What Should a Disaster Recovery Plan Contain?

First consider of this: what are the consequences of NOT having a disaster recovery plan to protect your technology and your digital assets. Without a disaster recovery plan, you run the risk of losing records permanently. Data is central to so many businesses that without it, you may no longer be able to generate revenue.
When data breaches become public knowledge, there can then be a significant hit to your reputation. Recently, British Airways faced a record £183 million fine for a data breach. The financial cost is considerable, but the reputational cost may have an even longer-lasting impact.
You may get back on your feet, but without a reliable disaster recovery plan, what will any gaps in your technology do to your future productivity? Without a plan, you might pay the ultimate price of business failure. A disaster recovery plan should therefore contain the practical steps you need to prevent your business suffering critical damage from any kind of cyberattack or data breach.
What is a Disaster Recovery Plan?
For a more detailed description on what the purpose of a disaster recovery plan is, check our original article.
A disaster recovery plan states clearly how you will protect your business in the event of unplanned incidents. These can be anything from power outages and cyber-attacks to natural disasters.
The plan should contain the strategies you will use to ensure you can recovery rapidly from any disruptions whatever their source.This plan should be a written document, with clear steps about strategic measures you will take, and what resources are in place to help you take them.
Typically, your disaster recovery plan should include:

Your objectives – what the plan is for
What it will cover – including locations and services
Incident response – what would trigger it
Disaster recovery procedures
Alternative work locations – if your normal site is unusable
Contacts – who you will need to tell internally and externally
Insurance – details of policies, numbers, emergency contacts
Plan review procedure – how often you will review this disaster recovery plan.

What are the IT Essentials for Disaster Recovery?
You need to protect or be able to recover both hardware and software and identify where and how you store your information. The first stage is therefore to catalogue and itemise everything: How many computers, keyboards and other devices do you have? Include items such as routers and hard drives. Remember: disaster recovery may need to deal with the physical theft of hardware, and not just cyber-crime or data-related disruption. What about your software? You must have a full inventory of this too. This can include bespoke, business-related software, but also accountancy and payroll software and other critical, digital assets involved in the day-to-day running of your business. What about how you store all your information? Your backup procedure will form a crucial part of your disaster recovery plan.
Your Strategy for Backup
How you backup your data is critical to how effective your disaster recovery plan will be. You should already have a firm back up procedure in place for all your documents and data. As part of your disaster recovery strategy, review these procedures and ask yourself if they are robust enough in the event of an unplanned disruption?
What will you need to ensure you can be up and running if a virus or some other breach wiped out your primary storage device?
Consider your backup options:

Online, cloud-based backup
Offline backup, such as Backup and Restore (Windows) or Time Machine (Mac).
Hybrid backup solutions – combining online and offline elements in a single backup service.

Cloud storage packages can offer valuable, specialist expertise, along with backups happening in real-time. It is important here to choose the right provider for your business back up needs. With backup strategies, always include offsite replication, so that, in the event of a physical disaster to your premises, your backups are still safe.
Where and How Will You Work?
A disaster recovery plan can involve you having to work from an alternative physical site, if your normal place of work has been damaged by, for example, fire or flood. This alternative could be emergency office space, or, depending on the nature of your business, it might involve team members working remotely but connected via cloud-based applications. It is important that whatever your accommodation solution, you have access to the hardware, software and data you need to keep things running.
Be Confident in Your Recovery Plan
For your disaster recovery plan to be effective you must have absolute confidence in it, that it will enable you to recover your data should a disaster or disruption occur.
An important aspect of this is to regularly test your backups to make sure they are working effectively. You should have strong testing criteria and procedures in place. Make sure you have not overlooked anything.
Look at what acceptable recovery timeframes will be, and how much data you are able to retain. These things will be vital in the event of an actual disaster in determining whether your business or organisation can actually recover.
Things to Anticipate
An effective disaster recovery plan will anticipate and plan for the following:

Human error – Computer Weekly reports that human error accounts for over 60% of all data loss incidents. Consider, therefore, as part of your plan, what training your business needs, its backup, and what access restrictions are appropriate.
Natural disasters – it cannot have escaped your attention, via news media, that weather patterns are increasingly unpredictable and extreme. Therefore, anticipate the impact of storm, flood and other weather-related damage.
New security threats – cyberthreats change and develop in parallel to new developments in technology and software. Therefore, your disaster recovery plan must keep up to date and you must be prepared to amend and refine it accordingly.

As your business grows, so do the number of threats to your critical data. Your plan is not something static, but rather something you must regularly review and change as your business itself changes.

Previous Next

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__lc_cid	2 years	This is an essential cookie for the website live chat box to function properly.
__lc_cst	2 years	This cookie is used for the website live chat box to function properly.
__oauth_redirect_detector	past	This cookie is used to recognize the visitors using live chat at different times inorder to optimize the chat-box functionality.
_mailmunch_visitor_id	never	Mailmunch sets this cookie to create a unique visitor ID for the Mailmunch mailing list software.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
mailmunch_second_pageview	never	Mailmunch sets this cookie to manage subscription service to mailing lists.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.

Cookie	Duration	Description
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
__gpi	1 year 24 days	No description
__racnt	session	No description available.
__racplx0	session	No description available.
__racplx1	session	No description available.
__rafm	session	No description available.
__rasel0	session	No description available.
__rasel1	session	No description available.
__rasesh	2 years 9 months 23 days	No description available.
__ratel0	session	No description available.
__ratel1	session	No description available.
_hjSession_2674997	30 minutes	No description
_hjSessionUser_2674997	1 year	No description
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description
li_sugr	3 months	No description available.
lpv271502	30 minutes	No description
visitor_id271502	10 years	No description
visitor_id271502-hash	10 years	No description

What Should a Disaster Recovery Plan Contain?

Latest resources

MSP Everything Tech recommits focus to its professional services offering

Everything Tech Group secures investment with NatWest for latest acquisition.

The Advantages of Proactive IT Maintenance for Small and Medium-Sized Businesses

Find us

Policies

Contact us

Follow us

Our accreditations

Share