How to build a disaster recovery plan
A Disaster recovery plan process involves more than simply
writing the document. Before writing the DRP, risk analysis and business impact
analysis can help determine where to focus resources in the disaster recovery
planning process. The Business Impact
Analysis (BIA) identifies the impacts of disruptive events and is the
starting point for identifying risk within the context of disaster recovery.
It also generates the Recovery
Time Objective (RTO) and Recovery
Point Objective (RPO). The Risk
Analysis (RA) identifies threats and vulnerabilities that could disrupt the
operation of systems and processes highlighted in the Business Impact Analysis (BIA). The Risk Analysis (RA) assesses the likelihood of a disruptive event
and outlines its potential severity.
A Disaster Recovery
Plan (DRP) checklist should include the following steps:
· Establishing the range or extent of
necessary treatment and activity- the scope of recovery
· Gathering relevant network
infrastructure documents
· Identifying the most serious threats
and vulnerabilities, and the most critical assets.
· Reviewing the history of unplanned
incidents and outages, and how they were handled.
· Identifying the current disaster
recovery strategies, identifying the incident response team
· Having management review and approve
the DRP, testing the plan, updating the plan, and implementing a DRP audit.
Disaster Recovery Plan
Template
The Disaster
Recovery Plan should define the roles and responsibilities of disaster recovery
team members and outline the criteria to launch the plan into action. The plan
should specify the incident response and recovery activities.
Important elements of a disaster
recovery plan template include:
· A statement of intent and disaster recovery
policy statement
· Plan goals
· Authentication tools, such as
passwords
· Geographical risks and factors
· Tips for dealing with media
· Financial and legal information and
action steps and
· Plan history.
Incident management plan vs. disaster
recovery plan
An incident management plan (IMP) should
also be incorporated into the disaster
recovery plan; together, the two create a comprehensive data protection
strategy. The goal of both plans is to minimize the impact of an unexpected
incident, recover from it and return the organization to its normal production
levels as quickly as possible. However, incident management plans and disaster
recovery plans are not the same.
The major
difference between an incident
management plan and a DRP is
their primary objectives. An incident management plan focuses on protecting
sensitive data during an event and defines the scope of actions to be taken
during the incident, including the specific roles and responsibilities of the
incident response team. In contrast, a DRP focuses on defining the recovery
objectives and the steps that must be taken to bring the organization back to
an operational state after an incident occurs.
NOTE: One of our Disaster recovery plan as
a company (teapotNG) is that we have
reduced our risk by reducing our funding for now and value our assets by
focusing more on our in-house projects.