A disaster recovery plan (DRP) is essential in most if not all businesses, outlining all the processes and procedures that you will follow in the event of an unpredictable event. Events that a DRP can help to protect you against can span anything from natural disasters to malicious cyber attacks, allowing you to minimise the impact that these events will have on your business.
So, to help you in developing your DRP, here are 7 critical things you must include.
Table of Contents
1. Clear objectives
There are two key objectives to include in your DRP. The first is your recovery time objective (RTO), which details the amount of time that is required to recover all your hardware and software. The second is recovery point objective (RPO), which is how much time you can afford to lose before the resuming of normal business operations.
Both RTO and RPO across departments are crucial for identifying what you might need to get back up and running more efficiently.
2. Comprehensive inventory
Take stock of all the hardware and software that your business uses. To aid you, it is best to rank how critical these things are to the day to day running of your business – namely, critical, important, and those used less frequently.
Those pieces of hardware and software you absolutely cannot run your business without can then be prioritised in terms of recovery.
3. Any Business Critical Documents or Data
In addition to an inventory of your hardware and software, you should also take an inventory of any documents or data that you either cannot operate without or cannot lose, including sensitive data like personally identifiable information (PII).
4. Who is Responsible for the Process
Identify your disaster recovery personnel, what their role and responsibilities will be in the event of a disaster, alongside their emergency contact details. This will ensure everyone knows exactly what the processes are and who is responsible for each element.
Some responsibilities that you will need to consider include, but are not limited to, backing up data, software maintenance, contacting stakeholders, talking to the media, and managerial roles that declare the disaster and manage the recovery.
5. Where Assets are Located (And Where they will be Moved)
There are three main types of location you will need to specify: hot sites, warm sites, and cold sites. Hot sites include critical infrastructure, such as a data centre that works with up-to-date information, whereas warm sites contain less pertinent information. On the other hand, a cold site typically will be the location of your backups, and thus won’t be used for the everyday running of your business.
6. Response Procedure
Outline how you will mitigate risks you have identified, and what systems you will have in place to minimise the time it takes to recover from the disaster. For example, when disaster recovery planning in case of failure of IT and voice services, a cloud-hosted unified communications software can ensure continuity in your communications and minimise downtime. Employees can simply switch from a mains powered PC to a battery powered smartphone, and seamlessly carry on as usual.
7. How Often You Will Revisit and Test your Plan
And finally, make sure to set clear expectations and guidelines on how often your DRP will be tested and reviewed. This will ensure that your plan is continually updated with the latest information.