Disaster Recovery Planning (DRP) is the process of documenting the step by step instructions necessary for responding to unplanned incidents, events, and situations. The DRP describes the actions to take to minimize the impacts and effects of a disaster so that an organization can continue to operate, or at least quickly resume their mission-critical functions.
There are five steps in developing the DRP:
- Step 1 is to establish a disaster recovery committee. This team is responsible for developing, implementing, and maintaining the DRP.
- In the second step, the team identifies and assesses the type of risks the organization is likely to face. The assessment should cover three broad categories of disasters:
- Natural disasters such as hurricanes, floods, fires, earthquakes, tornadoes, and any possible nature-created events based on the organization’s geographic location
- Human-made incidents such as terrorist attacks, actions of disgruntled employees, and corporate espionage
- Technology-based incidents such as hard drive malfunctions, data breaches, software defects, and malware
- The third step involves identifying mission-critical applications, employees, data, processes, and services. As mentioned above, the DRP is focused on getting key required operations up and running so the business can function. Information to consider at this step includes:
- Business-specific data
- Information about key human resources
- Employee contact information
- Detailed instructions for what on-site and off-site employees should do when faced with an emergency or disaster
- Step four involves identifying and planning for the backup and off-site storage of business-critical information and processes identified in step 3. At this stage, it’s important to decide if off-site storage is needed and if so, the best type. For example, is a fully functional, duplicate site needed? Or is an off-site storage area all that’s required?
There are many options for data backup and storage. What’s appropriate for a business depends on many factors, all of which need to be reviewed and evaluated at this stage.
- The fifth and final stage can be summarized as maintenance. The DRP needs to be treated as a living document. It should be reviewed and tested on a regular basis. An individual should be identified to maintain the DRP. To ensure relevant and critical information is protected, this individual keeps the document current and regularly tests procedures, so employees know their roles. A DRP is essential so that if a disaster does occur, it can be handled calmly, correctly, and effectively.