Site icon Cloudian

Disaster Recovery Plan Examples and Essential Elements for Your Plan

jincounterintuity

What Is a Disaster Recovery Plan?

A disaster recovery plan defines instructions that standardize how a particular organization responds to disruptive events, such as cyber attacks, natural disasters, and power outages. A disruptive event may result in loss of brand authority, loss of customer trust, or financial loss.

The plan is a formal document that specifies how to minimize the effects of disaster scenarios, and help the organization minimize damage and restore operations quickly. To ensure effectiveness, organize your plan by the location and the type of disaster, and provide simple step by step instructions that stakeholders can easily implement.

Disaster recovery plan examples can be very useful when developing your own disaster recovery plan. We collected several examples of plans created by leading organizations, and a checklist of items that are essential to include in your new plan.

In this article:

 

This article is part of a series on Disaster Recovery.

Disaster Recovery Plan Examples

Each of these examples is also a template you can use to develop a disaster recovery plan for your organization.

For more background on how to build a plan from scratch, read our guide to disaster recovery plans and disaster recovery solutions.

IBM’s Disaster Recovery Plan

Created by: IBM
Pages: 13

The aim of a disaster recovery plan is to guarantee prompt response to any disaster or emergency impacting information systems, while mitigating its impact on business operations. Once you’ve compiled the information outlined in this topic collection, securely store your document in an off-site location that’s both safe and accessible.

Main sections:

  • Major goals of a disaster recovery plan – Details the major goals of a disaster recovery plan.
  • Personnel – Use the tables in this topic to record your data processing personnel. You can include a copy of the organization chart with your plan.
  • Application profile – Use the Display Software Resources (DSPSFWRSC) command to complete the table in this topic.
  • Inventory profile – Use the Work with Hardware Products (WRKHDWPRD) command to complete the table in this topic.
  • Information services backup procedures – Use these procedures for information services backup.
  • Disaster recovery procedures – For any disaster recovery plan, these three elements should be addressed.
  • Recovery plan for mobile site – This topic provides information about how to plan your recovery task at a mobile site.
  • Recovery plan for hot site – An alternate hot site plan should provide for an alternative (backup) site. The alternate site has a backup system for temporary use while the home site is being reestablished.
  • Restoring the entire system – Learn how to restore the entire system.
  • Rebuilding process – Assess damage and begin the reconstruction of a new data center.
  • Testing the disaster recovery plan – In successful contingency planning, it is important to test and evaluate the plan regularly.

Go to template

The Council on Foundations

Created by: The Council on Foundations
Pages: 59

Community foundations have established themselves as vital pillars of community support, particularly during times of crisis and disaster. In the event of emergencies or disasters, it’s essential for the Foundation to be thoroughly prepared to swiftly and efficiently assist itself, enabling it to extend aid to others effectively.

Main sections:

  • Risks and Event Scenarios –

    Disasters are occurrences that surpass the response capacities of a community and/or its existing organizations. Risks to be taken into account encompass those stemming from natural hazards, neighboring entities, built environments, political or social unrest, as well as risks associated with IT and data security.

  • Plan Activation –

    The Foundation CEO, an appointed representative, or their successor, may initiate this Plan when it becomes essential to oversee and organize a response to a disaster. The decision to activate it will be reached through consultation with members of the Incident Response Team.

  • Responsibility and Delegation of Authority –

    The individuals listed below will assume responsibility for the designated tasks. A checklist for each person is included.

  • Incident Response Team (IRT) –

    A template of the individuals on the response team and their contact info.

  • Incident Response Team Roles & Responsibilities –

    The detailed list of the response team individuals and their responsibilities.

  • Business Impact Analysis –

    A Business Impact Analysis is conducted to identify the tasks and functions crucial for the Foundation to remain operational.

  • Recovery Activity Summary and Needs Assessment –

    A chart that delineates the vital operational procedures for each departmental function.

  • Vital Records –

    Each Foundation should uphold a separate document retention policy, outlining all crucial business records and documents, along with guidelines for their retention.

  • Disaster Notification/Communications –

    The Public Relations and Communications Coordinator will inform Foundation personnel about plan activation and event status through the listed means.

  • Personnel & Board Contact Information –

    A chart of all the Personnel and Board contact information, including emergency contact information.

  • Building Evacuation –

    The decision to evacuate the building will be made by the Foundation’s management or the Incident Commander. This is a template of an evacuation procedure.

  • Emergency Operations Center –

    During a disaster or emergency, the Incident Response Team will assemble at a designated physical site called the Emergency Operations Center (EOC). From this hub, the IRT will oversee the recovery process. While the primary EOC may be situated on-site, the alternate EOC should be located off-site.

  • Business Recovery Locations –

    In the event of a disaster, this lists business functions that are allowed to be performed off-site and at which locations.

  • Information Technology/Operations Preparedness –

    Preparation beforehand is the initial stage for effective disaster recovery. Advance planning is especially crucial in streamlining the IT recovery process, making it simpler, smoother, and quicker.

Download .PDF template

Evolve IP

Created by: Evolve IP
Pages: 17

Whether you’re overseeing your DR plan internally or delegating it to a managed service provider, the document should encompass comprehensive, precise, and current information regarding your organization’s IT operations. The DR Plan should present this data in a lucid and organized manner, readily understandable and – crucially – actionable during an emergency. Your employees or service provider should be able to follow the document and respond swiftly to ensure availability is restored according to the company’s established service level agreements.

Main sections:

  • Emergency Contact Form – A template of all the individuals in the organization that might be required during a disaster and their contact information.
  • External Contacts – A template of all the individuals outside of the organization that might be required during a disaster and their contact information.
  • Notification Network – A template of an organization chart, or contact tree, of who needs to be notified.
  • DR Teams & Responsibilities – During a disaster, various teams will be called upon to aid the IT department in their endeavors to reinstate regular functionality for the organizations employees. They are:
    • DR Lead
    • Disaster Management Team
    • Network Team
    • Server Team
    • Applications Team
  • Data & Backups – This section delineates the locations of all the organization’s data and specifies where backups are stored. Utilize this information to identify and recover data in the event of a disaster.
  • Restoring IT Functionality – In the event of an actual disaster requiring the organization to activate this plan, this section will serve as a frequent reference point, as it contains all the information detailing the process for recovering the organizaitons information system.
  • IT Systems – A list of all the IT systems in the organization and the components that need to be brought back online after a disaster.
  • Network Equipment – A list of all the Network equipment (routers, switches, load balancers, VPN devices, firewalls, servers, etc).
  • Severity One System – This section is to prioritize each system’s components based on severity, providing the necessary information for bringing each system back online.
  • Plan Testing & Maintenance – This section lays out the steps for regularly testing the plan and maintaining the plan to ensure its effectiveness.
  • Recovery Completion Form – Form for when the process is complete. This is the responsibility of the DR Lead.

Go to template

Micro Focus

Created by: Micro Focus
Pages: 36

When disaster strikes, businesses face significant challenges. One key aim of business planning is to minimize the impact on product and service delivery when such disruptions occur. Ensuring business continuity is paramount in these circumstances. An IT disaster recovery plan serves as a cornerstone of the broader business continuity strategy. The ultimate goal of business continuity is to maintain a baseline level of service while working towards restoring normal operations. Failure to implement a disaster recovery plan puts the company at risk of losing customers to competitors, jeopardizing funding, and potentially having the necessity of its products or services questioned and deemed unnecessary.

Main sections:

  • Objectives –

    The primary goal of the disaster recovery program is to create, validate, and document a meticulously designed and readily comprehensible plan. This plan aims to assist the company in swiftly and efficiently recovering from unexpected disasters or emergencies that disrupt information systems and business operations.

  • Key Personnel Contact Info –

    Templates for key organizational contacts and information, key external contacts and information, as well as corresponding notification calling trees.

  • Plan Overview –

    Covers plan updating, plan documentation storage, backup strategy, and risk management.

  • Emergency –

    Covers alert, escalation and plan invocation, plan triggering events, assembly points, activation of emergency response team, disaster recovery team, emergency alert, escalation, and DRP activation, emergency alert, DR procedures for management, contact with employees, backup staff, recorded messages/updates, alternate recovery facilities/hot site, personnel and family notification,

  • Media –

    Covers media contact, media strategies, list of media team, and rules for dealing with media.

  • Insurance –

    As components of the company’s disaster recovery and business continuity strategies, several insurance policies will have been implemented. These often encompass errors and omissions insurance, directors & officers liability insurance, general liability insurance, and business interruption insurance. This will be a list of insurance policies, coverage, contact details, etc.

  • Financial and Legal Issues –

    Covers financial assessment, financial requirements, legal actions, and DRP exercising.

  • Technology Disaster Recovery Plan –

    As components of the company’s disaster recovery and business continuity strategies, several insurance policies have been implemented. These encompass errors and omissions insurance, directors & officers liability insurance, general liability insurance, and business interruption insurance.

  • Suggested Forms

Download .PDF template

Things You Must Include in Your Disaster Recovery Plan Checklist

Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

A disaster recovery plan must make it clear what are your organization’s:

  • RTO—the maximal time your organization can tolerate for recovering normal operations in case of a disaster (for example, recovery within 30 minutes, 2 hours, 12 hours)
  • RPO—the maximal amount of data your organization can afford to lose (for example, an hour of data, 3 hours of data, one day of data)

Hardware and Software Inventory

For a plan to be effective, you must have a comprehensive, up-to-date inventory of your IT assets. Categorize them into the following categories:

  • Critical—assets without which your business cannot operate
  • Important—applications that are used at least once per day and can disrupt normal operations
  • Unimportant—applications that are used less frequently than once per day

Ensure that your disaster recovery plan addresses all critical assets, and as many as possible of the important and unimportant assets, in that order.

Identify Personnel Roles

The plan should define who in the organization is responsible for disaster recovery processes, with their names and contact details. Critical responsibilities include:

  • Ongoing backups and maintenance of business continuity systems
  • Responsibility for declaring a disaster
  • Responsibility for contacting third-party vendors
  • Responsibility for reporting to management and liaising with customers, press, etc.
  • Responsibility for managing the crisis and recovering from it

List of Disaster Recovery Sites

A disaster recovery plan must specify where the company’s assets are located, and where each group of assets will be moved if a disaster occurs. There are three types of sites:

  • Hot sites—a fully functional data center with IT equipment, personnel and up to date customer data.
  • Warm sites—a functional data center that allows access to critical systems only, without up-to-date customer data
  • Cold sites—used to store backups of systems or data, but without the ability to immediately run operational systems

Remote Storage of Physical Documents and Storage Media

Most organizations have a large quantity of physical documents and/or storage media like DVDs, external hard drives or backup tapes, which must be protected in case of a disaster. Unexpected loss of this data can be detrimental to the business or result in compliance violations. Therefore, copies of all critical documents must be stored in a remote location.

Disaster Response Procedures

A key element of a disaster recovery plan is a documented procedure for responding to a catastrophic event. The first few hours of an event are critical, and staff should know exactly what to do to minimize damage to organizational systems, and recover systems to resume normal operations.

A DR procedure should include clear action steps, in simple and unambiguous language, including how to fail over to the disaster recovery site and ensure that recovery is successful.

Related content: Read our guide to disaster recovery policy

Identify Sensitive Data

All organizations maintain sensitive data, which may also be subject to compliance requirements, such as Personally Identifiable Information (PII), credit cardholder data, or other valuable data like intellectual property (IP).

A disaster recovery plan must identify how this sensitive data is securely backed, and who should have access to the original copy and the backups, both during normal operations and in the event of a disaster.

Define a Communication Plan for Disaster Events

When disaster strikes, a company must have a clear plan for delivering essential information to affected parties, including:

  • Management
  • Employees
  • Vendors and suppliers
  • Customers
  • Compliance authorities
  • The media

The communication plan should include elements like public relations (PR), communication on the company websites, and social media. When there is a clear channel of communication with stakeholders about an event, customers and other stakeholders will feel reassured and will be more likely to continue their relationship with the company.

Physical Facility Needs

In case of a physical disaster like a flood or earthquake, there will be a need to restore physical facilities. The disaster recovery plan should specify what is the minimal facility that will enable the company to restore normal operations—including office space, location, furniture needed, computing and IT equipment.

Run Disaster Recovery Drills

Disaster recovery plans might look great on paper, but fail when they are needed most. To avoid this from happening, run a drill and test your plan in a realistic scenario. Learn the lessons from the drill and update the plan to make it clearer and more effective for all parties involved. Disaster recovery plans must be updated at least once per year.

Protecting Data Effortlessly with Cloudian

If you need to backup data to on-premises storage, Cloudian offers low-cost disk-based storage with capacity up to 1.5 Petabytes. You can also set up Cloudian in a remote site and save data directly to the remote site using our integrated data management tools.

Alternatively, you can use a hybrid cloud setup. Backup data to a local Cloudian appliance, and configure it to replicate all data to the cloud. This allows you to access data locally for quick recovery, while keeping a copy of data on the cloud in case a disaster affects the on-premise data center.

Learn more about Cloudian’s data protection solution.

Exit mobile version