A disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and, more generally, promote recovery.
The purpose of a disaster recovery plan is to comprehensively explain the consistent actions that must be taken before, during, and after a natural or man-made disaster, so that the entire team can take those actions. A disaster recovery plan should address both intentional man-made disasters, such as fallout from terrorism or hacking, and those that are accidental, such as an equipment failure.
Cause of Disasters
Depending on the location (or locations) of your infrastructure, the types of disasters you are most likely to face can vary widely. Bad weather and natural disasters can affect the well-being of your company; hurricanes in the tropics, tornadoes in the central south, earthquakes in California, and power outages everywhere else will have a negative impact on supported data centers. When you know which disasters you are most likely to face, you can plan accordingly. You could even generate a statistical model to help predict how often disasters will strike your infrastructure, and what their severity will be.
In reality, effective disaster recovery planning requires much more than this. It entails creating detailed, step-by-step procedures for restoring data and infrastructure. These plans should not just detail the steps for setting things back up, but should also specify:
- Which personnel will perform disaster recovery tasks.
- How quickly recovery tasks need to be completed in order to meet RTO and RPO requirements.
- How disaster recovery procedures might vary between different facilities or sites.
- Whether disaster recovery operations for hardware need to be performed independently of disaster recovery for software.
Disaster Recovery Plan Checklist
Now let’s discuss the steps you should follow to develop your disaster recovery plan. The disaster recovery plan will vary depending on the company’s needs and weak points. Below, we highlight the main areas of focus that a typical business needs to address as part of its disaster recovery plan.
- Business Impact Analysis
- Recovery Strategies
- Disaster Recovery Plan Development
- Disaster Recovery Plan Testing
Further reading Disaster Recovery Planning Checklist
Business Impact Analysis
The first step to developing a disaster recovery plan is to evaluate the impact that a disaster would have on the various components of the business, and how quickly a recovery would need to be completed in order to avoid a critical problem. To determine the disaster impact on different parts of your organization, you’ll have to work closely with department heads and key personnel.
Once you have assessed the impact of a disaster, you can develop RTO and RPO goals to find out what needs to be recovered and how quickly recovery must happen following a disaster.
Once your RTO is ready, the next step would be to develop an actual recovery strategy. To do this, you must assess whether the resources you currently have meet the various RTO and RPO goals.
- Do you have enough personnel ready to respond to a disaster to meet those goals?
- Do you have enough backup infrastructure and network capacity?
- Will you be able to obtain new hardware or software quickly enough if necessary?
By answering questions like these, you can develop the overall recovery strategies that will form the basis for your disaster recovery plan.
Disaster Recovery Plan Development
Once you have developed your disaster recovery strategy, you are ready to fill in the details of executing the strategy. To do this, you’ll want to:
- Develop an overall plan framework that defines the different components of your plan.
- Identify personnel who will execute the plan or sub-plans.
- Develop plans for relocating hardware, software or data following a disaster.
- Write out the specific disaster recovery procedures that need to be followed, along with steps for accessing any special information required to follow the procedures.
- Document manual workarounds for your team to follow if the main disaster recovery plan fails.
- Put the plan together and share it with the management to get approval.
Disaster Recovery Plan Testing
Once the plan is created, it’s time to test it. Do a dry run through the disaster recovery procedures to make sure everything works as expected. Make sure that all staff members who are part of the disaster recovery procedures know their roles and how to perform them, as well as how to access any information they require during a disaster. Be sure to document the results of these tests and review them in order to identify gaps that need to be fixed before an actual disaster strikes.
Further reading Disaster Recovery Testing: Best Practices and Scenarios
Planning for disaster recovery may seem like something you can always put off until tomorrow. But don’t trick yourself into thinking that successful disaster recovery can be executed on the fly during a serious disruption. The truth is otherwise, which is why it is essential to have a detailed disaster recovery plan in place well before disaster strikes. Check out our white paper to find a basic template that you might find useful for structuring your plan and to learn more about disaster recovery planning best approaches.