07 December 2018

How to Build a Disaster Recovery Plan

Our world is wrought with a myriad of disasters many of them human-made, others natural. Every business and business owner have to prepare for every possible disaster if they hope to last longer than the average Sitcom.

Advances in Information Technology have expanded the reach, impact, and opportunities available to business organizations. Start-ups now have access to a more extensive range and a population of potential customers and consumers. The flow of information is faster and more comfortable as the world is quickly turning into a global village.

With these advantages also comes a new variety of risks and vulnerabilities that can be exploited by criminal individuals. For example, loss or tampering of company records can cripple a company production system, service provision, and organization and even put them in debts or perplexing lawsuits.

A Disaster Recovery Plan (DRP) is a detailed outline of precautions, policies, and fail-safes that are put in place by business to enable it to resume normal business operations after a disaster (natural or human-made); while reducing or completely preventing loses.

There are two considerations associated with a Disaster Recovery Plan: Recovery Time Objective and Recovery Point Objective. The Recovery Time Objective (RTO) denotes the measured delay in operations a business willing and able to withstand while its systems are returned to working order. The Recovery Point Objective (RPO) is the measure of loss in data and documents a business is willing and able to suffer after a dictator. RPO is measured in time.

A disaster is any occurrence that disrupts or interrupts the day to day operations of a business. The accident may be of natural sources or human-made. Natural disasters include floods, rainstorms, snowstorms, earthquakes, tsunamis, and tornadoes. Human-made disasters include social or civil unrest, arson, chemical or biological terrorism, cyberattacks, robberies, break-ins arson or innocent human errors.

Here are a few factors that determine the extent DRP:

  • Possible Risk and Disaster: depending on the nature of your systems and your geographical location, you may be vulnerable to some disasters while never experiencing others. Carry out research to identify

  • Costs: there is a range of procedures, securities, and measures that may be employed, but these are dependent on the size and budget of the business in question. Usually, managements find it hard to appreciate the value of a DRP until a disaster occurs.

  • The desire of management or business owner: in policy making the administration always have the final say, and you can only make suggestions and recommendations.

Disaster Recovery Plan is geared towards ensuring business continuity after a disruption in operations. The amount of time your business spends out of commission can be small enough to cause a very little or unnoticeable delay in service provision or large enough to make you lose customer trust and patronage. Having an essential DRP is a significant form of security that would give you confidence and rest of mind in case of a catastrophe or attack. A DRP should be designed with preventive measures and mitigating fail-safes; detective systems and back-up and recovery procedures.

In the "Contingency Planning Guide for Federal Information Systems",the National Institute of Standards and Technology (NIST, Special Publication 800-34) advises that appropriate IT disaster recovery plan should consist:

  • Contingency Planning Policy: this contains the prioritization and development of a competent contingency plan.

  • Business Impact Analysis: this is used to identify critical systems and structures in business, and ensure their prioritization and protection.

  • Preventive Measures: these are precautions and fail-safes put in place to reduce or avert damage to systems or loss of data. Examples are an installation of a safe or strong room, employing security, smoke alarms, and sprinkler systems, onsite and offsite data backup, etc.

  • Recovery Strategy: this is the process or procedure of returning the business to working order after the disaster has passed. Assign smooth and secure communication systems between backup and recovery teams. The process should be efficient and orderly to reduce recovery time objective (RTO).

  • Testing, Training, and Execution: personnel and employees should be made educated on precautions, policies and their obligations during and after a catastrophe. Regular drills are needed to keep every member of the business is prepared for any eventuality.

  • Maintenance and Development: previous plans should be regularly and systematically assessed and compared with any changes in the business environment and operations to ensure efficiency and effectiveness

As Franz Kafka once said, "It is better to have it and not need it than to need it and not have it." You might require professional assistance to make sure your plan fails proof and will not fail when the storms come.

Want to Share this Article?

About the author


The writer has a degree in Computer Science with a passion for content writing, my experience spans writing whitepapers, blogs, case studies, research reports, and more.

View More Posts