Disaster Recovery: Planning, Strategies, Types & Procedures | Okta (2022)

A disaster recovery plan helps your organization resume core computing and IT functions after some type of disaster.

Many companies will face a challenge that puts their work at risk at some point. For example, organizations headquartered in Texas faced significant power outages at the beginning of 2021. At one point, power grid officials admitted that they had no idea when they could restore power.

In a situation like this, a disaster recovery plan could ensure that you don't lose data, customer confidence, or both.

Planning for an incident like this is complicated, and you'll need plenty of people to help you with the work.

Here's what you need to know to get started.

(Video) What is a Disaster Recovery Plan? And How to Make one.

What is disaster recovery?

In IT circles, a disaster is any kind of disruptive event that knocks your company offline or somehow puts your operations on pause. A disaster recovery plan should help you get back to normal as quickly as possible.

The DR concept was developed in the 1970s as more companies relied on computers to get their work done. But the concepts you might use in a plan today are very different from those in the 1970s. And the types of disasters you face are slightly different too.

Common disasters teams prepare for include:

  • Cyberattacks. In 2020 alone, more than 1,000 data breaches took place. When hackers get into your systems, they can steal data, take you offline, or both.
  • Power outages. As the climate warms and superstorms become commonplace, your reliable source of electricity could disappear.
  • Equipment failures. Modern tools are delicate, sensitive, and apt to fail. Even routine maintenance can't prevent your equipment from going down.
  • Viruses. Companies without a disaster recovery plan had to scramble when COVID-19 hit and employees all stayed home to work.

Your disaster recovery plan could also focus on incidents that haven't happened yet but seem likely in the coming years and months. As you craft your plan, you'll ensure that the challenges you face won't wipe your company off the map.

Disaster Recovery: Planning, Strategies, Types & Procedures | Okta (1)

How does disaster recovery work?

Disaster recovery plans detail how you'll recover data when your primary servers go down or become unavailable. Typically, that means understanding how and where you'll save critical files.

Consider this: A tree falls on your datacenter. All of your servers go down at once. People inside the center know that the organization has taken a hit. But everyone outside of your building has no idea what's going on.

A disaster recovery plan details how file restoration works. You've backed up data in a secondary location. Where is it stored? How quickly can you make it available?

Common strategies companies use for data restoration include:

  • Clouds. Organizations partner with vendors, and they save data on the cloud automatically. Plenty of companies opt for this model, as it's considered easy and infinitely customizable.
  • Discs. A program saves copies of critical data, and you can rewrite older versions with newer sets.
  • Tapes. You record backups and send the tapes to an offsite location for storage. The model may seem old and low-tech, but close to 60 percent of companies still lean on backup tapes.

People measure disaster recovery efficacy in tiers.

(Video) Disaster Recovery vs. Backup: What's the difference?

  • 0: An organization does not store any offsite data. Everything is available onsite.
  • 1: Backups are on physical media (like a tape), which the company keeps in an offsite facility.
  • 2: Backups are on physical media (like a tape), and the IT team transfers that to an offsite facility that they can also pull in to support key functions in a crisis.
  • 3: An organization sets up a system to automatically transfer data to a live backup site (like a data center or cloud).
  • 4: The company backs up data in multiple places, with multiple backups.
  • 5: The system continuously backs up in multiple places.
  • 6: The cloud or system provides continuous data and does not ever lose data.

People often confuse disaster recovery plans with business continuity (BC) plans. They are similar, but a BC helps your team stay open and functional during a crisis. A BC plan may have a computer component, but it may also involve your structures, teams, financial partners, and more.

What does a disaster recovery plan involve?

When a crisis hits, your team doesn't have time to bicker about next steps and common challenges. They need a road map they can access quickly, so they can get started right away. Your completed disaster recovery plan does just that.

Your completed disaster recovery plan should include:

  • Directions. What should people do at every step as they attempt to restore files and get your company running again?
  • Staff. Who should you consult at each stage of the recovery? Who is part of the disaster recovery team?
  • Tools. What software and hardware will the team need as they work?
  • Ramifications. When should you notify your insurance company? When should your stakeholders get messages about this? What should you tell the press?

Your disaster recovery plan isn't a static document. Every time something changes in your company, your staff, or your vendor set, you should change the plan accordingly.

Disaster recovery solutions

As we mentioned, plenty of organizations buy tapes and discs to handle disaster recovery independently. But if you need a vendor partner, you have a few choices.

Companies that offer disaster recovery as a service have cloud storage options for data backups. Some offer flexible costs, so you can pay only for the storage you need. And you can add or remove seats as needed.

You can choose from a wide variety of vendors. Most organizations make a decision based on cost and features. But you will want to hold in-depth conversations with potential partners to ensure they offer all of the features you need.

Disaster recovery sites, such as external data centers, can store your information and restore it as needed. If you have significant information needs and plenty of critical data, you may decide that investing in a backup data center is wise. But these backups can sometimes be too costly for average business owners.

Disaster recovery testing

With a plan created, are you truly safe? If you don't test your systems, you won't know until the next crisis hits. Testing helps you understand your coverage gaps so you can patch them.

Recent data losses from big companies prove just why testing is so critical. Manage testing by running your systems in disaster mode and watching how much data you (theoretically) lose. Or conduct an audit and see how well things work in a simulated crisis.

(Video) Disaster Recovery Planning

Can you prevent disasters?

Control measures help you eliminate or reduce the disaster threats your organization faces.

Three main types of control measures exist.

  • Preventive: You stop an event from happening. Cutting down the trees around your power lines so you remain connected is an example of a preventative measure.
  • Detective: You know when an event begins. Installing software with intruder alerts is a detective measure.
  • Corrective: You can restore a system quickly. Anything in your disaster recovery plan is a corrective measure.

You can't prevent every problem from striking your company, and no IT worker should promise that to leadership. But corrective measures are a critical part of your overall disaster recovery plan.

Who should join you?

While disaster recovery is primarily an IT function, others in your organization have valuable insights and skills to share.

Your disaster recovery planning team might include:

  • Executive management. Leaders must sign off on your plans, and they must budget for the tools you need.
  • Risk management. If your organization has staff who handle organizational challenges, this person should be on your team.
  • Team leads. People who head up core functions in your organization should know how the plans work, and they can give you insights on the datasets they consider vital.

This team may not help you draft policy. But they should be involved in all of your planning processes so you craft something your entire company can use.

Disaster Recovery: Planning, Strategies, Types & Procedures | Okta (2)

What must you know to start planning?

A disaster recovery program includes hundreds of pieces, and it's hard to know where to begin collecting them.

In general, you should have solid ideas about these areas before you get started:

  • Risks: What are the top security or connectivity challenges your company faces right now? What new issues may arrive within the next few years?
  • Critical data: What files and sources does your company need first? What can wait until later stages of restoration?
  • Recovery time: What's the maximum amount of time you'll need to gather up your files from storage and implement them? How much downtime can your company handle?
  • Recovery point: What's the maximum age of files your company will accept? Can they handle 4-hour-old files? Or must they be instantaneous? This number will guide your backup strategy.

You must know much more than this to complete a plan, of course. You should know where your files are, how much your solution will cost, and more. But this brainstorming list can help you start.

(Video) How to write an IT Disaster Recovery Plan

Disaster recovery help from Okta

Okta can help you enhance your identity-driven security to protect your organization from breaches.

Read our whitepaper to find out how these programs work and how you can get started.

References

ERCOT Officials Say They Have No Idea When Texas' Power Outages Will End. (February 2021). The Dallas Morning News.

Annual Number of Data Breaches and Exposed Records in the United States from 2005 to 2020. (January 2021). Statista.

Why Time's Up on Preventive Maintenance. (July 2019). Processing.

The Five Hidden Risks of IT Disaster Recovery Failures. (October 2019). Disaster Recovery Journal.

Five Key Points About Cloud vs. In-House Disaster Recovery. (January 2021). Computer Weekly.

How Cloud and Disaster Recovery Trends Will Impact 2020 Digital Transformation Strategies. (February 2020). Forbes.

Delta Outages Reveal Flawed Disaster Recovery Plans. (February 2017). Network Computing.

FAQs

What are the 3 main methods for recovering system? ›

Main Disaster Recovery techniques are three: synchronous replication, asynchronous replication and mixed technique.

What are the three types of control measures used in disaster recovery planning? ›

Control measures
  • Preventive measures – Controls aimed at preventing an event from occurring.
  • Detective measures – Controls aimed at detecting or discovering unwanted events.
  • Corrective measures – Controls aimed at correcting or restoring the system after a disaster or an event.

How do you plan a disaster recovery strategy? ›

Disaster recovery planning guide
  1. Configure security the same for the DR and production environments.
  2. Verify your DR security.
  3. Make sure users can log in to the DR environment.
  4. Train users.
  5. Make sure that the DR environment meets compliance requirements.
  6. Use Cloud Storage as part of your daily backup routines.
10 Jun 2022

What is disaster recovery planning? ›

A disaster recovery plan (DRP) is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events.

What are the 3 types of disaster? ›

Disasters are classified into natural disasters, man-made disasters, and hybrid disasters.

What are the 4 types of disaster management? ›

Emergency managers think of disasters as recurring events with four phases: Mitigation, Preparedness, Response, and Recovery. The following diagram illustrates the relationship of the four phases of emergency management.

What are the main components of disaster recovery plan? ›

Typical elements in a disaster recovery plan include the following:
  • Create a disaster recovery team. ...
  • Identify and assess disaster risks. ...
  • Determine critical applications, documents, and resources. ...
  • Determine critical applications, documents, and resources. ...
  • Specify backup and off-site storage procedures.

What are the objectives of disaster recovery plan? ›

Reduce the risk of disasters caused by human error, deliberate destruction, and building or equipment failures. Be better prepared to recover from a major natural catastrophe. Ensure the organization's ability to continue operating after a disaster. Recover lost or damaged records or information after a disaster.

Why is disaster recovery planning important? ›

The purpose of a disaster recovery plan is to reduce damage or disruption and recover as quickly as possible in the event of a disaster that leads to system failure.

What is a recovery strategy? ›

Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are prioritized by the recovery time objectives (RTO) developed during the business impact analysis.

What is the best method for disaster recovery? ›

6 Steps to Develop a Better Disaster Recovery Plan
  1. Backup all your data: Backup is an obvious solution and the first step to recovering from data loss. ...
  2. Choose the Right Backup Category. ...
  3. Plan Effective Backup Strategy. ...
  4. Data Recovery Software. ...
  5. Document Critical Information: ...
  6. Test and Rehearse Disaster Recovery Plan.
19 Oct 2021

What is the most important aspect of disaster recovery? ›

In order to keep your people and assets fully protected during times of catastrophe, having a plan in place to help guide you is key. But there's one aspect of successful disaster recovery planning that often gets overlooked, and that is: testing your disaster recovery plan.

What is disaster recovery in BCP? ›

Disaster recovery refers to the plans a business puts into place for responding to a catastrophic event, such as a natural disaster, fire, act of terror, active shooter or cybercrime.

Who is responsible for disaster recovery plan? ›

Disaster Recovery Coordinator

Also known as a crisis management coordinator, this person should be a business leader within your organization who will oversee the execution of your disaster recovery (this is primarily IT-focused) plan as a whole.

What is disaster and its types? ›

There are two types of disaster: natural and man-made. 1. Natural Disaster: A disaster caused by natural factors called as a natural disaster e.g., earthquake, flood, cyclone etc. 2. Man-made disaster: A disaster caused due to the human activities e.g., wars, fire accidents, industrial accidents etc.

What factors are most important when planning for disaster and recovery? ›

  • Answer:
  • 1 Procure sturdy devices.
  • 2 Deleting old backups.
  • 3 Physically distant backup location.
  • 4 Regular backups.
  • All the above are the factors that are important when planning for a disaster and recovery.
  • Explanation:
  • These are the essential elements of a good disaster recovery plan:
15 Jul 2020

What are the 2 main types of disasters? ›

Types of Disasters - Natural and Human-Caused Disasters.

What are the two main different types of disaster? ›

Types of disasters usually fall into two broad categories: natural and man-made. Natural disasters are generally associated with weather and geological events, including extremes of temperature, floods, hurricanes, earthquakes, tsunamis, volcanic eruptions, landslides, and drought.

What are the common types of disasters? ›

  • Hurricanes and tropical storms.
  • Landslides & debris flow.
  • Thunderstorms and lighting.
  • Tornadoes.
  • Tsunamis.
  • Wildfire.
  • Winter and ice storms.
  • Sinkholes.

What are the 4 main steps of an emergency action plan? ›

Evacuate danger zone. Close main shutoffs. Call for external aid. Initiate rescue operations.

What is disaster recovery with example? ›

Disaster recovery is an organization's method of regaining access and functionality to its IT infrastructure after events like a natural disaster, cyber attack, or even business disruptions related to the COVID-19 pandemic. A variety of disaster recovery (DR) methods can be part of a disaster recovery plan.

What are the 10 steps to disaster preparedness? ›

10 Steps to Disaster Preparedness
  1. Assess your risk – both internally and externally.
  2. Assess your critical business functions.
  3. Prepare your supply chain.
  4. Back-up your data.
  5. Create an emergency management plan.
  6. Create a crisis communications plan.
  7. Assemble emergency supplies.
  8. Plan for an alternate location.

What are the 7 emergency management steps? ›

Be Prepared: The 7 Components of an Emergency Plan
  • Planning – Work through many emergency scenarios. ...
  • Training – ...
  • Drills – ...
  • Education – ...
  • Technology – ...
  • Coordination – ...
  • Communication –

What are the types of preparedness? ›

There are different types of preparedness, such as public health preparedness and local emergency preparedness or snow preparedness, but probably the most developed type is "disaster preparedness", defined by the United Nations as involving "forecasting and taking precautionary measures before an imminent threat when ...

Are disaster recovery plans required? ›

The key to the effective management of any unforeseen is a comprehensive, well-considered disaster recovery plan. Not having a plan in place can put your business at risk of high financial costs, reputation loss, and risks for your clients and customers.

What are problems in disaster recovery? ›

The plan is wrong or inadequate. The plan relies on the wrong technology. The plan is not properly tested. The plan has insufficient information management.

What are the five phases to service recovery? ›

There are five logical steps in the service recovery process:
  • Anticipating customer needs.
  • Acknowledging their feelings.
  • Apologizing and owning the responsibility.
  • Offering alternatives.
  • Making amends.
15 Oct 2010

What are the three continuity strategy plans? ›

There are three phases to comprehensive continuity planning:
  • resolve;
  • respond; and.
  • rebuild.
6 Mar 2007

What are five major elements of a typical disaster recovery plan? ›

Typical elements in a disaster recovery plan include the following:
  • Create a disaster recovery team. ...
  • Identify and assess disaster risks. ...
  • Determine critical applications, documents, and resources. ...
  • Determine critical applications, documents, and resources. ...
  • Specify backup and off-site storage procedures.

What are the common types of disasters that organizations can plan? ›

Some types of disasters that organizations can plan for include the following:
  • application failure.
  • communication failure.
  • power outage.
  • natural disaster.
  • malware or other cyber attack.
  • data center disaster.
  • building disaster.
  • campus disaster.

What is the difference between IRP and DRP? ›

Know the difference between an IRP and a DRP.

Your incident response plan is for one incident. It is the immediate action you take to avoid having to go into disaster mode. Your DRP is a plan that goes into place if your operations have been halted or severely disabled.

What is the difference between BCP and DRP? ›

BCP: Business Continuity Planning deals with keeping business operations running — perhaps in another location or by using different tools and processes — after a disaster has struck. DRP: Disaster Recovery Planning deals with restoring normal business operations after the disaster takes place.

What is the best method for disaster recovery? ›

6 Steps to Develop a Better Disaster Recovery Plan
  1. Backup all your data: Backup is an obvious solution and the first step to recovering from data loss. ...
  2. Choose the Right Backup Category. ...
  3. Plan Effective Backup Strategy. ...
  4. Data Recovery Software. ...
  5. Document Critical Information: ...
  6. Test and Rehearse Disaster Recovery Plan.
19 Oct 2021

What is the most important part of a disaster recovery plan? ›

One of the most critical components of a disaster recovery plan is an up-to-date communication strategy. An outdated list of staff phone numbers is a recipe for disaster that knows no bounds -- especially while trying to use a free conferencing service.

What factors are most important when planning for disaster and recovery? ›

  • Answer:
  • 1 Procure sturdy devices.
  • 2 Deleting old backups.
  • 3 Physically distant backup location.
  • 4 Regular backups.
  • All the above are the factors that are important when planning for a disaster and recovery.
  • Explanation:
  • These are the essential elements of a good disaster recovery plan:
15 Jul 2020

What are the 4 types of disaster management? ›

Emergency managers think of disasters as recurring events with four phases: Mitigation, Preparedness, Response, and Recovery. The following diagram illustrates the relationship of the four phases of emergency management.

What are the 5 types of disasters? ›

Types of Disasters
  • Agricultural diseases & pests.
  • Damaging Winds.
  • Drought and water shortage.
  • Earthquakes.
  • Emergency diseases (pandemic influenza)
  • Extreme heat.
  • Floods and flash floods.
  • Hail.

What is a recovery strategy? ›

Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are prioritized by the recovery time objectives (RTO) developed during the business impact analysis.

Is IRP part of BCP? ›

The Business Continuity Plan (BCP).

This plan covers the functional recovery of an organization's business processes (including IT) and thus includes the IRP and DRP.

What are the continuity strategies? ›

1. Business Continuity Strategy is a phase within the BCM planning process. It is the conceptual summary of preventive (mitigation) strategies, crisis response strategies and recovery strategies that must be carried out between the occurrence of a disaster and the time when normal operations are restored.

Why BCP and DRP are maintained? ›

With the help of an effective BCP and DRP, businesses are better prepared to handle disasters when and after they strike. BCPs and DRPs complement each other—you must have both to withstand operational challenges brought about by disasters.

Who writes disaster recovery plan? ›

Once the decision has been made to undertake disaster recovery planning, the information manager must first determine the method to be used to develop the plan. One option is to hire a consultant to perform this task. Another is to develop the plan in-house.

What is the difference between DR and BC? ›

Disaster recovery (DR) is a set of pre-defined procedures that dictate how a company plans to recover its IT infrastructure after a disruptive event. Whereas BC aims to keep operations running during the incident, DR focuses on restoring technology-based systems to the pre-failure state.

What is the difference between fault tolerance and disaster recovery? ›

While high availability and fault tolerance are exclusively technology-centric, disaster recovery encompasses much more than just software/hardware elements. HA and FT focus on addressing the isolated failures in an IT system.

Videos

1. Masterclass: Citrix Disaster Recovery Planning
(Ferroque Systems)
2. How to Plan Disaster Recovery in Five Simple Steps | Storware Webinar
(Storware)
3. Disaster Recovery Planning Tips for SMBs Webinar
(AventisSystemsIT)
4. 5 Important Disaster Recovery Processes To Know for the CISSP Exam
(BE INFOSEC)
5. 21. Disaster Recovery Planning DRP
(Audit Academy)
6. Chapter 18 - Disaster Recovery Planning and Chapter 19 - Investigations and Ethics - CIS 352
(Andrew Miller)

Top Articles

Latest Posts

Article information

Author: Terence Hammes MD

Last Updated: 09/12/2022

Views: 6437

Rating: 4.9 / 5 (69 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Terence Hammes MD

Birthday: 1992-04-11

Address: Suite 408 9446 Mercy Mews, West Roxie, CT 04904

Phone: +50312511349175

Job: Product Consulting Liaison

Hobby: Jogging, Motor sports, Nordic skating, Jigsaw puzzles, Bird watching, Nordic skating, Sculpting

Introduction: My name is Terence Hammes MD, I am a inexpensive, energetic, jolly, faithful, cheerful, proud, rich person who loves writing and wants to share my knowledge and understanding with you.