How to Create a Disaster Recovery Plan Template Today
What is necessary for a disaster recovery plan template
For small business owners, the importance of a disaster recovery plan template is immense. If natural or man-made disaster strikes, you need to be prepared to ensure the continuity of your business. The better prepared you and your business are, the smoother the transition will be after disaster and the quicker your business will get back to operating as it was before.
For smaller businesses, this planning and preparation may seem daunting. It may seem like more than you can handle when you consider finances, time, and resources. But using things like templates and consultants can make this a very manageable task.
The following disaster recovery plan template provides a basic breakdown of what the structure and content of your planning should look like.
Sample disaster recovery plan template
Every business has its own unique risks, and thus each organization’s recovery planning will be slightly different. The disaster recovery plan template below is just that: a template. It provides a basic outline of what should go in your DRP, but it is by no means an exhaustive resource and the order of the categories is interchangeable as well.
Use these categories as a framework for starting your own plan, but consider relying on an experienced disaster recovery management consultant to customize your planning to the specific needs of your organization.
1) Contact Information
One of the first sections of your DRP should include the names and contact information of people who are essential to the recovery process.
This list typically includes the people who need to be contacted after an incident, as well as the people who manage the DRP itself. The list should be at the front of a disaster recovery plan so that in the event of a crisis, valuable time is not wasted digging through documents. Ultimately, when disaster strikes, anybody could be tasked with managing the recovery initially. You want to make sure those people know exactly what to do, who to contact and how.
Here are the key questions that this section should answer:
· Who manages the disaster recovery plan?
· Who will manage the recovery?
· Who is on your recovery teams in each department?
· Who needs to be contacted first during a disaster?
2) Plan Updates & Revisions
Another important initial section of your disaster recovery plan template should be for updates and revision control. Like any other critical business documentation, your DRP should be updated routinely to ensure the information is still accurate and that any new recovery systems or protocols are accounted for.
The section should also provide information regarding your change management process, such as what version the document is and when it was last updated. This will make it easier to prepare, manage, and reinforce a management change going forward.
What to include:
· Document version number and/or revision date
· Who manages the updates and revisions?
· How often should the plan be reviewed and updated going forward?
That last item is particularly important. As part of your ongoing planning, you should set a timeframe for when the plan is updated and make sure that timeframe is clear in the documentation.
3) Purpose and Scope
We may not yet have reached the “meat” of the disaster recovery plan yet, but this next section is still very important. Within the purpose and scope, you will outline the objectives of the DRP itself and provide summaries on why these objectives are necessary. This section literally explains the purpose of the document and what the document aims to achieve.
Why is this section needed? Isn’t the purpose obvious?
No, it’s not. For one, not all DRPs have the same scope. For example, a plan might be limited to IT-related recoveries, while another might be more focused on safety protocols for employees during an emergency. You need to make it clear, from the start, exactly which situations the DRP covers and to what extent.
This is also a good place to list team descriptions, if you didn’t already include them in an earlier section, as well as a list of terms and any additional background information that may be helpful.
Finally, this section should provide a high-level overview of the importance of having a plan (which we address in more detail below), so that there is no confusion about the risks. It should summarize how various disasters will impact the business and how proper planning can ensure continuity during such events.
4) Recovery Activation Instructions
This section should make it clear how and when to activate the recovery plan.
· Who should declare disaster?
· Which circumstances justify activating the plan? (Which don’t?)
· Who should be notified?
· What must be communicated at the outset of the recovery? i.e. outage timeframes, recovery estimates, etc.
The reason this must be spelled out is that, in some scenarios, it may be unclear whether a full disaster protocol is warranted. For example, what if a single server drive fails? Do all recovery procedures need to be followed, or can the problem be resolved at the sole discretion of the IT manager? What about an entire server failure? Or a network outage? It must be clear which specific events trigger the recovery plan.
In this section, you will outline some of the specific objectives for recovery after a disruptive event, such as the speed of the recovery.
Businesses cannot afford to approach recovery with loose estimates or guesswork. The reason for that is simple: if a recovery takes too long, it can spell doom for the entire company. Accordingly, businesses must have a solid understanding of the business impact of a disaster, especially as it relates to time. You must know how much time is “too long,” so that you can set realistic goals for the recovery.
Two key objectives to include in your recovery plan are the recovery time objective (RTO) and recovery point objective (RPO). Here’s a quick explainer on both:
· RTO: RTO is a targeted length of time for recovery to be completed (or for a specific business process to be restored) in order to prevent an unacceptable break in continuity following a disaster.
· RPO: More specific to data recovery, RPO is the targeted maximum age of your most recent recovery point, which ensures that data backups are never older than X hours or else the data loss will be too great to avoid an unacceptable break in continuity.
Setting these objectives is critical because they ultimately guide all the other recovery protocols and systems in your DRP.
Now we get to the heart of your disaster recovery plan template: the procedures that should be taken after declaring a disaster.
These are the protocols that your recovery teams and other personnel will follow to ensure that the recovery meets the objectives identified in the section above. Since every disaster is different, each will require its own course of action. For example, recovery procedures for restoring a critical server will obviously be different from restoring power during a prolonged electrical utility outage (though some steps may indeed overlap). You may choose to include a list of all applicable disaster scenarios here, with specific instructions for each, or you can break them out into their own sections or appendices (useful if the procedures are lengthy).
Additionally, if your initial recovery protocols are nearly identical for every situation, then you can include a general overview of those procedures here. Some example steps may include procedures for:
· Declaring the emergency
· Assessing damage / impact
· Communicating and/or meeting with recovery teams and stakeholders
· Communicating the disruption to all affected personnel
· Prioritizing and assigning recovery tasks to recovery team members
Checklists and flow charts are a good way to identify the steps that should be taken when a situation occurs. These visuals make it easy for everyone to see and understand what needs to be done.
7) Systems and Technologies
In this section, you’ll break down the systems and technologies that support the recovery process.
This section is important for distinguishing which systems are critical for recovery, when they’re used and how. Within your procedures, you will likely need to refer to several of these systems. This section provides a clearer overview of each technology and how it helps meet your recovery objectives.
Some example systems to include:
· Networking / Internet failover systems
· Malware removal and cybersecurity tools
· Backup power generators
· Datacenters and cloud-based data backups
· Virtualization capabilities
· Mobile connectivity solutions
· Emergency communication systems
7) Backup Locations, Equipment and Assets
Some types of events, such as natural disasters, will require relocating critical operations to a secondary location. In this section, you’ll provide thorough information and instructions for the relocation, as well as backup equipment and activities related to that transition.
Not every business will have the resources to maintain a secondary location that it can use immediately after a disaster. However, businesses should take steps to ensure they will be able to secure such a location at a moment’s notice, when needed. Keep in mind, the location itself provides only the space for those operations, so you’ll also need to consider which backup equipment and assets will be needed, and how they’ll be secured.
Backup Items you may want to account for:
· Networking equipment and other IT hardware
· Office equipment and furniture
· Any equipment critical to your operations
When creating a disaster recovery plan, you will likely discover opportunities for improving your recovery systems. You’ll include those recommendations here.
Not every business will opt to include this section in their DRP, but doing so will help ensure that everyone is on the same page about addressing known weaknesses in your continuity planning. Remember that your DRP is a work in progress and should be reevaluated on an ongoing basis. If, for example, you discovered that your current data backup systems were inadequate, you would state how and why, along with recommendations for making improvements. Managers or key stakeholders would then be able to review these recommendations as they relate to all the objectives and protocols in the DRP.
Upon implementing the recommended solutions, the DRP would then be updated to reflect the implementation under the Systems & Technologies section.
Why do you need a DRP?
Let’s take a step back now to address why you need a disaster recovery plan in the first place.
It’s important to remember that smaller businesses are especially vulnerable to the effects of a disaster. One disruptive event may not just sideline your operations; it may end them. Consider some of these alarming statistics:
· 40% to 60% of small companies go out of business after a disaster (FEMA)
· Among those that reopen their doors, more than 70% fail within 2 years.
· After a disaster, 90% of small businesses fail within a year if they are unable to open their doors within 5 days.
The financial brunt of disaster
How can a disaster be so devastating to business, even in cases where the operations are only disrupted for a few days?
It’s all comes down to financial impact.
Research shows that a single hour of downtime can cost businesses an average of $5,600 per minute – or roughly $336,000 an hour. Obviously, these numbers vary depending on the size of the business. But there are numerous expenses that can quickly skyrocket after a disaster: idle workers, data loss / recovery, hardware failure, revenue disruptions and long-term reputation damage, just to name a few. And that doesn’t even include the costs from damage to building structures or the loss of physical assets inside those facilities.
Recovery planning is vital to ensuring that businesses are prepared for disaster and have systems in place to manage a quick recovery.
Take the Next Step
Comprehensive recovery planning can seem overwhelming if you’re just beginning the disaster management process. But creating a disaster recovery plan template like the one above does not have to be difficult, especially when you have experts to guide you along the way.
Ultimately, even a little bit of planning can go a long way to preventing prolonged downtime after a disaster. As long as you are thorough, provide step-by-step information, and review and update the policies frequently, this plan could greatly benefit your business and smooth out some of the bumps that a disaster would most likely cause.
Free Demo: Disaster Recovery Solutions
Get more information on the best ways to protect your organization with today’s leading business continuity and disaster recovery solutions from Datto. Request a free demo or contact our recovery experts at Invenio IT. Call us at (646) 395-1170 or email [email protected].