A guide to disaster recovery plans and policies

Written by Andy Irvine
IT disasters can be devastating for a business. However, a disaster recovery plan can help your business get back on track and return to normal again.
A guide to disaster recovery plans and policies

 A recovery plan should be put together early on in the business so you’re always ready for if a disaster occurs.


What is Disaster Recovery?

Disaster recovery is a plan that includes the steps you should take when a disaster occurs. This plan is used to protect and allow the continuation of technology and systems. In this case, in an environment where IT assets are involved.


Where do Disasters Occur?

Disasters can occur anytime and anywhere. That’s why your business should always be prepared and ready to face the worst case scenario. With a plan in place, you will know which steps you have to take in order to recover your business and head in the right direction.

There are multiple places where a disaster can occur in your business, these can include:

A Server Crash

What is a server crash?

This occurs when a server, hardware including lots of software programmes, stops functioning and stops displaying data inside the server. This data can include websites, software applications and operating systems.

What causes a server crash?

A server crash can be caused by multiple problems. Common causes can include network problems, configuration faults, systems overload and overheating. This can be prevented by making sure the server room is kept clean as well as making sure heat is able to escape from the back of the server.


Hacking involves an unauthorised invasion into a system or network. The hacker can then alter the system or network to achieve a goal. This is a huge breach of security and can be very worrying for a business.

How to prevent hacking.

To prevent the event of an attack on your network, it’s important to make sure your security is up to scratch so it’s not easy for somebody to access what’s yours. Steps to take involve changing your passwords regularly, making sure you’re protected from viruses and encrypting customer data.

Should I pay for virus protection?

One simple answer – YES. Antivirus software protects your business from viruses, malware, spyware and other online cyber threats. By not installing this, you are putting your business at great risk of being exposed to harmful attacks.

Natural Disasters

These are disasters that are completely out of a business’s hands. This is when a disaster recovery plan really comes in handy. If there are plans and processes in place, it will be much easier to recover from a natural disaster.

Natural disasters can include floods, earthquakes and hurricanes depending on your location.


Why is Disaster Recovery Important?

Do you know what you’d do if your business faced a disaster? It’s not the easiest process to think about on the spot. That’s why you should be well-prepared with a plan in place for if the worst was to occur.

Disaster recovery can save your business from losing important data, customer confidence and also ruining the reputation of your business. Most importantly, it can protect you from going through a large financial loss. You may not think it’s important now, but when a disaster occurs, a plan will be highly beneficial to your business.

The following steps will help your business put together a successful recovery plan with the right strategy to follow.


Building your Disaster Recovery Plan

01 | Make a list of your IT assets 

Your plan of recovery should begin with a list of all IT assets in your business. It’s important to understand the complexity of the environment and the assets inside it if a disaster was to occur. When making your list, make sure to include ALL assets. It’s vital that you check to make sure you have written down all network appliances, access points, network switches, data, applications, storage devices and servers.

After all of the assets are written down, note where all of the assets are located in the building as well as the network it’s currently on.


02 | Carry out a risk assessment

After checking that you’ve included all of the assets on your list, you then need to list all of the possible threats of these assets. Think about all of the possible disasters that could occur in your business and how these could affect the assets you’ve listed. Be thorough with your risk assessment and ensure that you identify both internal and external threats.

What’s the chance of the disaster occurring and how would it affect the business? This is what you need to think about next. Remember, involve other people in your business, like your colleagues. Getting others’ thoughts and opinions to add to the risk assessment will give you more to think about and prepare for.

Be realistic about the disasters that are likely to happen to your business. Depending on your location, it may not be practical to concentrate on natural disasters like tsunamis or hurricanes. Focus your time on the higher probability disasters, these may include failures of equipment or intrusion on your network appliances.


03 | Define the impact of the assets

If some of your assets were to fail, they may not have a large impact on your business. However, others could cause critical outcomes. Speak to your team around the office to work out how different assets would impact your business if they were to break down.

Some assets will be similar in how they impact your business. Find these similarities and make groups based on them. This will make your plan less complex and easier to understand in the case of a disaster. Let others in your business know of these groups and allow them to have their say on the criticality of the assets.

How many groups you have will depend on the amount of assets in your business. It’s estimated that 3 to 5 groups are enough for a medium-sized business.


04 | Identify the objectives for recovery of assets

Different assets in your business hold varied levels of data. This part of the plan is about identifying which assets are more important in the business and the recovery process in the case of an emergency. Whereas e-commerce data would be vital to recover to continue with transactions, other data may not have much of an impact on the business.

It’s incredibly important that at this stage of the plan, you include your business line managers. They will be able to give you the most information about what applications and data are paramount to the business and would be classed as a high priority.

Find out from your business colleagues what their tolerance for downtime and data loss is for assets. This will help define the importance of the asset and how long it can be left unrecovered. Other questions to discuss with your colleagues can include how often assets are in use, how old they are and if there are any requirements in relation to moving the data that is held on them.

It’s vital to understand your business requirements so that you can identify a level of service based on priority. When you’ve gained this information from your colleagues, it’s time to link it to the recovery objectives for your disaster plan.

The first objective is the recovery time objective (RTO). This is the acceptable amount of time data or systems can be out of use. Think about revenue loss if this asset was to become unavailable. For example, if this stopped your colleagues from working, how would this affect the business?

If the results of your calculations show a high RTO, you will have time to complete a tape backup. This is the process of copying data to a tape cartridge to avoid loss. However, if you have very low RTO, it would benefit you to use a disk-based backup. This would supply you with data protection features.

The second objective is recovery point objective (RPO). This is the objective that determines how much data your business could afford to lose. With a high rate of data loss, you will have a high RTO. On the other hand, if the business cannot lose any data, your RPO would be low.

The RPO will help you identify how often you should back your data up.


05 | Choose your tools and techniques

You’ve identified the assets in your workplace and have put them into groups based on their objectives. Now, you need to choose the tools and techniques to be able to put these objectives into practice.

There are plenty of solutions to choose from – choose the solution that offers you the best protection for your business. Depending on the size of the business, the level of protection you need will be different. Don’t choose a solution with too much protection, this may sound good but will cost your business more money than you need to spend as well as make the process more complex.

Different types of backup will be better for different data. If the data is low-impact, nightly backups would be a great solution. However, this would not be the correct solution for high impact data. Instead, a customer data platform would be an excellent software to put into place.

In any event, offsite protection should be an important component of your disaster recovery plan. No matter what kind of data it is, this should be sent at least 25 miles away from the primary zone. In the event of a hacking, this data would not be able to be reached and would give your business a resource to use if the system was altered.

Lastly, in the case of your IT staff being unavailable, it’s important to try and make the process as easy as possible. Adding in automation lessens the complexity of the process and also reduces the chance of any human mistakes taking place.


06 | Involve your stakeholders

You may think your business plan is ready to be tested and practiced. Before you go ahead with this, make sure that all of your business managers agree with you regarding priorities in the business and agreements that your colleagues will provide. It’s important that they are all involved with this phase.

As well as your colleagues, it’s also important to keep regular contact with partners and vendors. This can be critical to make sure that you’re getting the most out of the services they’re offering. By not communicating with them, your business can be put at risk of server failures and outages.

After you’ve communicated with your key stakeholders, you will have the support and collaboration of your team to continue ahead with the disaster recovery plan.


07 | Inform your team

It’s great to be aware of all of your assets in the business and how these will be managed in case of a disaster. But, you also need to let your team know the strategy to how the business will get back into a working condition. It’s recommended that a document is written with a clear strategy of how this will happen.

Like we discussed in the last point, communication is key. Make sure ALL of your team are aware of what the plan involves and what they need to do in an emergency. A key thing to do would be to print the document and place it in multiple locations around the office. This makes it easily accessible – something that will be vital if a disaster occurs.


08 | Practice Sessions

You need to know how your plan will work out in the case of a disaster. If you only execute this plan when you really need to, it may not work the best it could of done if it was tested first. When testing to be completely perfect. The most important thing is that everyone knows what their role is and they can complete it in good time.

Testing the plan can be completed through sessions either on evenings or weekends. The whole plan does not need to be executed every time. Going over parts of the plan will be enough to test it out sufficiently.


09 | Make changes to your plan if needed

Review your plan regularly. If you find that it’s not working the way it should be, make changes and try it again. You need to be confident that in a disaster, the plan would be able to be executed as easily as possible. You may need the help of another company to give you some tips on how to make your plan less complex. The most important part of the plan is that it’s made for how your business works.


Boldfield & Disaster Recovery

Whatever your requirement, we can help you look in a sensible and effective manner and make recommendations to improve your existing set up, find out more on our Disaster Recovery page. Alternatively, contact us and we will take a realistic view of your business and will provide you with solutions according to your budget.

It’s also important to have a reliable IT Support company in the case of a disaster. We offer IT Support in Cambridge, Peterborough and London.

Share this post: