What Is a Disaster Recovery Plan?
A disaster recovery plan defines instructions that standardize how a particular organization responds to disruptive events, such as cyber attacks, natural disasters, and power outages. A disruptive event may result in loss of brand authority, loss of customer trust, or financial loss.
The plan is a formal document that specifies how to minimize the effects of disaster scenarios, and help the organization minimize damage and restore operations quickly. To ensure effectiveness, organize your plan by the location and the type of disaster, and provide simple step by step instructions that stakeholders can easily implement.
Disaster recovery plan examples can be very useful when developing your own disaster recovery plan. We collected several examples of plans created by leading organizations, and a checklist of items that are essential to include in your new plan.
In this article:
- Great Disaster Recovery Plan Examples
- Things You Must Include in Your Disaster Recovery Plan Checklist
- Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
- Hardware and Software Inventory
- Identify Personnel Roles
- List of Disaster Recovery Sites
- Remote Storage of Physical Documents and Storage Media
- Disaster Response Procedures
- Identify Sensitive Data
- Define a Communication Plan for Disaster Events
- Physical Facility Needs
- Run Disaster Recovery Drills
- Data Protection with Cloudian
This article is part of a series on Disaster Recovery.
Disaster Recovery Plan Examples
Each of these examples is also a template you can use to develop a disaster recovery plan for your organization.
For more background on how to build a plan from scratch, read our guide to disaster recovery plans and disaster recovery solutions.
IBM’s Disaster Recovery Plan
Created by: IBM
Pages: 13
Main sections:
- Major goals of a disaster recovery plan
- Personnel
- Application profile
- Inventory profile
- Information services backup procedures
- Disaster recovery procedures
- Recovery plan for mobile site
- Recovery plan for hot site
- Restoring the entire system
- Rebuilding process
- Testing the disaster recovery plan
The Council on Foundations
Created by: The Council on Foundations
Pages: 59
Main sections:
- Risks and Event Scenarios
- Plan Activation
- Responsibility and Delegation of Authority
- Incident Response Team (IRT)
- Incident Response Team Roles & Responsibilities
- Business Impact Analysis
- Recovery Activity Summary and Needs Assessment
- Vital Records
- Disaster Notification/Communications
- Personnel & Board Contact Information
- Building Evacuation
- Emergency Operations Center
- Business Recovery Locations
- Information Technology/Operations Preparedness
Evolve IP
Created by: Evolve IP
Pages: 17
Main sections:
- Emergency Contact Form
- External Contacts
- Notification Network
- DR Teams & Responsibilities
- DR Lead
- Disaster Management Team
- Network Team
- Server Team
- Applications Team
- Data & Backups
- Restoring IT Functionality
- IT Systems
- Network Equipment
- Severity One System
- Plan Testing & Maintenance
- Recovery Completion Form
Micro Focus
Pages: 36
Main sections:
- Objectives
- Key Personnel Contact Info
- Plan Overview
- Emergency
- Media
- Insurance
- Financial and Legal Issues
- Technology Disaster Recovery Plan
- Suggested Forms
Things You Must Include in Your Disaster Recovery Plan Checklist
Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
A disaster recovery plan must make it clear what are your organization’s:
- RTO—the maximal time your organization can tolerate for recovering normal operations in case of a disaster (for example, recovery within 30 minutes, 2 hours, 12 hours)
- RPO—the maximal amount of data your organization can afford to lose (for example, an hour of data, 3 hours of data, one day of data)
Hardware and Software Inventory
For a plan to be effective, you must have a comprehensive, up-to-date inventory of your IT assets. Categorize them into the following categories:
- Critical—assets without which your business cannot operate
- Important—applications that are used at least once per day and can disrupt normal operations
- Unimportant—applications that are used less frequently than once per day
Ensure that your disaster recovery plan addresses all critical assets, and as many as possible of the important and unimportant assets, in that order.
Identify Personnel Roles
The plan should define who in the organization is responsible for disaster recovery processes, with their names and contact details. Critical responsibilities include:
- Ongoing backups and maintenance of business continuity systems
- Responsibility for declaring a disaster
- Responsibility for contacting third-party vendors
- Responsibility for reporting to management and liaising with customers, press, etc.
- Responsibility for managing the crisis and recovering from it
List of Disaster Recovery Sites
A disaster recovery plan must specify where the company’s assets are located, and where each group of assets will be moved if a disaster occurs. There are three types of sites:
- Hot sites—a fully functional data center with IT equipment, personnel and up to date customer data.
- Warm sites—a functional data center that allows access to critical systems only, without up-to-date customer data
- Cold sites—used to store backups of systems or data, but without the ability to immediately run operational systems
Remote Storage of Physical Documents and Storage Media
Most organizations have a large quantity of physical documents and/or storage media like DVDs, external hard drives or backup tapes, which must be protected in case of a disaster. Unexpected loss of this data can be detrimental to the business or result in compliance violations. Therefore, copies of all critical documents must be stored in a remote location.
Disaster Response Procedures
A key element of a disaster recovery plan is a documented procedure for responding to a catastrophic event. The first few hours of an event are critical, and staff should know exactly what to do to minimize damage to organizational systems, and recover systems to resume normal operations.
A DR procedure should include clear action steps, in simple and unambiguous language, including how to fail over to the disaster recovery site and ensure that recovery is successful.
Related content: Read our guide to disaster recovery policy
Identify Sensitive Data
All organizations maintain sensitive data, which may also be subject to compliance requirements, such as Personally Identifiable Information (PII), credit cardholder data, or other valuable data like intellectual property (IP).
A disaster recovery plan must identify how this sensitive data is securely backed, and who should have access to the original copy and the backups, both during normal operations and in the event of a disaster.
Define a Communication Plan for Disaster Events
When disaster strikes, a company must have a clear plan for delivering essential information to affected parties, including:
- Management
- Employees
- Vendors and suppliers
- Customers
- Compliance authorities
- The media
The communication plan should include elements like public relations (PR), communication on the company websites, and social media. When there is a clear channel of communication with stakeholders about an event, customers and other stakeholders will feel reassured and will be more likely to continue their relationship with the company.
Physical Facility Needs
In case of a physical disaster like a flood or earthquake, there will be a need to restore physical facilities. The disaster recovery plan should specify what is the minimal facility that will enable the company to restore normal operations—including office space, location, furniture needed, computing and IT equipment.
Run Disaster Recovery Drills
Disaster recovery plans might look great on paper, but fail when they are needed most. To avoid this from happening, run a drill and test your plan in a realistic scenario. Learn the lessons from the drill and update the plan to make it clearer and more effective for all parties involved. Disaster recovery plans must be updated at least once per year.
Protecting Data Effortlessly with Cloudian
If you need to backup data to on-premises storage, Cloudian offers low-cost disk-based storage with capacity up to 1.5 Petabytes. You can also set up a Cloudian appliance in a remote site and save data directly to the remote site using our integrated data management tools.
Alternatively, you can use a hybrid cloud setup. Backup data to a local Cloudian appliance, and configure it to replicate all data to the cloud. This allows you to access data locally for quick recovery, while keeping a copy of data on the cloud in case a disaster affects the on-premise data center.
Learn more about Cloudian’s data protection solution.