based recovery management.

VMware Cloud Disaster Recovery

Leverage SaaS-based disaster recovery to simplify recovery operations across any type of cloud architecture or environment.

  • What is a Business Continuity Plan (BCP)?
  • What is Disaster Recovery? - Definition & Benefits
  • What is Disaster Recovery as a Service (DRaaS)

What is a Disaster Recovery Plan and Why is it Important?

BACKGROUND IMAGE TEMPLATE - Nexstor (2) (1)

Computer usage has increased by more than 1,000% over the last two decades and shows no sign of slowing down. 1 This has made data protection essential, and in a world where digital access is a must, time lost from a system crash can have catastrophic consequences for business processes.

Downtime can result in significant financial losses, with Gartner estimating that it costs the average company around $5,600 a minute. 2 On top of that, downtime and data loss can spell disaster for the remote teams organisations work hard to support. 

So, how do you recover from a disaster quickly and effectively? The better question is, how do you plan for it? Disaster recovery isn’t an easy conversation, and there are certainly other things businesses would prefer to allocate time and resources to, but wise investments now can prevent negative outcomes down the road. 

Today we’re going to take a closer look at benefits of disaster recovery plans, what they are, and what the future of disaster recovery looks like. But first, let’s get a little background.

Image of DR Plan

What is a disaster recovery plan?

A disaster recovery plan, or DRP, is a formal document created by an organisation that details how to respond to various types of disasters. This will typically include things like power outages, cyber-attacks, including ransomware , and a range of other disruptive events.

The best DRPs go beyond simply restoring data that has been lost. Good plans aim for quick restorations to key systems like:

  • Hardware infrastructure
  • Software applications that may have been damaged
  • HVAC and other key building access systems

Why is a disaster recovery plan important?

A disaster recovery plan is essential in keeping an organisation’s data accessible and protected. If a clear DRP isn’t in place businesses leave themselves open to a number of threats, including:

  • Lost revenue: Financial losses of some kind are inevitable when downtime occurs, but effective planning can reduce the impact significantly.
  • Brand damage: One of the hardest things to recover from as a brand is bad publicity.
  • Dissatisfied customers: Keeping customers happy should be your number one priority — if a customer can’t get what they need from you they will go elsewhere to get it.

Remember, the longer your recovery time after a disaster, the greater the impact to the company.

Benefits of a disaster recovery plan

For now, let’s focus on some of the benefits that your business can access by creating and implementing an effective DRP. These are wide-ranging and numerous, but the most significant include:

  • Cost efficiency: This is where long-term implications outweigh short-term expenditures. It is more cost-effective for your business to mitigate against possible threats rather than accept the costs of prolonged downtime.
  • Increased productivity: Part of a DRP includes regular checks of your entire system. Whether threats are detected or not, there is, at minimum, going to be some actionable insight gleaned from these exercises — insight that will lead to more efficient processes and inevitably increase productivity.
  • Better customer retention: Your customers are your number one priority, and they aren’t going to stick around and wait for you to get it right. A single event could cause a significant loss of customers, but an effective DRP works to prevent this.
  • Flexibilty: An effective plan gives ogranisations the agility they need to respond rapidly in the event of a disaster. On top of that, cloud-based solutions allow organisations to restore critical data and systems to any location.

Now that we know what a disaster recovery plan is and why they are so important to businesses, let’s look at how these plans are created.

What should a disaster recovery plan include?

Whilst disaster recovery plans will inevitably vary from one organisation to another, there are 7 core phases to consider when you come to develop a plan for your organisation. These are:

  • Vulnerability Assessment: You want to begin with a vulnerability assessment that will help you gauge where you are and outline what you may need moving forward.
  • Organisational Impact Assessment: Also referred to as a business impact analysis, or BIA, this assessment is essentially a quantifying exercise into how well prepared your system currently is to withstand threats. This ends in an actionable insight report, personalised to your organisations’ needs.
  • Defining: In this phase you need to outline the specifics (i.e. requirements and continuity, recovery plans and restoration goals)
  • Subplans: This is where brainstorming comes into play. When considering what plans to implement, make sure they fit to the needs of your specific needs as these will vary.
  • Create the DRP: Now the research is over, the budget has been considered and it is time to create your DRP, which includes any subplans created in phase 4 above.
  • Testing: This phase fairly is self-explanatory, but it does include checks at regular intervals, whether a problem is detected or not.
  • Maintenance: Once you’ve spent the time creating a comprehensive plan, regular maintenance of that plan will ensure you’re ready for future growth.

Now that you know how to create a plan and understand why one is needed, it’s time to carefully consider all of your options.

Introducing Disaster Recovery as a Service (DRaaS)

One such option is investing in a third-party service model known as Disaster Recovery as a Service (DRaaS). This approach uses disaster recovery software to mirror your data and applications, either on-site or in a cloud-hosting platform, so they are easily available and accessible for data restoration following a disaster.

In simple terms, this takes the form of a disaster recovery plan tailored to provide you and your organisation with peace of mind by significantly reducing the amount of downtime you experience when an unexpected disaster occurs.

While it is an investment that deserves careful attention, it usually is administered as a service level agreement that offers pay-as-you-go options. Organisations that offer DRaaS services can be a great asset to smaller companies that have limited access to robust IT teams in-house.

There are various benefits that come with DRaaS, but the most crucial to consider are:

  • Rapid recovery: By agreeing on a rapid recovery time objective (RTO) before signing a service user agreement, you guarantee that your business will be backed up and running in a limited period when disaster strikes.
  • Scalability: With DRaaS, you can continually review your needs and make changes whenever deemed necessary.
  • Enhanced security: Disaster Recovery as a Service offers a secure infrastructure backup, especially when you work with providers who offer encrypted data storage.
  • Cost-effectiveness: Set payments for DRaaS will vary in each unique agreement, but these solutions offer significant savings compared with attempting to create an in-house recovery infrastructure.

Get started with DRaaS

Disaster recovery is a perfect example of investing time, money, and resources now to avoid potentially disastrous consequences later on. Putting a plan together can however be a cumbersome and complex process.

While DRaaS looks set to be the future of disaster recovery , it’s important to remember that poor decisions around DRaaS can also negatively impact your business. That’s why, to ensure DRaaS and disaster recovery work for you, you should consider consulting with professionals who can guide you through the decision-making process. 

Through partnerships such as these, you can develop a comprehensive business continuity plan you can rely on, and identify a DRaaS provider that truly meets your organisation’s specific requirements.

Don’t wait until disaster strikes. Get in touch with Nexstor and start planning today!

what is a disaster recovery plan it

1   Key Internet Statistics to Know in 2022 (Including Mobile)

2   The Cost of Downtime

Recent Posts

  • HPE Alletra MP: The Future of Data Management is Here
  • Zerto & HPE: A Monumental Acquisition Driving Ransomware Resilience
  • Arctic Wolf
  • HPE GreenLake Explained: Features, Use Cases and FAQs
  • HPE GreenLake vs Dell APEX: Which Solution is Right for You?

Post By Topics

  • Backup Archive Data Recovery
  • HIM – Blog
  • HIM – Videos
  • Support & Maintenance
  • Virtualisation Connectivity

what is a disaster recovery plan it

Rob Townsend

Subscribe to receive the latest content from nexstor.

By clicking subscribe you accept our terms and conditions and privacy policy. We always treat you and your data with respect and we won't share it with anyone. You can always unsubscribe at the bottom of every email.

Privacy Overview

How to Write a Disaster Recovery Plan + Template

Table of Contents

What is a disaster recovery plan?

Disaster recovery plan vs business continuity plan, what are the measures included in a disaster recovery plan, how to write a disaster recovery plan, disaster recovery plan template, disaster recovery plan examples, how secureframe can help your disaster recovery planning efforts.

what is a disaster recovery plan it

  • July 27, 2023

Anna Fitzgerald

Senior Content Marketing Manager at Secureframe

Cavan Leung

Senior Compliance Manager at Secureframe

A study found that only 54% of organizations have a company-wide disaster recovery plan in place. This percentage is even lower for government IT departments (36%) despite the proliferation of ransomware and other cyber threats. 

Not having a documented disaster recovery plan can seriously hamper an organization’s ability to recover lost data and restore its critical systems. This can result in significantly higher financial losses and reputational damage.

To help ensure your organization can recover from disaster as swiftly and easily as possible, learn what exactly a disaster recovery plan is and how to write one. Plus, find some examples and a template to help get you started.

A disaster recovery plan (DRP) is a document that outlines the procedures an organization will follow to recover and restore its critical systems, operations, and data after a disaster. Examples of disasters that may disrupt the continuity of product or service delivery are natural disasters, cyber attacks, hardware failures, and human errors. 

In planning for disaster recovery, what is the ultimate goal?

The ultimate goal of disaster recovery planning is to minimize the impact of a disaster, and ensure business continuity.

Having a disaster recovery plan in place that is well-designed and regularly maintained can help organizations:

  • minimize downtime
  • reduce financial losses
  • protect critical data
  • resume operations quickly 
  • provide peace of mind for employees

A disaster recovery plan and business continuity plan both take a proactive approach to minimize the impact of a disaster before it occurs and may even be combined into a single document as a result. 

However, the key difference is that a disaster recovery plan focuses on limiting abnormal or inefficient system function by restoring it as quickly as possible after a disaster, whereas a business continuity plan focuses on limiting operational downtime by maintaining operations during a disaster. 

In other words, a disaster recovery strategy helps to ensure an organization returns to full functionality after a disaster occurs whereas a business continuity plan helps an organization to keep operating at some capacity during a disaster. That’s why organizations need to have both documents in place, or need to incorporate disaster recovery strategies as part of their overall business continuity plan. 

Recommended reading

what is a disaster recovery plan it

How to Write a Business Continuity Plan & Why It’s Important for a SOC 2 Audit [+ Template]

Just as no two businesses are the same, no two disaster recovery plans are. However, they do typically include some common measures. These are detailed below.

  • Data backup and recovery

A section of a DRP should be dedicated to data backup and recovery. This should list backup methods, frequency of backups, the storage locations, and the procedures for data restoration.

  • Redundant systems and infrastructure

Another section may explain how the organization implements redundant systems and infrastructure to ensure high availability and minimize downtime if a disaster occurs. This may involve duplicating critical servers, network equipment, power supplies, and storage devices using clustering, load balancing, failover mechanisms, virtualization technologies, or other measures. 

Alternate worksite

A DRP may identify alternative worksites or recovery locations where the organization can operate if the primary site becomes inaccessible. This section should also define procedures and infrastructure needed to quickly transition operations to the identified alternate sites.

  • Communication and notification

Another part of DRP may define communication protocols and notification procedures to ensure communication during and after a disaster. Protocols and procedures typically include:

  • notifying employees, customers, vendors, and stakeholders about the disaster
  • providing updates on recovery progress
  • maintaining contact information for key personnel and emergency services

Recovery objectives

A DRP may set acceptable time frames for recovering systems and data in terms of recovery time objectives (RTO) and recovery point objectives (RPO). These objectives should be based on the criticality of systems and shape recovery strategies accordingly. 

  • RTO : The maximum amount of downtime allowed
  • RPO : The maximum loss of data accepted (measured in time)

what is a disaster recovery plan it

The 10 Most Important Cybersecurity Metrics & KPIs for CISOs to Track

Writing and maintaining a disaster recovery plan requires collaboration and coordination among key stakeholders across an organization and can seem intimidating. Below we’ll outline the process step by step to help you get started. 

what is a disaster recovery plan it

1. Define the plan’s objectives and scope

To start, define the objectives and scope of your disaster recovery plan.

Objectives may include:

  • safeguarding employees’ lives and company assets
  • making a financial and operational assessment
  • securing data
  • quickly recovering operations

Next, identify what and who the plan applies. Typically, assets utilized by employees and contractors acting on behalf of the company or accessing its applications, infrastructure, systems, or data fall within the scope of the disaster recovery plan. In this case, employees and contractors are required to review and accept the plan. 

2. Perform a risk assessment

Identify potential risks and vulnerabilities that could lead to a disaster, both internal and external to the organization. This should involve evaluating your reliance on external vendors and suppliers for critical services or resources and assessing their own disaster recovery capabilities to ensure they align with your organization's requirements.

3. Perform a business impact analysis

Next, determine the business functions, processes, systems, and data that are essential for your organization's operations. For each critical component, establish recovery time objectives and recovery point objectives. 

4. Define recovery measures and procedures

Define the appropriate measures and step-by-step procedures for disaster recovery based on the risks and business impact you identified. This includes identifying the individuals or teams responsible for recovery tasks, the resources required, and the order of recovery tasks.

As stated above, these recovery tasks may fall into the following categories:

  • Alternative worksite

You may also want to outline emergency procedures. These are the actions that should be taken during and immediately after a disaster occurs, and may include evacuation plans and communication protocols and coordination with emergency services.

5. Conduct testing and training regularly

Regularly test the disaster recovery plan to ensure its effectiveness and identify any potential gaps or weaknesses. Conduct training sessions for employees to familiarize them with their roles and responsibilities during a disaster.

6. Review and update the plan regularly

Review and update the disaster recovery plan periodically to incorporate changes in technology, business operations, and potential risks. Ensure that contact information, system configurations, and other relevant details are up to date.

Use this template to kick off your disaster recovery planning and customize it based on your organization's specific risks and objectives.

what is a disaster recovery plan it

Below you can find examples of disaster recovery strategies and procedures from disaster recovery plans created and maintained by universities and other organizations. This should help you in brainstorming and documenting your own recovery strategies and plans for different services, environments, and types of disasters. 

1. IT disaster recovery plan

Southern Oregon University has a comprehensive disaster recovery plan specifically for its IT services because they are so heavily relied upon by faculty, staff, and students. There are disaster recovery processes and procedures outlined for various IT services and infrastructure, including its data center, network infrastructure, enterprise systems, desktop hardware, client applications, classrooms, and labs. 

Some of the IT disaster recovery processes and procedures outlined in the plan are:

  • Secure facility as necessary to prevent personnel injury and further damage to IT systems.
  • Coordinate hardware and software replacement with vendors
  • Verify operational ability of all equipment on-site in the affected area (servers, network equipment, ancillary equipment, etc.). If equipment is not operational, initiate actions to repair or replace as needed.
  • If the data center is not operational or recoverable, contact personnel responsible for the alternate data center and take necessary steps to ready the facility.
  • Retrieve most recent on-site or off-site back-up media for previous three back-ups. Prepare back-up media for transfer to primary or secondary datacenter, as determined during the initial assessment.

2. AWS disaster recovery plan

AWS walks through disaster recovery options in the cloud in this whitepaper . It explains four primary approaches to cloud disaster recovery:

  • Backup and restor e: Backup the data, infrastructure, configuration, and application code of your primary Region and redeploy them in the recovery Region. This is the least costly and complex approach. 
  • Pilot light : Replicate your data from one Region to another and provision a copy of your core workload infrastructure so that you can quickly provision a full scale production environment by switching on and scaling out your application servers if a disaster occurs. This simplifies recovery at the time of a disaster and also minimizes the ongoing cost of disaster recovery by “switching off” some resources until they’re needed.
  • Warm standby : Create and maintain a scaled down, but fully functional, copy of your production environment in another Region. This decreases the time to recovery compared to the pilot light approach, but is more costly because it requires more active resources.  
  • Multi-site active/active : Run your workload simultaneously in multiple Regions so users are able to access your workload in any of the Regions in which it is deployed, which reduces your recovery time to near zero for most disasters. This is the most costly and complex approach. 

3. Data center disaster recovery plan

The University of Iowa also has a comprehensive disaster recovery plan , which includes several processes and procedures for recovering from a disaster that affects its data center. Some of these include: 

  • Have large tarps or plastic sheeting available in the data center ready to cover sensitive electronic equipment in case the building is damaged due to natural disasters like tornadoes, floods, and earthquakes.
  • If replacement equipment is required, make every attempt to replicate the current system configuration.
  • If data is lost, then request that the IT department recover it from an off-site backup or cloud deep archive storage.

Secureframe’s automation compliance platform and in-house compliance expertise can help ensure your organization has the policies, controls, and expertise in place to protect systems proactively from business disaster and to recover if they do occur. Request a demo to learn how.

What are the 5 steps of disaster recovery planning?

The five steps of disaster recovery planning are prevention, mitigation, preparedness, response, and recovery. That means when planning, you should identify measures and actions to:

  • avoid or prevent a disaster from occurring
  • reduce the chances of a disaster occurring or the impact of it
  • enhance your ability to respond when a disaster occurs
  • be carried out immediately before, during, and after a disaster
  • restore your business operations as quickly as possible

What are the 4 C's of disaster recovery?

The 4 C's of disaster recovery are communication, coordination, collaboration, and cooperation. Below are brief definitions of each:

  • Communication  - developing and maintaining effective channels for sharing information before, during, and after disasters
  • Coordination  - aligning actions to other parts of an organization or other organization to prepare for and respond to disasters
  • Cooperation  - working with internal or external parties that share the same goal (ie. responding to and recovering from disasters) and strategies for achieving it
  • Collaboration - partnering with internal or external parties to identify challenges and responsibilities to recover from a disaster as quickly as possible

What are the three types of disaster recovery plans?

Disaster recover plans can be tailored to different services, environments, and types of disasters. So types of disaster recovery plans include ones for IT services, data centers, and cloud environments.

How do you create a good disaster recovery plan?

Creating a good disaster recovery plan requires a few key steps such as:

  • Performing a risk assessment and business impact analysis
  • Setting objectives, including recovery time objectives (RTO) and recovery point objectives (RPO)
  • Creating an inventory of critical assets
  • Defining data backup requirements and recovery strategies
  • Establishing alternate communication methods
  • Assigning specific roles and responsibilities

What are the key elements of a disaster recovery plan?

Key elements of a disaster recovery plan are:

  • Objectives and goals
  • Recovery measures and procedures
  • Testing processes
  • A communication plan
  • Defined disaster recovery stages

IT DRP : how best to plan your company’s recovery from a cyber crisis

Today, cybersecurity challenges are so critical that you also need to consider the possibility that your protective measures are not sufficient. For an organisation, IT security also anticipates a possible shutdown of an IT infrastructure for any reason - a system failure, malware, or a cyberattack .

An IT Disaster Recovery Plan (DRP) details the procedures and technological resources that your company would need to deploy in order to resume its strategic activities in the event of such a disaster. In this article we will look at a DRP and the usual stages of its implementation.

Melissa Parsons

An article from

It drp cyber security

What is a Disaster Recovery Plan?

A Disaster Recovery Plan (DRP) enables companies to resume normal operations after a disaster. In an IT context, this disaster generally involves a cybersecurity breach : the loss, theft, or disappearance of sensitive data; a virus, a cyberattack, or cybercrime.

Definition of the Business Recovery Plan

In an IT context, the DRP aims to achieve several sub-goals which lead to the main goal: safeguarding the sustainability of your company's activities. These sub-goals are:

  • anticipating and mitigating the impact of any cyber crisis;
  • guaranteeing the protection of sensitive digital data in the event of a disaster;
  • ensuring the continuity of the structure's activities, in the face of an IT crisis;
  • setting up a backup system to resume critical IT applications.

A DRP is a document that outlines all the processes your company must put in place to maintain or rebuild its IT infrastructure in the aftermath of a cyber crisis. It indicates how and when to defer to the backup system, as detailed in the crisis management plan, and specifies which backup system to activate in order to ensure the security of confidential data.

Furthermore, the Disaster Recovery Plan sets out how long each department can afford to be paralysed – also known as the Recovery Time Objective (RTO) – and, finally, the maximum acceptable data loss, or Recovery Point Objective (RPO).

Differences between DRP and BCP

The scopes of Business Continuity Plans (BCPs) and DRPs have evolved over time. Originally, the BCP was required to anticipate the impact of a disaster on a company and provide measures to mitigate the negative consequences of crises, while the DRP functioned like the BCP, but only dealt with IT issues.

Over time, the Business Continuity Plan and the Disaster Recovery Plan have both taken on more precise meanings. Each now has a specific role regarding a company's IT system.

What is a BCP in the current climate?

The BCP now consists of a portfolio of procedures and resources that help to safeguard the continuity of the organisation's activities should a problem occur. Its objective is, before anything else, to avoid interruption of IT systems and prevent operational disruptions. It must therefore be built in such a way that all of a company's IT structures remain available: networks, servers, and data centres alike.

From a strict IT perspective, a distinction is made between the operational continuity plan – which includes the company as a whole – and the IT Continuity Plan – which specifically targets the procedures and resources to put in place to ensure the continuous operation of information systems.

What does an IT DRP look like today?

A Disaster Recovery Plan focuses on making sure a company's activity can return to an operational status. In IT, this means backing up vital infrastructure. The plan can be activated when there is an obvious shutdown of information systems, and companies can ensure the post-disaster reconstruction of IT infrastructures and the reboot of the most critical applications to company operations.

Its objective is to guarantee a satisfactory resumption of activity as soon as practicable, in order to reduce the financial consequences linked to a cyber crisis. This is why it has to rely on careful risk mapping to provide adequate backup IT systems and ensure data redundancy, which is the practice of saving the same data on different devices (phone, computer, external hard drive, digital drive, or tablet).

DRP compensates for financial consequences of IT shutdown

The IT Disaster Recovery Plan in CIO terminology

To summarise, Chief Information Officers (CIOs) generally consider that the BCP specifies measures for ensuring the continuity of activity, while the DRP details measures that guarantee the resumption of activity after an IT shutdown. After all, the Disaster Recovery Plan is activated when the infrastructure is unavailable.

In the event of a cyberattack, there are generally two execution scenarios for the DRP:

  • Your company was prepared for IT crises, and had a BCP to mitigate the impact of the disaster. In this case, your company can reduce the RTO and RPO to a minimum and apply a “warm restart” of the applications. This is a quick restart of activities on one or more backup servers, all based on pre-disaster data saves.
  • Your structure did not have a BCP or the technical means to execute an effective crisis management plan . In this case, a “cold restart” is required, a process which can last several hours or days after the disaster. In this scenario, the recovery is based on the company’s latest backups. However, with the increasing uptake of cloud data storage, this cold procedure is becoming less frequent.

When should you set up your IT recovery?

By definition, the DRP is only activated when the company suffers a genuine shutdown of its IT activities. If you want this IT recovery plan to perform well and enable you to quickly resume your activities, you must think it through well in advance of the actual onset of a cyber crisis. As a general guideline, you should allow an average of three months to design it, although you may need more or less time depending on the size of your structure.

Once the cyberattack, computer failure, or human error has been recorded and damage to your infrastructure begins, the execution of your DRP should help minimise your operational downtime. The longer the recovery, the more the company’s financial results are jeopardised.

 alt=

We review the most common methods for analyzing cyber risk. Our goal is to help you implement an effective risk management strategy.

Build your organization's cyber resilience with Cyber Risk Quantification

Contact C-risk for more information about our Cyber Risk Quantification Solutions.

Advantages and disadvantages of the DRP

The main mission of the Disaster Recovery Plan is to ensure a rapid restart of your operations. Any service interruption that is too long has an impact on your reputation and, as a consequence, on your financial value. Moreover, if an isolated incident threatens the fulfilment of your regulatory and contractual obligations, your business could incur harmful legal consequences.

Nevertheless, setting up a DRP comes at a cost, although it could be considered an investment that pays for itself when you take into account that it helps avoid harmful consequences in the event of a cyberattack or an IT failure:

  • alteration or disappearance of all or part of sensitive data;
  • loss of turnover due to the shutdown of IT systems;
  • damaged reputation with customers, partners, and investors;
  • legal risks.

A DRP relies on a third-party computer network and data backups to ensure satisfactory IT operations. Like a BCP, the advantages of a Disaster Recovery Plan can only be appreciated if good practices are complied with. Using Cyber Risk Quantification (CRQ) methods, you can better understand the risks your organisation faces in financial terms. This is a plan that should be thought through and regularly tested using quantitative methods. Its development takes time and a significant budget to be effective.

Guarantee a recovery of critical activity

How to develop a DRP

The implementation of an IT Business Recovery Plan can be broken down into several stages. In general terms, it is above all a matter of writing specification notes that determine the critical IT applications for your structure. These applications are the ones which require an emergency “backup” in the event of an IT shutdown.

It is also a question of identifying which backup system you need to set up and which data backup model you opt for. Your DRP must also provide for regularly updated measures.

1 / Check the official recommendations for activity recovery

Depending on your sector of activity, there may be regulations and standards that govern the resumption of activity, including the methods for carrying out your DRP. The ISO 22301 standard thus organises business continuity management for a certain number of areas.

The banking and finance sector is particularly affected by this type of regulatory obligation. The Financial Conduct Authority (FCA), for example, states that approved companies specialising in portfolio management must have a DRP in place.

2 / Define responsibilities for carrying out the plan

A IT Disaster Recovery Plan will of course harness the skills of your CIO and general management. More broadly, each department will have to participate in its development to determine which IT applications are essential to the proper functioning of the company.

In order to develop the DRP smoothly and coherently, it may also be useful to appoint a person responsible for its overall implementation. This person, generally from the IT department, has the role of assessing which infrastructures need to be backed up as a priority in the event of an IT shutdown, after having consulted with the other departments.

Appoint a person in charge of the Business Continuity Plan

3 / Audit the IT systems before any cyber crisis

To draw up a list of the essential IT tools for an effective recovery of activity, it is important to focus on the following elements:

  • needs in terms of network, and in particular internet speed;
  • available servers;
  • software applications that are used on a daily basis;
  • automatic backups, especially their frequency and volume.

4 / Rank critical IT activities

The next step is to organise the applications according to their degree of criticality for the proper functioning of the company. In the day-to-day life of your organisation, some activities are less resilient than others to unexpected IT shutdowns.

You must rank these activities and the corresponding IT applications from most critical to least critical in order to define the effective scope of your Disaster Recovery Plan. You should also compare this criticality with the risk probability. This is a standard approach to managing risks and anticipating cybersecurity breaches.

This step also implies defining acceptable RTOs and RPOs for your business. In other words, it is important to detail the maximum downtime that your structure can tolerate before a return to service, as well as the maximum tolerable timeframe during which data is not being recorded. CIOs are well-versed in these issues, as they are directly related to the frequency of data backups.

5 / Provide a budget for the Disaster Recovery Plan

Designing and activating a DRP involves considerable human and financial investment, although, in turn, it does contribute to preventing financial losses. The question of the budget dedicated to this Disaster Recovery Plan is, however, all the more central as it dictates the type of backup solution you should favour in the case of an IT shutdown.

For a reasonable budget, compare any expenses incurred through the execution of the DRP with those inherent to a shutdown of your company’s IT operation (see CRQ .

6 / Specify the exact scope of your backup IT solution

Once you have gathered all of this preliminary data, you still need to define which IT infrastructure will host your backup applications. Many companies plan what they call a “backup site”, which is a second location equipped with the necessary IT infrastructure and a data replication system. This solution is interesting because it works according to a principle of reciprocity: both sites protect each other.

However, this is an expensive endeavour, which is why many organisations prefer to work with a service provider that hosts their remote infrastructure. For this reason, DRP on Cloud and DRaaS (Disaster Recovery As A Service) are some popular options that are gaining ground.

7 / Regularly test your DRP

Designing a Disaster Recovery Plan only makes sense if you take into account the new software acquired by your company along the way as well as corresponding updates. The backup applications and data replication procedures must also be regularly tested to verify their suitability for your continued IT upgrades.

You also need to make sure your Recovery Plan fits to the logistical habits of your human resources. It must be activated in accordance with your overall management plan in the event of a cyber crisis. This requirement can be part of the simulation exercises provided for in your cyber crisis management strategy.

FAQ about Disaster Recovery Plan (DRP)

What is the definition of an it “drp”.

The Disaster Recovery Plan (DRP) comprises a set of documents detailing the steps for setting up a backup IT infrastructure. This infrastructure’s aim is to safeguard the usual course of business activities in the event of an unexpected shutdown of IT systems. This shutdown could be due to a cyberattack, a computer breach, human negligence, or data loss or theft.

What is DRaaS?

Disaster Recovery as a Service is a cloud backup solution provided by a third party where your data server is replicated on your service provider’s facility via the cloud, thus making it easy for you to recover any data lost during a disaster. It is a simple solution that removes the need to develop a complex and thorough plan. Also, the maintenance costs associated with running a second site become a thing of the past, since you only have to pay for a subscription.

Is it possible to have a DRP without a BCP?

There are sectors for which an interruption of activity, even of one minute, represents a tangible financial loss or danger to data integrity. In these sectors, having a BCP is essential. Companies whose activities have a lower level of criticality and who can afford longer IT downtime can settle for a DRP alone.

Share this article

We build scalable solutions to quantify cyber risk in financial terms so organizations can make informed decisions to improve governance and resilience.

Related articles

Read more on cyber risk, ransomware attacks, regulatory compliance and cybersecurity.

executive support cyber risk

C-Risk | Reduce risks by improving decisions

Quantification of controls effectiveness : what impact on risk decisions improvement ? Answers in the webinaire.

what is a disaster recovery plan it

Christophe Forêt

GRPD compliance cybersecurity

GDPR compliance and its impact on your cybersecurity strategy

Being compliant with GDPR and having efficient data protection policy is a tricky challenge that can be overcome with Cyber Risk Quantification (CRQ).

nist cyber security

NIST Cybersecurity Framework: how to manage your cyber risks?

Is the NIST Cybersecurity Framework good at analysing, preventing, and recovering from cyber a cyber incident? How can you use this method? Is it enough to protect your structure?

C-Risk is a recognized expert in Cyber Risk Quantification using the FAIR™ methodology. We provide CRQ consulting services, managed services, and training.

U.S. flag

An official website of the United States government

Here’s how you know

world globe

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. .

Use the FEMA App to Take Charge of Your Disaster Recovery

world globe

The FEMA app allows you to receive real-time weather alerts, locate emergency shelters in your area, prepare for common hazards, and track your disaster assistance application.

Getting started

Learn how to prepare for common hazards quickly and easily. The FEMA App can help you learn basic preparedness strategies like how to create a family emergency communication plan, what to pack in your emergency kit, and what to do immediately after a disaster. 

Knowing when and how to protect yourself, your loved ones and your property during a disaster can make all the difference.  With the FEMA App, you can receive real-time weather and emergency alerts from the National Weather Service for up to five locations nationwide.  It can also help you find a nearby shelter if you need to evacuate to a safe space.

The FEMA App gives you the tools you need to recover after a disaster. Find out if your location is eligible for FEMA assistance, find Disaster Recovery Center locations, and get answers to your most pressing questions.  Instantly connect with FEMA’s disaster resources so you find the help that you need when you need it most. 

How to Download the App:

The FEMA app is available for both Android and iOS.  You can download the FEMA app on  Google Play  and on the  Apple App Store .  

You can also download the app via text messaging. On an Android device, text  ANDROID  to  43362  (4FEMA); On an Apple Device, text  APPLE   to   43362  (4FEMA).

For more information on West Virginia’s disaster recovery, visit  emd.wv.gov,   West Virginia Emergency Management   Division Facebook page, www.fema.gov/disaster/4756  and www.facebook.com/FEMA.

AllTheThings.Best

Must Have Items for a Smart Home Disaster Recovery Plan

W elcome to our guide on keeping your smart home safe! Have you ever thought about what would happen to your smart gadgets if there was a big storm or you became unable to maintain it? Just like we practice fire drills, it’s smart to have a plan for your smart home too. This way, you ( or someone else ) can fix any problems quickly and keep your house running smoothly. In this post, we’ll share a list of important things you should have in your smart home disaster recovery plan. So, let’s get started and make sure your smart home is ready for anything!

Password Management

When it comes to keeping your smart home safe or recovering it in case of an emergency, remembering all the passwords for your devices and services is key. You should store your passwords in a safe place like a password manager. This is a special app that keeps all your passwords in one spot and is very secure. Also, it’s a smart move to share how to find these passwords with people you trust, like family members. This way, if something happens and you’re not around, someone else can take care of your smart home. Remember, having all your passwords safe and ready to use is critical if you need to recover your smart home!

Taking regular backups is a critical step in protecting your smart home. Backups are an essential snapshots of your system’s settings and configurations. This means that in the event of a system failure or data loss, you have the means to restore your environment to its previous state quickly and easily. It’s important to establish a routine for these backups to make sure that any changes to it are stored. This means you should be aware of your Recovery Point Objective ( RPO ), or how much time you are willing to lose since the last backup. For us, this can range from a week to a day depending on how many changes we are making. Equally important is the secure storage of these backups. They can be stored either on a different storage device locally, different machine locally, or a different computer network completely like up in the cloud! No matter how you choose to store your backups, it should guarantee that your data is not only safe but also accessible only to authorized individuals. By treating backups with the seriousness they deserve, you can easily simplify your smart home recovery process in case of disaster.

Device Reset Guides

Often, with a smart home, just one part of it may stop functioning. This might just be a light switch that likes to be flakey, or it could be the smart garage door opener that refuses to open. When smart home devices stop functioning, it’s important to have detailed instructions for how to reset those devices. This could look like a folder that has all of the manufacturer’s instructions stored as pdf files, or it could be an actual physical file that has instruction booklets in it. Either way, knowing how to reset each of your devices to factory default then re-connect it to the system is a critical part of having an effective disaster recovery plan.

Restore Plans

Having step by step plans to restore your smart home controller or your smart home backups is critical to having an effective disaster recovery plan. These plans should include the location of your password storage, as well as any other documents that could potentially be needed to recover the plan. It should also go step by step through the process to restore the house to it’s full working condition. Often, this includes details on how to restore the smart home from backups. It could also contain screenshots of various pages and the values that need to be in different input fields. It really depends on your smart home. Something important to keep in mind while writing your restore plans is that the person reading them might not be you! These plans should be able to be followed by anyone who has access to them, no matter how tech savvy they are ( or are not ). So be sure to include all of the details.

Emergency Contacts

Having a list of emergency contacts is another critical feature of a disaster recovery plan for your smart home. This is a list of individuals who can be trusted with all of the details of your smart home. This includes schematics, passwords, and more highly sensitive information. These emergency contacts should be familiar with where your restore plans are for your smart home, and be tech savvy enough to implement your disaster recovery plans. In case you are not able to restore the home your self, these are the people who would be responsible for recovering your home back to it’s working condition. This may or may not include tearing out some of the smart home devices that you have installed if they are no longer functioning, so pick wisely!

Test the Plan Regularly

One of the most overlooked parts of a disaster recovery plan is testing it. A good disaster recovery plan should be tested frequently to make sure that the process works correctly. Nothing spells true disaster like a disaster recovery plan or set of backups that has never been tested to make sure it actually works. We like to test our disaster recovery plan at least once a year, but also tend to bake disaster recovery into part of our process so that it “just happens” as we manage our smart homes. After you are done testing your backups and disaster recovery plans, be sure to document anything that did not work, and make changes to your plans if needed.

By following these simple steps and having a solid disaster recovery plan, you can make sure your smart home stays safe and works well, even if something unexpected happens. Remember, being prepared is the best way to keep your smart home running smoothly. So, take a little time to set up your plan, keep your passwords and backups safe, and you’ll be ready for anything. Here’s to a smart and secure home, ready to handle whatever comes its way!

The post Must Have Items for a Smart Home Disaster Recovery Plan appeared first on AllTheThings .

Having a physical version of a disaster recovery plan is great in case the internet isn’t useable.

Skip links and keyboard navigation

  • Skip to content
  • Use tab and cursor keys to move around the page (more information)

Popular services

  • Renew vehicle or boat rego
  • Check my licence demerit points
  • Renew my driving licence
  • Change my address

Browse by category

  • Transport and motoring
  • Employment and jobs
  • Education and training
  • Queensland and its government

Disaster recovery support

Financial help and support services to help you recover if you're affected by a disaster

Tropical Cyclone Kirrily, associated rainfall and flooding commencing January 2024

Tropical Cyclone Kirrily has affected communities throughout Queensland.

Personal hardship financial assistance is now available for targeted locations across Queensland impacted by Tropical Cyclone Kirrily.

Housing assistance is available for residents affected by this event.

How to access support

If you’re experiencing emotional stress, contact Lifeline’s dedicated support line on 1800 116 671 (8am to 8pm).

If you're in personal financial hardship from this event, contact your local emergency relief provider or counselling service , call the Community Recovery Hotline on 1800 173 349 , or visit us at a  Community Recovery Hub .

SEQ Severe Thunderstorms Christmas Day 2023

Severe thunderstorms have impacted communities in South-East Queensland.

Personal hardship assistance is now available for affected residents in targeted locations within Gold Coast City, Logan City and Scenic Rim Regional Local Government Areas.

If you’re experiencing emotional stress, contact Lifeline’s dedicated support line on 1800 116 671 .

If you're in personal financial hardship from this event, contact your local emergency relief provider or counselling service , call the Community Recovery Hotline on 1800 173 349 , or visit us at a Community Recovery Hub .

Tropical Cyclone Jasper December 2023

Tropical Cyclone Jasper is affecting communities in North Queensland.

Personal hardship assistance is now available for Queensland communities impacted by Tropical Cyclone Jasper.

October and November 2023 bushfire events

Financial assistance and other support services continue to be available to residents of communities affected by the October and November 2023 bushfire events. Find out more and check your eligibility .

Housing assistance may also be available to residents affected by these events.

If you’re experiencing emotional stress or personal financial hardship, contact your local emergency relief provider or counselling service or call the Community Recovery Hotline on 1800 173 349 for help.

Northern and Central Queensland monsoon and flooding – March 2023

Personal hardship assistance is now available for affected residents in eligible areas.

If you’re experiencing emotional stress or personal financial hardship from this event, contact your local emergency relief provider or counselling service or call the Community Recovery Hotline on 1800 173 349 for help.

Request urgent assistance

  • Emergency calls: 000
  • TTY Emergency calls: 106
  • State Emergency Service (SES): 132 500
  • 13 HEALTH: 13 43 25 84
  • Emergency housing: 13 QGOV (13 74 68)
  • Community Recovery Hotline: 1800 173 349

See warnings and alerts

  • Queensland disaster alerts
  • Disaster dashboards in your local area

Financial help for disasters

Financial grants and support services are available for people affected by Tropical Cyclone Kirrily.

Find information about personal hardship financial assistance available for south east Queensland communities impacted by severe thunderstorms.

Information about financial grants and support services available for people affected by Tropical Cyclone Jasper in December 2023.

Toowoomba Fires November 2023

Financial assistance and support services are available for people affected by the November 2023 Toowoomba bushfires.

North Queensland Fires October 2023

Find information about financial grants and support services available for Queensland communities impacted by the North Queensland bushfires.

Bundaberg and Gladstone Bushfires October 2023

Personal hardship financial assistance is available for Queensland communities impacted by the Bundaberg and Gladstone bushfires.

Western and Darling Downs Bushfires October 2023

Financial grants and support services are available for people affected by the Western and Darling Downs bushfires.

Northern and Central Queensland monsoon and flooding – March 2023

Find information about financial assistance available for Northern and Central Queensland monsoon and flooding – 20 December 2022 to March 2023.

Western Downs bushfire February 2023

Find information about financial assistance available for Western Downs residents affected by the February bushfires.

Southern Queensland flooding May 2022

Recovery support for SEQ flooding in May 2022 and financial assistance available to affected residents.

South east Queensland rainfall and flooding February 2022

Information about the financial assistance available to south east Queensland residents affected by rainfall and flooding.

Ex-Tropical Cyclone Seth January 2022

Find information about financial assistance available for Queensland residents affected by flooding.

Types of grants

Find grants available to you if you've been affected by a disaster. Eligibility criteria applies.

Call 1800 173 349 , the Community Recovery Hotline, for advice.

You can also search for federal grants .

Grants are available to assist with

  • Housing, food, clothing, medication, etc.
  • More than 5 day loss of services e.g. electricity
  • Household contents
  • Reconnecting services e.g. electricity, gas
  • Housing help
  • Structural repairs to your home
  • Home repair, raise or buy-back after flooding
  • Cyclone resilience

More help and information

Grant information and how to apply.

  • Eligibility for state grants and how to apply
  • Proof of ID needed to apply for grants
  • Support for non-profit organisations
  • Support for businesses and industries

Support and resources in other languages

  • Find a Community Recovery Hub or Support Services location
  • Regional community support services
  • Support for vulnerable people
  • Information in your language

Rebuilding and cleaning up

  • Replacing lost or destroyed documents
  • Reconnecting electricity and water
  • Returning home after a storm, flood or cyclone
  • Returning home after a bushfire

Physical health

  • Bacterial infections
  • Mosquitoes and black flies
  • Floodwater contamination

Mental health and wellbeing

  • Community support organisations
  • Mental health support and services
  • Managing stress after a disaster
  • Family relationships after a disaster

How you can help

  • Donate to help bushfire-affected communities
  • Volunteering
  • Donating goods, services and money

You are using an outdated browser. Please upgrade your browser to improve your experience.

You can perform disaster recovery by running a recovery plan in VMware Aria Suite Lifecycle with re-IP by using Site Recovery Manager.

  • Create a recovery plan for VMware Aria Suite Lifecycle VM and configure the recovery steps by turning off re-IP manually, and then disabling power on post recovery.
  • Edit the hardware setting of the recovered VMware Aria Suite Lifecycle VM in the vCenter inventory, and then assign correct network.
  • Power ON the VMware Aria Suite Lifecycle VM.
  • Access the VMware Aria Suite Lifecycle VM console from vCenter inventory as a root user.
  • /opt/vmware/share/vami/vami_set_network <Network-Interface-Name> STATICV4+NONEV6 <New-IPV4> <SUBNETMASK> <DEFAULT-GATEWAY>
  • /opt/vmware/share/vami/vami_set_dns <New-DNS-IP-OR-FQDN>
  • /opt/vmware/share/vami/vami_set_hostname <New-Hostname>
  • Access the VMware Aria Suite Lifecycle UI with the new IPv4 or the new FQDN, and then log in. Under Locker , select Home Certificates , and then generate a new certificate, which includes the updated VMware Aria Suite Lifecycle FQDN.
  • On the Lifecycle Operations Home page, select Settings , and then select Change Certificate to update the VMware Aria Suite Lifecycle certificate that is generated in the previous step.
  • On the Lifecycle Operations Home page, select Settings , and then select Authentication Provider to perform SYNC and RE-REGISTER tasks. This upgrades the new FQDN of VMware Aria Suite Lifecycle in the VMware Workspace ONE Access catalog. Note: Perform this step only if the Workspace ONE Access is reachable to the network of the recovered VMware Aria Suite Lifecycle VM.
  • Perform an inventory sync with the managed products to ensure VMware Aria Suite Lifecycle is functional with the new network settings.

IMAGES

  1. Disaster recovery vs. security recovery plans: Why you need separate

    what is a disaster recovery plan it

  2. Key Elements of a Disaster Recovery Plan

    what is a disaster recovery plan it

  3. What a Disaster Recovery Plan (DRP) Is and How It Works

    what is a disaster recovery plan it

  4. It Disaster Recovery Plan

    what is a disaster recovery plan it

  5. 3 Steps for Building a Cloud-Based Disaster Recovery Plan

    what is a disaster recovery plan it

  6. Disaster recovery

    what is a disaster recovery plan it

COMMENTS

  1. What is a Disaster Recovery Plan?

    IT disaster recovery is a portfolio of policies, tools, and processes used to recover or continue operations of critical IT infrastructure, software, and systems after a natural or human-made...

  2. What is a Disaster Recovery Plan (DRP) and How Do You Write One?

    A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. A DRP is an essential part of a business continuity plan ( BCP ). It is applied to the aspects of an organization that depend on a functioning information technology (IT) infrastructure.

  3. What is Disaster Recovery?

    Disaster recovery is the process by which an organization anticipates and addresses technology-related disasters. The process of preparing for and recovering from any event that prevents a workload or system from fulfilling its business objectives in its primary deployed location, such as power outages, natural events, or security issues.

  4. What is a disaster recovery plan?

    A disaster recovery plan (DRP) is a detailed document that outlines how an organization will respond to an unplanned incident.

  5. What Is Disaster Recovery?

    Disaster recovery (DR) is the process an organization implements to recover from a security event that disrupts its technology operations. Developing an IT disaster recovery plan (DRP) allows organizations to resume operations quickly after a security event. Cisco Talos cybersecurity response. Cisco crisis response.

  6. What is Disaster Recovery?

    Disaster recovery is an organization's method of regaining access and functionality to its IT infrastructure after events like a natural disaster, cyber attack, or even business disruptions related to the COVID-19 pandemic. A variety of disaster recovery (DR) methods can be part of a disaster recovery plan. DR is one aspect of business continuity.

  7. Disaster Recovery: An Introduction

    Disaster recovery planning is the subset of business continuity planning that focuses on recovering IT infrastructure and systems. Disaster recovery planning Business impact analysis The creation of a comprehensive disaster recovery plan begins with business impact analysis.

  8. What is a Disaster Recovery Plan? + Complete Checklist

    A disaster recovery plan (DRP) is a set of detailed, documented guidelines that outline a business' critical assets and explain how the organization will respond to unplanned incidents.

  9. IT Disaster Recovery Plan

    An information technology disaster recovery plan (IT DRP) should be developed in conjunction with the business continuity plan. Priorities and recovery time objectives for information technology should be developed during the business impact analysis.

  10. What is a Disaster Recovery Plan? Definition + Strategies

    A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and more generally promote recovery.

  11. What is a Disaster Recovery Plan (DRP) and how to build one?

    A disaster recovery plan helps your IT team respond to an unplanned interruption of network services during a disaster, including voice, data, internet, etc. The plan must include procedures for recovering an organization's network operations, including local area networks (LANs), wide-area networks (WANs), and wireless networks.

  12. What is a Disaster Recovery Plan?

    A disaster recovery plan (DR or DRP) is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events.

  13. What is a Disaster Recovery Plan? Importance & Benefits

    A disaster recovery plan is a documented strategy including policies, procedures and responsibilities to help organizations recover their IT systems and data in the aftermath of a disaster.

  14. What Is a Disaster Recovery Plan? 4 Examples

    A disaster recovery plan defines instructions that standardize how a particular organization responds to disruptive events, such as cyber attacks, natural disasters, and power outages. A disruptive event may result in loss of brand authority, loss of customer trust, or financial loss.

  15. What Is Disaster Recovery? Definition, Plan, Types & More

    Disaster recovery testing is a fundamental component of an organization's business continuity and disaster recovery plan. It involves simulating a disaster, like a cyber attack like ransomware, data breach, power outage, or natural disaster, to assess an organization's ability to regain control over its IT systems.

  16. How to build a successful disaster recovery strategy

    Step 3: Create your asset inventory. Disaster recovery relies on having a complete picture of every asset your enterprise owns. This includes hardware, software, IT infrastructure, data and anything else that's critical to your business operations. Here are three widely used labels for categorizing your assets:

  17. What is a Disaster Recovery Plan?

    A disaster recovery plan is the preparation of a strategy for restoring IT systems following an unexpected outage. The goal of disaster recovery planning, which is a component of business continuity, is to ensure that businesses can perform disaster recovery efficiently and return to normal operations as quickly as possible in the wake of a disruption.

  18. How To Create An Effective IT Disaster Recovery Plan

    A disaster recovery plan, also known as a DR plan or DRP, is a set of tools and procedures that a company uses to recover from a major data disruption. In general, it helps an organization react to a disaster, take action to prevent damages and quickly recover operations.

  19. What is disaster recovery (DR)?

    A solid disaster recovery plan, including employee training for handling inquiries, can boost customer assurance by demonstrating that the company is prepared for any disaster. Emergency preparedness. Thinking about disasters before they happen and creating a response plan can provide many benefits. It raises awareness about potential ...

  20. What is a Disaster Recovery Plan and Why is it Important?

    A disaster recovery plan, or DRP, is a formal document created by an organisation that details how to respond to various types of disasters. This will typically include things like power outages, cyber-attacks, including ransomware, and a range of other disruptive events. The best DRPs go beyond simply restoring data that has been lost.

  21. How to Write a Disaster Recovery Plan + Template

    A disaster recovery plan (DRP) is a document that outlines the procedures an organization will follow to recover and restore its critical systems, operations, and data after a disaster. Examples of disasters that may disrupt the continuity of product or service delivery are natural disasters, cyber attacks, hardware failures, and human errors.

  22. DRP: all you need to know about the IT recovery plan

    A Disaster Recovery Plan focuses on making sure a company's activity can return to an operational status. In IT, this means backing up vital infrastructure. The plan can be activated when there is an obvious shutdown of information systems, and companies can ensure the post-disaster reconstruction of IT infrastructures and the reboot of the ...

  23. How is a Disaster Recovery Plan Can Help You

    A disaster recovery plan (DRP) is a documented, well-organized approach that describes how a business can quickly resume operations after an unplanned event. A DRP plays a crucial role in a business continuity plan (BCP). It is used for organizational components dependent on an effective information technology (IT) infrastructure.

  24. Use the FEMA App to Take Charge of Your Disaster Recovery

    The FEMA App gives you the tools you need to recover after a disaster. Find out if your location is eligible for FEMA assistance, find Disaster Recovery Center locations, and get answers to your most pressing questions. Instantly connect with FEMA's disaster resources so you find the help that you need when you need it most. How to Download ...

  25. Must Have Items for a Smart Home Disaster Recovery Plan

    A good disaster recovery plan should be tested frequently to make sure that the process works correctly. Nothing spells true disaster like a disaster recovery plan or set of backups that has never ...

  26. Disaster recovery support

    Disaster recovery support. Financial help and support services to help you recover if you're affected by a disaster. Tropical Cyclone Kirrily, associated rainfall and flooding commencing January 2024 Tropical Cyclone Kirrily has affected communities throughout Queensland.

  27. Disaster Recovery Teams Join as Mysteries Grow in Tobago Oil Spill

    Based on the survey results, they will also help with the oil recovery program while also developing a plan to remove the oil from the barge and salvage the wreck.

  28. Performing a disaster recovery for VMware Aria Suite Lifecycle

    Create a recovery plan for VMware Aria Suite Lifecycle VM and configure the recovery steps by turning off re-IP manually, and then disabling power on post recovery.; Edit the hardware setting of the recovered VMware Aria Suite Lifecycle VM in the vCenter inventory, and then assign correct network.; Power ON the VMware Aria Suite Lifecycle VM.; Access the VMware Aria Suite Lifecycle VM console ...