Back to Basics: Writing a Disaster Recovery Plan

Disaster Recovery is the process or procedures that take place AFTER your business has experienced a technology based problem or other major business interruption. It describes the steps to take to recovery from a disruption in the business due to a disastrous event or technology failure. Disaster Recovery’s goal is restoring your systems and data to the most recent state before the disaster incident occurred.  With Disaster Recovery, in contrast to backups, you do not care about going back in time 30 or 60 or 90 days, you just need to recover the last known and good operational state.  Backups are a part of that process.

Business Continuity is the uninterrupted continuation of business. Your business needs a Disaster Recovery Plan to assure Business Continuity.

What should I include in my Disaster Recovery Plan?

In addition to addressing technology, a comprehensive Disaster Recovery Plan should also address non-technology issues, such as legal or human resource business disruptions. You need to prepare for all types of disasters.  Your Disaster Recovery Plan must answer the Who, What, Where, When, and How questions to get your business operational again.


Who is responsible for carrying out the plan? Disaster recovery roles should be planned and practiced before a disaster strikes. For example, a technology outage may require a communication plan to inform staff, as well as clients. Responsibilities should be assigned to teams to avoid a single point of failure.  Staff roles and responsibilities should be recorded and communicated to all staff. The disaster team might include the following teams /roles:

  • Firm Leadership
  • Communication
  • HR
  • IT Recovery
  • Public Relations / Client Relations / Internal and External
  • Facilities and Corporate Services
  • Damage Assessment
  • Financial Recovery / Insurance
  • Legal / Risk Management
  • Projects / Project Liability
  • Operations
  • Client
  • Crisis Coordinator
  • Crisis Management team
  • Security / Employee Safety


What are the types of disasters? They are not all technology. What steps do I take in case of a disaster?

  • Technology
  • Human Resources
  • High Profile Attrition
  • Legal
  • Workplace Violence / Terrorism
  • Physical (office is damaged or unavailable)
  • Transportation (weather – no one can get to office)
  • Public Relations
  • Firm Health / Financial / Bankruptcy
  • Project Related (job site accident / building collapse)
  • Reputation (Public perception)

There are also degrees of disasters.

  • Level 1 – 4 depending on duration and severity


Depending on the type of disaster, you may need to work offsite for a period of time. What if your office is flooded or there is a fire in another part of the building and access to your office is restricted or denied for safety reasons? Factors outside your control might cause you to have a problem even though your systems are not directly affected.  Do you have a DR site chosen?  How fast can it be ready for use?


Your plan should identify a timeline and set recovery goals. It is not enough to know what to do, you should also set the timing and sequence of events in your plan. Part of an effective Disaster Recovery Plan is a recovery timeline. How long will it take to get your business back in business? You need to know.


When developing your plan, understand the options to keep your business safe.

  • Backup and Recovery – Backup can take many forms; tape, disk, optical or online (cloud).
  • Cold Disaster Recovery Site – This is a recovery site that is prepared after a disaster has occurred.
  • Warm Disaster Recovery Site – A combination of a Cold and Hot Disaster Recovery Sites
  • Hot Disaster Recovery Site – This is a recovery site that is prepared before a disaster has occurred and is on standby in case of a disaster.
  • Business Interruption Insurance – Insurance is available to protect your business in the event of a technology disaster.
  • Data Archiving – What should you do with old backups? Legally, how long do you need to keep data?

You need a PRINTED Disaster Recovery Plan – Your plan should be in hardcopy form so it can be accessed with no electricity or network and it should be stored OFFSITE in case the office is inaccessible.

Get your Disaster Recovery Plan in order and sleep easier at night…

CONTACT US if you need help creating your plan.

3 replies
  1. Ivan Cordero Torres
    Ivan Cordero Torres says:

    A very informative article. Thanks for sharing. After a 30 year career in IT, it always amazes me how most businesses choose to ignore the need for a robust recovery strategy. I would add that DRP needs to point to the Disaster Recovery Scripts. In the simplest of terms, the IT Disaster Recovery Script includes the step-by-step technical procedure that is used to recover the IT resource affected by a disaster.

    Ivan Cordero Torres

  2. HIPAA Privacy Training
    HIPAA Privacy Training says:

    This is a wonderful article on the topics. Please keep posting more on this topic. Your business has experienced a technology based problem or other major business interruption. Thanks for sharing such an interesting post with us.


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *