how to write a disaster recovery plan
DESCRIPTION
DR PlanTRANSCRIPT
-
To print to A4, print at 75%.
PLAN
How to write a
DISASTERRECOVERY
-
P2
SUM
MA
RY
SUMMARY
WHY YOU SHOULD READ THIS GUIDE
Disasters can strike at any time with
devastating results. Companies must
take the proper steps to prepare for the
worst in order to minimise damages. The
best way to do this is to prepare a written
and verbal Disaster Recovery Plan (DRP).
This guide will help you write your formal
DRP. This is a critical step in preparing for
disaster, improving employee response,
reducing downtime, and quickly
returning to normalcy.
WELL-DOCUMENTED PLANS ARE
CRUCIAL FOR EFFECTIVE DISASTER
RESPONSE
DRPs can significantly reduce
downtime and losses. To be effective,
they must be carefully documented so
responders have a usable reference
that they can utilise to make decisions
quickly.
START BY OUTLINING GOALS
The first step in creating any effective
plan is to outline goals. Make a
prioritised list of what the plan should
accomplish. Some ideas to start with
could be:
Employee safety
Equipment safety
Minimising downtime
Cutting unnecessary overhead
REVIEW THE CURRENT SITUATION
Many companies have an informal
DRP in place before they create their
TABLE OF CONTENTS
SUMMARY
WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER 01
PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN CHAPTER 02
WRITING A DISASTER RECOVERY PLAN CHAPTER 03
NEED HELP PROTECTING YOUR BUSINESS FROM DISASTER? CHAPTER 04
ABOUT THE AUTHOR
Volker Rath is a hosting and cloud expert at Macquarie Telecom. In this primarily
customer-facing role, he analyses the market and customer needs, provides
feedback to the product teams, and influences the hosting and cloud strategies of
Australias leading business hosting and telecommunications provider.
01
02
03
04
-
DEVELOP YOUR STRATEGIES BY USING THIS GUIDE AS A STARTING POINT, THEN DRAFT A CONCISE, CLEAR PLAN THAT YOU CAN TRAIN
EMPLOYEES WITH.
P3
SUM
MA
RY
official plan. Assess what is currently
in place, what can be cut, and what
can be implemented in the final plan.
DEVELOP AND WRITE YOUR PLAN
After you have assessed the situation
and outlined your goals, you are ready
to create a DRP that can effectively
minimise the negative effects of a
disaster. Develop your strategies by
using this guide as a starting point,
then draft a concise, clear plan that
you can train employees with.
REVIEW YOUR PLAN
After the plan has been created, it is
critical that it be reviewed at regular
intervals. This helps accommodate
for changing technologies and
environments and ensures that the
plan continues to be as effective as it
was on the day it was created.
01
02
03
04
-
P4
WH
AT IS
A D
RP A
ND
HO
W C
AN
IT H
ELP
MY
COM
PAN
Y?
CHAPTER 01
WHAT IS A DRPAND HOW CAN ITHELP MY COMPANY?
A Disaster Recovery Plan (DRP)
is a set of guidelines for disaster
response. Its goal is to restore IT
operations and help your company
recover from a disaster as quickly
as possible. Effective DRPs will
significantly reduce losses from
damaged equipment and downtime.
Although the two are commonly
confused, a DRP differs from a
Business Continuity Plan (BCP). A
DRP focuses only on returning IT
infrastructure to normalcy, whereas
a BCP deals with all business
operations.
DRPS HELP MINIMISE THE EFFECTS OF DISASTER
DRPs have many benefits including
reduced financial losses, decreased
downtime, and improved employee
morale. They allow systems to be
protected, operations to resume
quickly, and staff to respond promptly
and effectively after an incident.
A DRP can:
Prevent the loss of critical data -
One of the important considerations
when planning for a disaster is
data protection. Companies that
store sensitive or mission critical
data need to ensure that a plan
is in place to back up, restore
and protect data in the event of a
disaster.
Resume operations quickly -
Catastrophes can lead to extended
and costly downtime. The average
hourly cost of downtime ranges
from $84,000 to $108,000. Between
lost revenue, reduced customer
satisfaction, and lost man hours,
downtime can have a major financial
impact on an organisation. Creating a
plan for faster response can greatly
reduce the length of downtime in the
event of a disaster [1].
Protect valuable assets - An
organisations IT infrastructure can be
worth hundreds of thousands, if not
millions of dollars[2]. Protecting these
assets from fire, flood, and other
disasters should be one of the primary
goals of your plan.
Reduce risk of employee injury -
A companys most valuable
asset is its employees. A DRP
can help ensure your employees
are protected by providing clear
directives and precautions that
minimise danger.
Prevent damage to company image -
When customers cannot access your
website and services, they often move
on to your competitors. Fifty percent
of companies say that IT outages
damage their reputation, leading to
future loss of business[3].
You can minimise the negative
effects of disaster by empowering
your employees with this invaluable
disaster response tool. The next
section will detail how you can start
the process of writing your DRP.
01
02
03
04
-
P5
PREP
ARI
NG
TO
WRI
TE Y
OU
R D
ISA
STER
REC
OVE
RY P
LAN
CHAPTER 02
PREPARING TO WRITE YOURDISASTER RECOVERY PLAN
Before starting the DRP writing
process, it is important to undergo
the proper research. This will
provide information on where the
company is vulnerable and what you
need to include in the plan.
IDENTIFY POTENTIAL THREATS
The first step in the preparation
process should be to create a list of
likely threats your company might
face. These include:
Fire - This is particularly likely in
urban areas or dry, high heat areas.
Flood - Floods can be extremely
destructive in coastal areas. They
damage equipment and can cause
power outages.
Riot - Although uncommon, riots
can be prevalent in unstable
regions.
Tropical Monsoon - In susceptible
areas, tropical monsoons can be
extremely devastating, causing
infrastructure and structural
damages. They are often
accompanied by flooding.
Security compromise - In some
cases, security compromises can
be so extreme that they can be
considered as a disaster. They
can lead to loss of data, systems
damage and downtime, just as a
physical disaster can.
DECIDE WHAT THE PLAN SHOULD
ACCOMPLISH
Once potential threats have been
identified, you should identify the
goals of the plan. Make these goals as
concise as possible to ensure that the
plan can easily be measured against
them after a disaster occurs.
ASSESS YOUR CURRENT RESPONSE
List all the current disaster response
and preparedness initiatives currently
in place at your organisation. Then
decide which ones are effective
enough to go into the new DRP and
which ones should be cut. Take this
time to identify areas in which your
company is particularly vulnerable.
If possible, it is useful to access the
effectiveness of current plans during
past disasters as a guideline for this
process.
ASSEMBLE YOUR DISASTER
RECOVERY PLANNING TEAM
Before the plan can be written, the
necessary team members must be
appointed. The team should include
one or more executives responsible
for ensuring the plan is executed
and experts from the IT team who
can advise and help execute the
plan. Make sure that the plan has
top management support so the
initiatives it calls for can be properly
implemented.
01
02
03
04
-
P6
WRI
TIN
G T
HE
DIS
AST
ER R
ECO
VERY
PLA
N
When you have assembled your
team and made all the necessary
preparations, you are ready to start
writing your DRP. Ensure that the
wording is clear, but still detailed
enough, so that employees can act
quickly and effectively. Use bullet
points and lists that can easily be
scanned wherever possible. Also,
it is recommended that graphics be
employed to make the information
clearer.
Emphasise throughout the plan
that the disaster recovery team
should never take any actions that
put themselves or other employees
at risk. The first priority of any
effective DRP is ensuring the safety of
employees.
PART 1: LIST GOALS
Begin the introduction of the plan,
start by listing the goals that were
chosen during the preparation stage.
This will serve as the main directive
of the DRP and help keep personnel
focused on the primary objectives.
In this section, you should also include
the Recovery Point Objective (RPO)
and the Recovery Time Objective
(RTO). The RPO represents the
maximum acceptable data loss, for
example, an RPO of thirty minutes
CHAPTER 03
WRITING A DISASTERRECOVERY PLAN
means that data must be backed
up every thirty minutes. The RTO is
the recovery time goal. This is the
maximum amount of time the disaster
recovery process should take. Setting
these goals will help motivate your
team and provide a reference point by
which the plan can be measured.
PART 2: DEFINE THE DISASTER
This is a critical portion of the plan, as
it will help employees identify when
to declare a disaster and implement
the DRP. If a disaster is defined too
broadly, it could lead to unnecessary
precautions that cost the company
both time and money.
The recommended definition of
a disaster is an event, natural or
manmade, that causes one or more
vital systems to malfunction, causes
the building to become unusable in a
significant way.
Here you should also list the possible
disasters employees are likely to
encounter.
PART 3: DEFINE THE SCOPE OF THE PLAN
This section will help employees
determine whether this is the the correct
plan for their current situation. DRPs
deal with damage to or malfunctions of
IT systems and the buildings in which
they are housed. This could include
servers, temperature control systems,
network or power infrastructures, or any
other system, building, or infrastructure
related to IT.
PART 4: LIST KEY PERSONNEL AND IDENTIFY RESPONSIBILITIES
In this section, you must provide a
list of all personnel that need to be
contacted during a disaster. This list
should include executives who must
be kept informed of the situation,
staff with expertise on the workings
of the system, a designated disaster
recovery leader, a response team and
the person who will be in charge of
running the disaster recovery effort.
Responsibilities of key personnel
should also be clearly noted so that
the correct people can be promptly
contacted.
01
02
03
04
-
P7
WRI
TIN
G T
HE
DIS
AST
ER R
ECO
VERY
PLA
N
Quickly gather the disaster recovery
response team.
Conduct a thorough investigation
of the building and systems to
determine the scope of the damage.
Protect and backup data that has
not already been backed up, if
possible.
Notify clients or customers of
expected downtime.
Take the necessary steps to prevent
further damage to the systems.
NEXT STEPS
Once a disaster has been declared
and the first steps have been taken to
mitigate damage, the team must take
steps to begin to repair the damage
and resume operations. Information
about the backup site, such as location
and procedure instructions, should
be included here. The checklist might
also include steps to accomplish the
following:
Determine if the designated backup
site will be adequate to resume
critical operations.
Move operations to backup site to
minimise downtime, (if necessary).
Co-ordinate transportation to the
backup site (include rental car
instructions, directions, map)
Create time and cost estimates for
return to normalcy.
AFTER THE DISASTER
Once the incident is over, steps must
be taken to resume normalcy. In
some cases, it may be necessary to
continue backup operations long after
the disaster has occurred. In these
situations, companies may have to
make plans for long-term employee
housing, rental of additional space,
and other personel considerations.
Include the following steps in your
plan and adapt as needed:
Assess the current state of systems
and operations.
Notify the insurance company of
damages.
Restore data from backups.
Initiate a plan to repair or replace
damaged systems or equipment.
It is recommended that a table be
created to make finding information
easier.
This section should also include a
notification calling tree that ranks
those who should be alerted first so
that a decision can be made quicker.
This section should be updated at
regular intervals to ensure that it
remains accurate.
PART 5: INVENTORY & SYSTEMS AUDIT
In this section, a list should be made
of critical systems and inventory,
that includes their cost and relative
importance. This provides a checklist
for first responders to assess the
current state of the systems.
Similar to the personnel list, this
section must be updated regularly
to ensure that it is kept current.
PART 6: DISASTER RECOVERY PROCEDURES
This section is where the active
disaster response is laid out. It
is the most important section of
the document, as it will determine
whether the plan is effective at
mitigating the effects of the incident.
Since this section will depend on
the type of disaster being faced, it is
recommended that several scenarios
be outlined to better prepare your
team. Steps in the checklist should be
clear, so that the team can easily keep
track of their progress.
FIRST RESPONSE
The first response to a disaster can
vary widely, depending on the type
of incident. It is recommended that
this section include both a damage
assessment form and a few key
sections to perform the following
tasks:
Inform senior management once a
state of disaster has been declared.
Inform the appropriate authorities
of the situation.
01
02
03
04
-
P8
WRI
TIN
G T
HE
DIS
AST
ER R
ECO
VERY
PLA
N
The availability of disaster
preparedness materials.
Backup site effectiveness.
Transportation to the backup site.
The availability of the disaster
recovery team and management.
PART 9: DRP MAINTENANCE
As systems are updated and
procedures are adjusted, it is very
important that the DRP be kept
current. Include instructions for how
often the plan should be updated,
what events require a full plan
rewrite, and in what situations a
simple addendum can be made.
REVIEWING AND ADOPTING THE DRP
Once the DRP has been written, it
must be reviewed and approved by key
personnel, including top management
and the disaster recovery planning
team. After it has been approved,
it should be made available both
digitally and in print to all relevant
staff. Staff should also be regularly
trained and drilled on the procedures
to ensure that they are well-versed in
the process.
Execute the repair or replacement plan.
Test systems to ensure that they are
functioning as per usual.
If possible, return employees to the
main site.
Notify clients and media of the
systems return to normalcy.
PART 7: EVALUATE DRP EFFECTIVENESS
After the disaster recovery process
is over, it is important to re-evaluate
the plan. Some follow-up questions
to include in the DRP are as follows:
How effective was the DRP in
meeting its goals?
Which goals were met? Which were
not met?
Did the DRP meet its RPO and RTO?
How could the plan be improved to
better meet its goals?
How much did the disaster recovery
process cost in terms of time and
money?
Are there any other ways the
process could be made more
efficient?
PART 8: DRP TESTING PROCEDURES
This is one of the most important
sections in the DRP as it will help
improve the plan and identify
any unforeseen problems. It is
recommended that you include a
range of tests for each system,
including both a basic test of
procedures to be run regularly
and a more comprehensive test
to be carried out when the plan
is first created and less regularly
thereafter. Tests should include
walkthroughs, simulations, full
interruption testing, and parallel
testing.
Some important areas to test include:
Data backup procedures.
System fail-safes.
The ability of the plans to adapt to
unexpected disasters.
01
02
03
04
-
P9
NEE
D H
ELP
PRO
TEC
TIN
G Y
OU
R BU
SIN
ESS
FRO
M D
ISA
STER
?
CHAPTER 04
NEED HELP PROTECTING YOUR BUSINESS FROM DISASTER?
Macquarie Telecoms LAUNCH Disaster
Recovery provides completely
outsourced disaster recovery solutions
at the hypervisor level. LAUNCH has one
of the lowest downtimes of any disaster
recovery service, and it can help your
company mitigate losses and quickly get
up and running again.
WANT TO LEARN MORE ABOUT HOW
LAUNCH AND OUR DATA CENTRE
SERVICES CAN HELP YOUR COMPANY
AVOID AND PREPARE FOR DISASTERS?
Contact Macquarie Telecom on
1800 004 943 or visit
www.macquarietelecom.com
REFERENCES:
[1] Assessing the Financial Impact of Downtime.
Vision Solutions.
http://www.strategiccompanies.com/pdfs/
Assessing%20the%20Financial%20Impact%20
of%20Downtime.pdf
[2] Determining Total Cost of Ownership for Data
Centre and Network Room Infastructure.
http://www.linuxlabs.com/PDF/Data%20
Center%20Cost%20of%20Ownership.pdf
[3] Downtime, Outages, and Failures -
Understanding their True Costs. Evolven.
http://www.evolven.com/blog/downtime-
outages-and-failures-understanding-their-true-
costs.html
LAUNCH HAS ONE OF THE LOWEST DOWNTIMES OF ANY DISASTER RECOVERY
SERVICE, AND IT CAN HELP YOUR COMPANY MITIGATE LOSSES AND QUICKLY GET UP AND
RUNNING AGAIN.
01
02
03
04
-
2014 Macquarie Telecom, All Rights Reserved