Wednesday 15th July 2015
by Simon Golding

Simon Golding

Key Elements of a Disaster Recovery Plan (DRP)

There are a number of risks that your business could face each day, some go unnoticed, and others if undetected can have a big impact on your business. Whilst it’s important to plan for natural disasters such as fires and floods these events do not pose a regular threat. There needs to be focus given to events that have a higher and more frequent chance of occurring.  There are a number of other significant threats that your business could be subjected to, such as the following:

  • Human error
  • Virus attacks
  • Unplanned updates and patches
  • Power outages
  • Server and software failure

Ensuring that your business has documented procedures when these disasters occur, helps to reduce the impact these disasters have. The procedure also needs to be clear to understand so that your business can mitigate against loss and ensure survival. There are a number of key elements that you must consider when developing a Disaster Recovery Plan (DRP)

Recovery Process

The first thing you need to decide is what are your most important assets that you want to protect? It’s important that you prioritise your efforts so that critical applications are attended to immediately. There are going to be certain applications or programs that the business can survive without for a short period of time but there will be critical functions such as client facing applications or emails that need recovering straight away.

Defining Responsibilities

Your disaster recovery plan should detail who is responsible for what tasks in the event of a disaster. Identifying the key roles and responsibilities to ensure everyone knows who is responding to which issue. This also helps to improve communication and minimise stress for everyone involved in the recovery process.

If a third party provider is responsible for your disaster recovery it’s important that you are both aware of each party’s responsibilities. This must be documented in the disaster recovery plan so that the ownership is clearly defined.

Regular Testing

There is little point in developing a plan if you aren’t going to test it regularly. As businesses grow and technology changes so will your disaster recovery plan. Disaster recovery plans need to be tested at least every quarter to ensure they are maintained and updated to certify optimum performance when disaster strikes. There are new risks being introduced each year, so your plan needs to reflect how you will deal with those new risks.

Recovery Time

Every second counts in businesses so ensuring that critical systems can be restored as quickly as possible is key. Defining an acceptable recovery time that the data must be restored after a disaster provides the maximum time that the disaster must be resolved by. It also helps you identify any gaps within your disaster recovery process because if the deadlines aren’t being met that means there was an underlying problem.

Carrying out a business impact analysis will help you to address any gaps in your recovery model and identify critical elements of your IT infrastructure. This means that you can create the right recovery timeline for your business.

Communication Plan

People are a company’s most important asset so ensuring that your employees are communicated to when disaster strikes is vital. It’s natural that your employees will ask questions and will want answers quickly when it disrupts their job. If disaster strikes and affects your phones or email server do you have an alternative method of contact? It’s important that the individuals responsible for managing the recovery know the protocol for communicating to employees.


Disaster recovery strategies ensure that when critical business data, IT systems and networks are disrupted there are processes in place to certify that the business can be recovered in an emergency. The disaster recovery process should be documented in a formal Disaster Recovery Plan (DRP) which outlines the actions that should be taken during and after a disaster has occurred. This ensures that everyone is aware of the appropriate action that must be taken and removes the need for on the spot decisions to be made.