• There are no suggestions because the search field is empty.
gray wave
Strategy | 4 min read

7 Steps to Developing an IT Disaster Recovery Plan

Mark Flesch
Written by Mark Flesch

Whether it’s hurricanes hitting coastal regions, wildfires scorching the West or ice storms gripping the south, those in the path of devastating events may not be able to escape damage. In some cases, they lose everything.

Natural disasters happen anywhere, creating mass disruption and even tragedies. Although less destructive physically, there are other events that can significantly disturb our lives, including downed power lines, software failures, security breaches, ransomware attacks, data loss and more. No matter the cause, the impact and costs of downtime on businesses can be significant.

That’s why, if you rely on technology to conduct business, you need an IT disaster recovery plan (DRP) in place. Would you be able to keep your systems up and running in the event of a major disruption, data loss or prolonged power outage? A DRP can help right the ship.

Would you be able to keep your systems up and running in the event of a major disruption, data loss or prolonged power outage? If not, you’re not alone.

What is an IT Disaster Recovery Plan (DRP)?

A disaster recovery plan is a formal document that writes out step-by-step instructions and protocols for what an organization must do if it’s unable to operate as normal or access important data from encountering unexpected downtime from just about any incidents, including a natural disaster.

This plan includes processes and strategies to minimize the effects of disruption and to allow the organization to resume operations quickly.

Creating a business disaster recovery plan can protect your company and the livelihood of your employees. What is included in an IT disaster recovery plan?

  1. Identify Potential Threats
  2. Determine Potential Outcomes
  3. Outline Goals and Procedure
  4. Complete a Comprehensive Inventory
  5. Assign Clear Responsibilities
  6. Develop a Communication Plan
  7. Conduct Regular Reviews and Testing

1. Identify Potential Threats

What possible scenarios could interrupt your essential functions? Does your area get tornadoes, floods or heavy snowstorms? Are there gaps in your cybersecurity protocols that are opening the door to a cyberattack? What about internal threats, like a disgruntled employee?

Address as many possible threats as you can to decrease your chances of getting caught off guard.

2. Determine Potential Outcomes

Use your imagination. What could arise from one of these threats arriving at your virtual doorstep? How could it affect your operations? Write down as many scenarios as you can think of, running the gamut from inconvenient to catastrophic.

Failing to anticipate some of the worst outcomes could end up costing you more than you ever thought possible — which could be a very expensive situation.

Read More: The Real Cost of Operational Downtime

3. Outline Goals and Procedures

Another step is setting goals and developing a plan that includes the appropriate technical support. This might involve a cost-effective managed services provider that hosts off-site system backups you can implement in just such an emergency to keep your business up and running.

You’ll need to identify Recovery Time Object (RTO) — each system’s maximum allowed downtime — and the maximum amount of data loss you’re willing to accept. This is also known as Recovery Point Object (RPO). 

Another goal is to identify specific backup procedures, including where critical data will be backed up and how to recover it.

Ideally, there is a secondary data center recovery site in a remote location containing replicated data that’s frequently backed up so it can be restored or switched to a backup hot site if other critical systems go down. In the event of a cyberattack, you’ll need emergency response procedures to mitigate the damage as quickly as possible.

4. Complete a Comprehensive Inventory

Take stock of any hardware, software and applications that your business uses. From there, list them in order of importance of which ones need to be restored first. Each item in the inventory should have all of its pertinent information included, such as serial number or tech support info. Also, create a list of current passwords to access everything you need.

5. Assign Clear Responsibilities

In the event of a natural disaster, everyone should immediately know what to do. That can only happen when those responsible for deploying the disaster recovery plan are identified by name and familiar with your recovery process.

Who will be in charge of getting systems back up and running? Who will make the phone calls or send emails? Who will speak with the media or law enforcement if necessary?

Include people like upper-level IT managers and other experts on your IT team, department heads, C-level executives and human resources or public relations managers. List these individuals by name rather than title so there isn’t any ambiguity about key roles and responsibilities. Be sure to routinely update their current email addresses and phone numbers. Finally, list a backup person in the event someone is unavailable.

6. Develop a Communication Plan

Now that everyone knows their responsibilities, they’ll need a clear understanding of how to communicate with one another. During a disaster, regular modes of communication are sometimes unreliable. If that happens, how will you communicate with employees, vendors and customers? You’ll need to outline procedures and business processes for contacting them, along with backup plans in the event email, cell coverage or phone lines are down.

As part of your written process, include plans for updating your website and any online portals to keep others informed about next steps. Some businesses even set up private social media groups for select individuals who need to be part of disaster recovery efforts. Communication is key for your entire workforce, so make sure no one is left in the dark. Finally, check your service level agreements (SLAs) to understand any vendor or service provider assistance that is available.

7. Conduct Regular Reviews and Testing

Once you’ve developed a disaster recovery plan, conduct periodic reviews and updates. Answer the following questions:

  • Is someone who’s listed as being responsible for a critical task no longer with your company or have they changed roles?
  • Have passwords to access or recover certain programs been changed?
  • Have you contracted with a new Managed IT provider or installed new software?

Technology changes at a rapid pace and, if current information isn’t listed, your plan could be rendered ineffective.

Just as important as making sure information is accurate is making sure people know what to do with it. Schedule regular practice drills, similar to how you might schedule routine fire drills. If not regularly reviewed and practiced, people can easily forget their roles and the steps they need to take.

Having a plan helps provide uptime assurance and protection against any form of system failure.

How a Technology Management Provider Can Help

If your business needs a hand to get the ball rolling on your IT DRP, a Technology Management partner like Elevity can help. Our 4S approach (Strategy, Security, Solutions and Support) covers all the bases in what you’ll need for successful implementation.

Want to learn how a new Technology Management approach differs from traditional IT? We’ve developed a helpful infographic that outlines the most important comparisons. Simply click the link below to access your free copy today.

New call-to-action

Subscribe by Email