Step-by-Step Guide to Creating a Disaster Recovery Plan

At a time when less-than-great news has become the norm, it’s hard to act surprised when a crisis looms. Although we continue to hope for the best, we’ve all come to expect the worst. That’s why having a disaster recovery plan ready to roll is crucial.

A comprehensive recovery plan will minimize the effect of a natural disaster on business continuity, compliance, and data loss. A good plan also helps speed up recovery from cyberattacks, such as those recently hitting Ticketmaster, AT&T, and Dell.

If your organization’s disaster recovery plan is outdated, insufficient, or worse, nonexistent, let these events motivate you to review, revise, or create a disaster recovery strategy now, before you need it. 

So, what is a disaster recovery plan, and what should it include?

Here are eight steps to create a disaster recovery plan that will help prevent data loss, facilitate business continuity, and ensure your sensitive data and SLAs remain compliant.

Step 1: Create a Disaster Response Team and Document Responsibilities

During a crisis, your disaster response team will spearhead recovery efforts and disseminate information to employees, customers, and stakeholders. 

Assign each team member specific response tasks and document them so everyone knows who oversees what. You will also need backup staff for key team members if a designated lead isn’t available during a crisis.

Step 2: Set Clear RTOs and RPOs

One of the most crucial components of a data disaster recovery plan is establishing your recovery time objective (RTO) and recovery point objective (RPO).

RTO is the length of time an application can be down before your business is negatively impacted. RTO varies widely among applications because some can be down for only a few seconds before the business, customers, or users are affected. In contrast, others can be down for hours, days, or weeks. 

RTOs are calculated based on the application’s importance:

• RTO near zero: Mission-critical applications that must failover 
• RTO of four hours: Less critical, so there is time for on-site recovery from bare metal
• RTO of eight or more hours: Nonessential applications that can be down indefinitely

Your recovery point objective (RPO) is the most data that can be lost before your business is significantly harmed. This IT disaster recovery plan component dictates how frequently you’ll need to back up your data.  

The amount you are willing to spend to back up a particular application also comes into play because as you work to control IT costs:

• RPO of near zero: Use continuous replication (mission-critical data). This requirement will require effective business continuity solutions that virtually eliminate downtime.
• RPO of four hours: Use scheduled snapshot replication
• RPO of 8-24 hours: Use existing backup solution (data that can potentially be recreated from other repositories)

Step 3: Make a Blueprint of Your Network Infrastructure

Creating detailed documentation of your network infrastructure will make it much easier to rebuild the system after a disaster, especially if a cyberattack corrupted the network. 

Different system components have different levels of importance to business continuity, so be sure to indicate the priority of each service as mission-critical, essential, or nonessential so they can be restored in the appropriate order. Don’t forget to include system dependencies in your blueprint because they may impact how you prioritize recovery.

Step 4: Select a Disaster Recovery Solution

Storage capacity, recovery timeline, and configuration complexity will affect the cost of a disaster recovery solution. In many cases, you are choosing between a solution that offers quick recovery times but may lose days of data and a solution that maintains system availability but kills you with high complexity and costs.

Look for a disaster recovery solution like Arcserve Unified Data Protection (UDP), which affordably protects your systems and applications from data loss. Arcserve also minimizes complexity by making it easy to manage backup, disaster recove and restore service-level agreements.

Step 5: Create a Checklist of Criteria for Initiating the Disaster Response Plan

Only some incidents warrant a full-fledged deployment of your disaster response plan. Creating a checklist of criteria to identify what constitutes a disaster helps your recovery team know when it’s time to jump into action without wasting resources or money by overreacting to a minor threat.

For example, a temporary power outage and a direct hit from a category four hurricane require very different responses.

Step 6: Document the Disaster Recovery Process

To ensure data and operations are restored quickly after a disaster, create step-by-step instructions in plain language so your team can start the disaster recovery effort as soon as it’s safe. 

Store a copy of the disaster recovery plan away from the network or in immutable storage to protect it from corruption during a ransomware attack or physical loss from a natural disaster.

Step 7: Test Your Disaster Recovery Plan

Test your disaster recovery plan regularly to ensure it will work when needed. Run a partial recovery test twice a year and a full recovery simulation annually.

It also doesn’t hurt to periodically spring surprise drills on the company so you can accurately assess how well the processes will work in a real emergency. 

Step 8: Review and Update Your Business Continuity and Disaster Recovery Plans Regularly

Your business disaster recovery plan is only part of your overall business continuity strategy. Regular reviews and updates must be made to reflect organizational changes and how they impact the recovery process. To learn more about business continuity planning, check out our post, 6 Steps for Developing a Business Continuity Plan.

Get Expert Assistance

Arcserve technology partners have the experience, expertise, and solutions to help you create and maintain an effective disaster recovery plan and ensure your organization can survive any disaster. 

Find an Arcserve technology partner.