What is a Disaster Recovery Plan (DRP)? To keep it simple, it is a business strategy that maintains (at least) a minimum level of service, should a disaster take place, while you restore the usual operations. More specifically, the IT Disaster Recovery Plan (IT DRP), is a documented process used to outline the recovery path of IT infrastructure in case of a disaster.

Before you feel overwhelmed by reading this article, take a deep breath. It is a process to create a plan like this, however it is vital for your company that one exists. It is not something that is created in one day but rather a project that you set objectives for and write and develop over a short period of time. You can never predict when a disaster can strike, but a “failure to plan – is a plan to fail.” Every company must have a DRP or else a disaster could mean the end of your company. We feel so strongly that we made this the final stop on the technology roadmap. As you read thru the article, let the wheels in your head turn so you can start simple and create a thorough plan should the inevitable ever happens.

Why is an IT disaster recovery plan important? The benefit of an IT DRP is that it contains detailed, simple and accurate information about your company’s IT operations. It should be easily understood and clearly formatted so anyone in the organization could take actionable steps if necessary.

How can an IT DRP help my organization? When you have preventative measures in place when a disaster strikes, you will be able to keep confidence in your customers by maintaining your customer service and reducing the risk of downtime after a disaster. Here are four more reasons how a plan can help.

• Reduce interruption to normal operations and create alternative operations to utilize if needed
• Limit the extent of disruption of a natural disaster or cyber attack
• Prepare and train employees in emergency procedures
• Minimize expenses regarding the relief efforts

Do we need more than one type of DRP? The purpose of the DRP is to create a set of procedures to get every part of your business up and going after a disaster. The steps you will take to resume operations will differ depending on the type of disaster. You would need to approach the situation differently if the disaster was natural, such as flooding or fire, compared to a server failure, virus, data breach or major power outage. Different scenarios will require different plans.

How do you create a disaster recovery plan? Before you build your IT DRP, you need to do a little research so you have a strong understanding of your organizations risks. Here are some things you will want to think about when creating and testing your recovery plan.

• Include the contact information and the processes for reaching support and those that can help prevent prolonged downtime.
• For mission-critical applications, choose an infrastructure that allows you to store data copies in a different region.
• Choose a specific person to be the “director” of the plan. This includes testing it and putting it into action.
• Document each and every process in detail. Automate as many steps as possible.
• Establish backups for your data and test the backup restoration regularly.
• Train staff to execute the DRP.
• Perform regular simulations so you can validate and improve the plan.

What elements are included in an IT DRP?

• The purpose, scope and objective
• The roles and responsibilities
• Critical assets, resources and insurance policies
• Document and data backup
• Communication plan

5 Steps to create your own successful IT disaster recovery plan.

1. Identify critical operations
   1. Outline a list of services and products your business provides
   2. Any known vulnerabilities that could impact your business
   3. The extent that you must operate from your company’s headquarters
   4. Decide what data is crucial to keep your business operational such as, data and assets, crisis and post-disaster communications and proactive security measures
   5. Determine the priority level of services and products within different classifications such as; mission-critical, semi-important and low-tier.
      1. Within each of these tiers, there should be a service-level agreement (SLA) that details out potential downtime losses and how the risks would affect business operations. These SLA’s should have two elements.
         1. Recovery Time Objective (RTO) – The maximum acceptable time your service or products can be offline (or unavailable).
         2. Recover Point Objective (RPO) – The maximum period your data may be lost from an IT service due to the major incident.
      2. Evaluate disaster scenarios
         1. Writing your DRP is not a “one size fits all”. This is why you should communicate as a team to evaluate a variety of scenarios and then discuss how they would impact your business and how you would react to each. As a result, you will gain a big picture overview of your recovery objectives, timelines and processes. Here are some scenarios you may want to include:
            1. Natural disasters (fire, hurricane, cyber-attack)
            2. DDoS attack – A distributed denial-of-service (DDoS) attack targets websites and servers by disrupting network services. A DDoS attack attempts to exhaust an application’s resources.
            3. Hardware or software failures

3. Create a communications plan
   1. In the wave of a disaster, it is vital to keep your staff, suppliers, partners, stakeholders and customers informed of the responses and actions you are taking through a thoughtful and efficient communications plan. If you have a smaller team, it may be best to define one person to be in charge of all related disaster/recovery communications. You may want to create a task list using a who/what/when/where format and include the audiences that need to be contacted. When informing others about your situation make sure to be honest and clear while highlighting the action steps you are taking in response to the situation. Prepare in advance templates for press releases, website notifications, emails and social media.
4. Develop a data backup and recovery plan
   1. After the disaster, having a documented set of procedures will help you immensely with the recovery. Three procedures you will want to address are:
      1. Emergency response procedures – Outline appropriate responses to a fire or other disaster to protect lives and limit damages.
      2. Backup operations procedures – Steps to ensure that essential data processing tasks can be conducted after the disaster.
      3. Recovery actions procedures – Steps to restore the data processing system after the disaster.

5. Plan, test, repeat
   1. Once you have developed your IT DRP, TEST IT OUT! Simulate a breach or disaster to ensure your plan doesn’t have gaps and your team is ready to implement it. In order to have a strong IT DRP, you need to review and update it regularly.

Conclusion

There are many organizations that specialize in helping you create a plan of your own. There are also different templates that you can use to put together a comprehensive plan that will allow you to rest easy. Here are some great resources for you to use:

• https://cloudian.com/guides/disaster-recovery/4-disaster-recovery-plan-examples-and-10-essential-plan-items/
• https://www.ibm.com/docs/en/i/7.1?topic=recovery-disaster-plan

Don’t wait until it is too late. Begin the steps to implement your own disaster recovery plan today.