Blog Story

What Should a Disaster Recovery Plan Contain?

Lee Wrall


Say hi!
File Transfer Graphic.

First consider of this: what are the consequences of NOT having a disaster recovery plan to protect your technology and your digital assets. Without a disaster recovery plan, you run the risk of losing records permanently. Data is central to so many businesses that without it, you may no longer be able to generate revenue.
When data breaches become public knowledge, there can then be a significant hit to your reputation. Recently, British Airways faced a record £183 million fine for a data breach. The financial cost is considerable, but the reputational cost may have an even longer-lasting impact.
You may get back on your feet, but without a reliable disaster recovery plan, what will any gaps in your technology do to your future productivity? Without a plan, you might pay the ultimate price of business failure. A disaster recovery plan should therefore contain the practical steps you need to prevent your business suffering critical damage from any kind of cyberattack or data breach.
What is a Disaster Recovery Plan?
For a more detailed description on what the purpose of a disaster recovery plan is, check our original article.
A disaster recovery plan states clearly how you will protect your business in the event of unplanned incidents. These can be anything from power outages and cyber-attacks to natural disasters.
The plan should contain the strategies you will use to ensure you can recovery rapidly from any disruptions whatever their source.This plan should be a written document, with clear steps about strategic measures you will take, and what resources are in place to help you take them.
Typically, your disaster recovery plan should include:

  • Your objectives – what the plan is for
  • What it will cover – including locations and services
  • Incident response – what would trigger it
  • Disaster recovery procedures
  • Alternative work locations – if your normal site is unusable
  • Contacts – who you will need to tell internally and externally
  • Insurance – details of policies, numbers, emergency contacts
  • Plan review procedure – how often you will review this disaster recovery plan.

What are the IT Essentials for Disaster Recovery?
You need to protect or be able to recover both hardware and software and identify where and how you store your information. The first stage is therefore to catalogue and itemise everything: How many computers, keyboards and other devices do you have? Include items such as routers and hard drives. Remember: disaster recovery may need to deal with the physical theft of hardware, and not just cyber-crime or data-related disruption. What about your software? You must have a full inventory of this too. This can include bespoke, business-related software, but also accountancy and payroll software and other critical, digital assets involved in the day-to-day running of your business. What about how you store all your information? Your backup procedure will form a crucial part of your disaster recovery plan.
Your Strategy for Backup
How you backup your data is critical to how effective your disaster recovery plan will be. You should already have a firm back up procedure in place for all your documents and data. As part of your disaster recovery strategy, review these procedures and ask yourself if they are robust enough in the event of an unplanned disruption?
What will you need to ensure you can be up and running if a virus or some other breach wiped out your primary storage device?
Consider your backup options:

  • Online, cloud-based backup
  • Offline backup, such as Backup and Restore (Windows) or Time Machine (Mac).
  • Hybrid backup solutions – combining online and offline elements in a single backup service.

Cloud storage packages can offer valuable, specialist expertise, along with backups happening in real-time. It is important here to choose the right provider for your business back up needs. With backup strategies, always include offsite replication, so that, in the event of a physical disaster to your premises, your backups are still safe.
Where and How Will You Work?
A disaster recovery plan can involve you having to work from an alternative physical site, if your normal place of work has been damaged by, for example, fire or flood. This alternative could be emergency office space, or, depending on the nature of your business, it might involve team members working remotely but connected via cloud-based applications. It is important that whatever your accommodation solution, you have access to the hardware, software and data you need to keep things running.
Be Confident in Your Recovery Plan
For your disaster recovery plan to be effective you must have absolute confidence in it, that it will enable you to recover your data should a disaster or disruption occur.
An important aspect of this is to regularly test your backups to make sure they are working effectively. You should have strong testing criteria and procedures in place. Make sure you have not overlooked anything.
Look at what acceptable recovery timeframes will be, and how much data you are able to retain. These things will be vital in the event of an actual disaster in determining whether your business or organisation can actually recover.
Things to Anticipate
An effective disaster recovery plan will anticipate and plan for the following:

  • Human error – Computer Weekly reports that human error accounts for over 60% of all data loss incidents. Consider, therefore, as part of your plan, what training your business needs, its backup, and what access restrictions are appropriate.
  • Natural disasters – it cannot have escaped your attention, via news media, that weather patterns are increasingly unpredictable and extreme. Therefore, anticipate the impact of storm, flood and other weather-related damage.
  • New security threats – cyberthreats change and develop in parallel to new developments in technology and software. Therefore, your disaster recovery plan must keep up to date and you must be prepared to amend and refine it accordingly.

As your business grows, so do the number of threats to your critical data. Your plan is not something static, but rather something you must regularly review and change as your business itself changes.

Latest resources