Disaster Recovery Plan: 4 Examples and 10 Things You Must Include in Your DR Plan

What Is a Disaster Recovery Plan?

A disaster recovery plan defines instructions that standardize how a particular organization responds to disruptive events, such as cyber attacks, natural disasters, and power outages. A disruptive event may result in loss of brand authority, loss of customer trust, or financial loss.

The plan is a formal document that specifies how to minimize the effects of disaster scenarios, and help the organization minimize damage and restore operations quickly. To ensure effectiveness, organize your plan by the location and the type of disaster, and provide simple step by step instructions that stakeholders can easily implement.

Disaster recovery plan examples can be very useful when developing your own disaster recovery plan. We collected several examples of plans created by leading organizations, and a checklist of items that are essential to include in your new plan.

In this article:

• Brief History of Disaster Recovery Plans
• Types of Disaster Recovery Plans
• Disaster Recovery Plan Examples
  • IBM’s Disaster Recovery Plan
  • The Council on Foundations
  • Evolve IP
  • Micro Focus
• Things You Must Include in Your Disaster Recovery Plan Checklist
• Data Protection with Cloudian

This article is part of a series on Disaster Recovery.

Brief History of Disaster Recovery Plans

The concept of disaster recovery (DR) plans dates back to the mid-20th century. Initially, businesses relied heavily on paper records, and their primary concern was fire safety. The introduction of digital technology in the 1970s and 1980s brought new challenges, leading to the development of IT-specific disaster recovery strategies.

The rise of the internet in the 1990s expanded the scope of DR plans to include cyber threats. Organizations began investing in offsite backups and data replication to ensure business continuity. The 2000s saw the advent of more sophisticated disaster recovery solutions, such as cloud-based services and automated recovery systems.

Today, disaster recovery plans are comprehensive frameworks that address a wide range of potential disruptions, from cyber attacks to natural disasters. The focus is on resilience and rapid recovery, with an emphasis on minimizing downtime and data loss.

Types of Disaster Recovery Plans

Virtualized disaster recovery plan

A virtualized disaster recovery plan leverages virtualization technologies to create a more flexible and efficient recovery process. By abstracting physical hardware through virtual machines (VMs), organizations can easily replicate and recover entire systems. In the event of a disaster, these VMs can be quickly restored on different physical servers, reducing downtime significantly.

Network disaster recovery plan

A network disaster recovery plan focuses on maintaining and restoring network operations after a disruption. This involves strategies for recovering data communication links, network equipment, and essential network services. Key components include redundancy in network pathways, regular backups of network configurations, and the use of failover mechanisms to switch traffic to alternate routes seamlessly.

Cloud disaster recovery plan

Cloud disaster recovery plans utilize cloud services to back up and restore data and applications. This approach benefits from the cloud’s inherent flexibility, scalability, and accessibility. Data is replicated to cloud storage, and cloud-based recovery environments can be activated quickly in response to an incident. Cloud DR plans are cost-effective, as they reduce the need for maintaining physical infrastructure dedicated solely to disaster recovery.

Data center disaster recovery plan

A data center disaster recovery plan is designed to restore the operations of a physical data center after a disaster. This involves strategies for recovering hardware, software, data, and network connectivity within the data center. Key elements include establishing an alternate data center location, ensuring data redundancy across sites, and having a clear sequence of steps for rebuilding the IT environment.

DRaaS

Disaster Recovery as a Service (DRaaS) offers a managed approach to disaster recovery, where a third-party provider handles the recovery process on behalf of the organization. DRaaS solutions typically include continuous data replication, automated failover, and comprehensive recovery planning. This service model is particularly attractive to organizations with limited internal resources.

Disaster Recovery Plan Examples

Each of these examples is also a template you can use to develop a disaster recovery plan for your organization.

For more background on how to build a plan from scratch, read our guide to disaster recovery plans and disaster recovery solutions.

IBM’s Disaster Recovery Plan

Created by: IBM
Pages: 13

The aim of a disaster recovery plan is to guarantee prompt response to any disaster or emergency impacting information systems, while mitigating its impact on business operations. Once you’ve compiled the information outlined in this topic collection, securely store your document in an off-site location that’s both safe and accessible.

Main sections:

• Major goals of a disaster recovery plan – Details the major goals of a disaster recovery plan.
• Personnel – Use the tables in this topic to record your data processing personnel. You can include a copy of the organization chart with your plan.
• Application profile – Use the Display Software Resources (DSPSFWRSC) command to complete the table in this topic.
• Inventory profile – Use the Work with Hardware Products (WRKHDWPRD) command to complete the table in this topic.
• Information services backup procedures – Use these procedures for information services backup.
• Disaster recovery procedures – For any disaster recovery plan, these three elements should be addressed.
• Recovery plan for mobile site – This topic provides information about how to plan your recovery task at a mobile site.
• Recovery plan for hot site – An alternate hot site plan should provide for an alternative (backup) site. The alternate site has a backup system for temporary use while the home site is being reestablished.
• Restoring the entire system – Learn how to restore the entire system.
• Rebuilding process – Assess damage and begin the reconstruction of a new data center.
• Testing the disaster recovery plan – In successful contingency planning, it is important to test and evaluate the plan regularly.

Go to template

The Council on Foundations

Created by: The Council on Foundations
Pages: 59

• Risks and Event Scenarios –

  Disasters are occurrences that surpass the response capacities of a community and/or its existing organizations. Risks to be taken into account encompass those stemming from natural hazards, neighboring entities, built environments, political or social unrest, as well as risks associated with IT and data security.

• Plan Activation –

  The Foundation CEO, an appointed representative, or their successor, may initiate this Plan when it becomes essential to oversee and organize a response to a disaster. The decision to activate it will be reached through consultation with members of the Incident Response Team.

• Responsibility and Delegation of Authority –

  The individuals listed below will assume responsibility for the designated tasks. A checklist for each person is included.

• Incident Response Team (IRT) –

  A template of the individuals on the response team and their contact info.

• Incident Response Team Roles & Responsibilities –

  The detailed list of the response team individuals and their responsibilities.

• Business Impact Analysis –

  A Business Impact Analysis is conducted to identify the tasks and functions crucial for the Foundation to remain operational.

• Recovery Activity Summary and Needs Assessment –

  A chart that delineates the vital operational procedures for each departmental function.

• Vital Records –

  Each Foundation should uphold a separate document retention policy, outlining all crucial business records and documents, along with guidelines for their retention.

• Disaster Notification/Communications –

  The Public Relations and Communications Coordinator will inform Foundation personnel about plan activation and event status through the listed means.

• Personnel & Board Contact Information –

  A chart of all the Personnel and Board contact information, including emergency contact information.

• Building Evacuation –

  The decision to evacuate the building will be made by the Foundation’s management or the Incident Commander. This is a template of an evacuation procedure.

• Emergency Operations Center –

  During a disaster or emergency, the Incident Response Team will assemble at a designated physical site called the Emergency Operations Center (EOC). From this hub, the IRT will oversee the recovery process. While the primary EOC may be situated on-site, the alternate EOC should be located off-site.

• Business Recovery Locations –

  In the event of a disaster, this lists business functions that are allowed to be performed off-site and at which locations.

• Information Technology/Operations Preparedness –

  Preparation beforehand is the initial stage for effective disaster recovery. Advance planning is especially crucial in streamlining the IT recovery process, making it simpler, smoother, and quicker.

Download .PDF template

Evolve IP

Created by: Evolve IP
Pages: 17

Whether you’re overseeing your DR plan internally or delegating it to a managed service provider, the document should encompass comprehensive, precise, and current information regarding your organization’s IT operations. The DR Plan should present this data in a lucid and organized manner, readily understandable and – crucially – actionable during an emergency. Your employees or service provider should be able to follow the document and respond swiftly to ensure availability is restored according to the company’s established service level agreements.

Main sections:

• Emergency Contact Form – A template of all the individuals in the organization that might be required during a disaster and their contact information.
• External Contacts – A template of all the individuals outside of the organization that might be required during a disaster and their contact information.
• Notification Network – A template of an organization chart, or contact tree, of who needs to be notified.
• DR Teams & Responsibilities – During a disaster, various teams will be called upon to aid the IT department in their endeavors to reinstate regular functionality for the organizations employees. They are:
  • DR Lead
  • Disaster Management Team
  • Network Team
  • Server Team
  • Applications Team
• Data & Backups – This section delineates the locations of all the organization’s data and specifies where backups are stored. Utilize this information to identify and recover data in the event of a disaster.
• Restoring IT Functionality – In the event of an actual disaster requiring the organization to activate this plan, this section will serve as a frequent reference point, as it contains all the information detailing the process for recovering the organizaitons information system.
• IT Systems – A list of all the IT systems in the organization and the components that need to be brought back online after a disaster.
• Network Equipment – A list of all the Network equipment (routers, switches, load balancers, VPN devices, firewalls, servers, etc).
• Severity One System – This section is to prioritize each system’s components based on severity, providing the necessary information for bringing each system back online.
• Plan Testing & Maintenance – This section lays out the steps for regularly testing the plan and maintaining the plan to ensure its effectiveness.
• Recovery Completion Form – Form for when the process is complete. This is the responsibility of the DR Lead.

Go to template

Micro Focus

Created by: Micro Focus
Pages: 36

• Objectives –

  The primary goal of the disaster recovery program is to create, validate, and document a meticulously designed and readily comprehensible plan. This plan aims to assist the company in swiftly and efficiently recovering from unexpected disasters or emergencies that disrupt information systems and business operations.

• Key Personnel Contact Info –

  Templates for key organizational contacts and information, key external contacts and information, as well as corresponding notification calling trees.

• Plan Overview –

  Covers plan updating, plan documentation storage, backup strategy, and risk management.

• Emergency –

  Covers alert, escalation and plan invocation, plan triggering events, assembly points, activation of emergency response team, disaster recovery team, emergency alert, escalation, and DRP activation, emergency alert, DR procedures for management, contact with employees, backup staff, recorded messages/updates, alternate recovery facilities/hot site, personnel and family notification,

• Media –

  Covers media contact, media strategies, list of media team, and rules for dealing with media.

• Insurance –

  As components of the company’s disaster recovery and business continuity strategies, several insurance policies will have been implemented. These often encompass errors and omissions insurance, directors & officers liability insurance, general liability insurance, and business interruption insurance. This will be a list of insurance policies, coverage, contact details, etc.

• Financial and Legal Issues –

  Covers financial assessment, financial requirements, legal actions, and DRP exercising.

• Technology Disaster Recovery Plan –

  As components of the company’s disaster recovery and business continuity strategies, several insurance policies have been implemented. These encompass errors and omissions insurance, directors & officers liability insurance, general liability insurance, and business interruption insurance.

• Suggested Forms

Download .PDF template

Things You Must Include in Your Disaster Recovery Plan Checklist

1. Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

A disaster recovery plan must make it clear what are your organization’s:

• RTO—the maximal time your organization can tolerate for recovering normal operations in case of a disaster (for example, recovery within 30 minutes, 2 hours, 12 hours)
• RPO—the maximal amount of data your organization can afford to lose (for example, an hour of data, 3 hours of data, one day of data)

2. Hardware and Software Inventory

For a plan to be effective, you must have a comprehensive, up-to-date inventory of your IT assets. Categorize them into the following categories:

• Critical—assets without which your business cannot operate
• Important—applications that are used at least once per day and can disrupt normal operations
• Unimportant—applications that are used less frequently than once per day

Ensure that your disaster recovery plan addresses all critical assets, and as many as possible of the important and unimportant assets, in that order.

3. Identify Personnel Roles

The plan should define who in the organization is responsible for disaster recovery processes, with their names and contact details. Critical responsibilities include:

• Ongoing backups and maintenance of business continuity systems
• Responsibility for declaring a disaster
• Responsibility for contacting third-party vendors
• Responsibility for reporting to management and liaising with customers, press, etc.
• Responsibility for managing the crisis and recovering from it

4. List of Disaster Recovery Sites

A disaster recovery plan must specify where the company’s assets are located, and where each group of assets will be moved if a disaster occurs. There are three types of sites:

• Hot sites—a fully functional data center with IT equipment, personnel and up to date customer data.
• Warm sites—a functional data center that allows access to critical systems only, without up-to-date customer data
• Cold sites—used to store backups of systems or data, but without the ability to immediately run operational systems

5. Remote Storage of Physical Documents and Storage Media

Most organizations have a large quantity of physical documents and/or storage media like DVDs, external hard drives or backup tapes, which must be protected in case of a disaster. Unexpected loss of this data can be detrimental to the business or result in compliance violations. Therefore, copies of all critical documents must be stored in a remote location.

6. Disaster Response Procedures

A key element of a disaster recovery plan is a documented procedure for responding to a catastrophic event. The first few hours of an event are critical, and staff should know exactly what to do to minimize damage to organizational systems, and recover systems to resume normal operations.

A DR procedure should include clear action steps, in simple and unambiguous language, including how to fail over to the disaster recovery site and ensure that recovery is successful.

Related content: Read our guide to disaster recovery policy

7. Identify Sensitive Data

All organizations maintain sensitive data, which may also be subject to compliance requirements, such as Personally Identifiable Information (PII), credit cardholder data, or other valuable data like intellectual property (IP).

A disaster recovery plan must identify how this sensitive data is securely backed, and who should have access to the original copy and the backups, both during normal operations and in the event of a disaster.

8. Define a Communication Plan for Disaster Events

When disaster strikes, a company must have a clear plan for delivering essential information to affected parties, including:

• Management
• Employees
• Vendors and suppliers
• Customers
• Compliance authorities
• The media

The communication plan should include elements like public relations (PR), communication on the company websites, and social media. When there is a clear channel of communication with stakeholders about an event, customers and other stakeholders will feel reassured and will be more likely to continue their relationship with the company.

9. Physical Facility Needs

In case of a physical disaster like a flood or earthquake, there will be a need to restore physical facilities. The disaster recovery plan should specify what is the minimal facility that will enable the company to restore normal operations—including office space, location, furniture needed, computing and IT equipment.

10. Run Disaster Recovery Drills

Disaster recovery plans might look great on paper, but fail when they are needed most. To avoid this from happening, run a drill and test your plan in a realistic scenario. Learn the lessons from the drill and update the plan to make it clearer and more effective for all parties involved. Disaster recovery plans must be updated at least once per year.

Protecting Data Effortlessly with Cloudian

If you need to backup data to on-premises storage, Cloudian offers low-cost disk-based storage with capacity up to 1.5 Petabytes. You can also set up Cloudian in a remote site and save data directly to the remote site using our integrated data management tools.

Alternatively, you can use a hybrid cloud setup. Backup data to a local Cloudian appliance, and configure it to replicate all data to the cloud. This allows you to access data locally for quick recovery, while keeping a copy of data on the cloud in case a disaster affects the on-premise data center.

Learn more about Cloudian’s data protection solution.