What is a Disaster Recovery Plan?

A disaster recovery plan (DRP) is a part of the business continuity plan that focuses on the IT aspect of the organization. It is a planning paper that documents the methodology or the process a company should follow to deal with potential crises. A DRP is more or less an organized way to deal with a problematic occurrence, which could be either man-made or a natural calamity.

When an entire business sector or an individual company is caught off guard without any preparedness or a contingency backup plan, it could result in a long-term slowdown of the company's production, and affect its revenue generation.

But more than that, at times it also affects the company's credibility, as it seems that it is not ready to take on and tackle problems. Of course, this does not apply to natural disasters. Emergency preparedness and data retrieval is the key to successful recovery planning.

Recovering from a disaster is an increasingly important aspect of business continuity planning. As businesses now span the globe, the systems that connect them are becoming more complex. As a consequence, any one aspect of the system or network could go wrong. Hence, the need for a structured recovery plan. The basic objective of a DRP is to ensure stability to the organization by protecting it from unforeseeable future disasters.

The plan should be comprehensive enough to minimize the impact of damage or disruption of operations or services, and must play a vital role in ensuring a speedy recovery. Besides doing the obvious, it should also provide for a standby system and a testing phase, minimize the decision-making process, and provide a general sense of security among the employees.

Risk analysis is imperative, and also the first step towards prioritizing recovery. All kinds of risks need to be studied; computer or network failures, accidental data deletion, virus threats, and all other natural disasters.

Mostly, threats are categorized in terms of probability and its impact, and further classified as high, medium, or low. Most risk analyzers determine the needs as per worst case scenarios, and assess the consequences resulting from the loss of infrastructure, operations, manpower, and data.

The planning committee needs to analyze the costs related to potential threats. Besides, it also needs to assess and allocate resources for developing back ups, tests, planning, and setting up of the recovery plan.

While deciding upon the budget, it is important to understand whether all that is being spent, would reap any benefits in getting the business back on track. Many businesses complain of inaccurate recovery priorities being allocated, which in time of a real disaster proves to be unworthy of the time and money spent on it.

Once the risk is assessed and the plan is approved, it is time for its actual development. This involves determination of key functional roles related to personnel assigned for recovery, documentation, systems and network, and policies and procedures. Coordination amongst the team is also decided at this stage. The duration of recovery under different scenarios also needs to be worked out.

For companies that are vastly networked, alternate center locations are allocated, until the calamity-struck center can start up again. The entire plan should be documented in a detailed manner. All aspects, no matter how small, should be scripted. Testing criteria and procedures are also defined and documented in this phase.

Testing is essential to understanding the working of a recovery plan. Loopholes as well as faulty measures can only be identified when an actual drill is conducted. Frequent testing will allow the recovery plan to be updated, and adapt to all changing scenarios of the environment around it.

DRPs should be made an integral part of all business management polices and procedures. The continuity of a business is dependent upon awareness of potential threats, ability to minimize disruptions, and the capability to recover expediently and successfully.

DRPs are company specific, hence, it is difficult to find an example specific to your needs. They need to be developed keeping specific requirements in mind.