What Is a Disaster Recovery Plan?
A-to-Zerto Glossary of Terms
What Is a Disaster Recovery Plan ?
A disaster recovery plan focuses on getting IT systems, applications and services back online as quickly as possible in the event of a disaster. Disasters can threaten the lives and health of people, can destroy infrastructure, and can disrupt business operations. Rapid and effective responses that follow a well-designed plan are key to mitigating the effects of a disaster.
From an IT perspective, disasters are the cause of unplanned downtime and data loss, both of which cost the organization due to loss of revenue, loss of productivity, loss of reputation, and loss of customer loyalty. Having an effective disaster recovery plan helps minimize downtime and data loss.
Disaster Recovery Guide: Everything You Need to Know about DR
Disaster Recovery Planning
As part of business continuity planning, risk assessment (RA) and business impact analysis (BIA) help to identify the critical functions and business processes that must be prioritized.
Risk assessment will identify the organization’s most critical assets, threats and vulnerabilities that pose specific risks, and drive mitigation actions to reduce or remove the likelihood of these risks.
BIA will highlight the impact from the loss of any critical business process, and identify systems, applications, resources involved, existing dependencies as well as needs and/or alternate options to temporarily run the business process.
Figure 1: Business continuity planning to disaster recovery planning
As shown in figure 1, business continuity SLAs will be established as part of the BIA. They will include some business continuity metrics (MTD and MTDL) expressing the maximum tolerable downtime or data loss of these business processes. These in turn will help the DR team to extract key DR metrics such as RTO and RPO, and therefore set their own disaster recovery SLAs.
Based on the results from RA and BIA, the DR team will assess the best disaster recovery strategy to pursue, and the DR model —or DR implementation— best fitting the organization’s resources and needs.
The team will also assess if its current solutions are good enough to meet its SLAs. If not, the evaluation, implementation and integration of new solutions will be part of the planning process.
The DR team will also re-evaluate its procedures, workflows, communication plan and protocols. This often results into the creation of a DR runbook that details the exact procedures and processes to follow in case of a disaster or major IT disruption.
Another essential step is to engage with the incident response team —especially if separate from the DR team— to ensure proper monitoring of all IT critical assets and applications, optimize alert setup, and train staff for proper incident assessment and potential DR plan initiation.
All of the above will result in the establishment of a disaster recovery plan in line with the organization’s DR strategy, implementation, resources, IT infrastructure and solutions deployed.
Last, the DR planning should account for the establishment of regular reviews and testing of the plan, to measure if it can meet the required SLAs and ensure the team effectiveness in its response.
Disaster Recovery Guide: Everything You Need to Know about DR
Business Continuity Plan (BCP) vs Disaster Recovery Plan
The business continuity plan is about steps and contingencies to maintain operationality for the organization while the disaster recovery plan focuses on restoring IT systems after a disruption.
The disaster recovery plan is a subset of the BCP which includes other plans as shown below in figure 2. The BCP is managed by the business continuity management (BCM) team, which includes stakeholders from across the organization, and even outside of it. The DRP is managed by the DR team, which is very IT centric, even though it is connected to the BCM team.
Figure 2: Plans in Business Continuity
Business Continuity Plan (BCP) vs. Disaster Recovery Plan (DRP): What Are the Key Differences?
The plans in Business Continuity
Key Considerations of a DR Plan
When creating an effective DR plan, you should consider several key points to help your organization be prepared when disaster strikes.
- Assigned roles and training. Ensure that the roles and responsibilities of everyone on your IT team are clearly laid out and that everyone is trained on their duties should a disaster strike. Ideally, you should have a backup assigned for each role, but at the very least, make sure you have a backup assigned for key decision makers.
- Communications. Have a clear plan for how steps of the DR plan can be communicated as they are being executed during a disaster and clear instructions of how to proceed if communications are disrupted due to the disaster.
- Remote access. Having a plan to initiate recovery from a remote location is ideal in case you can’t access your on-premises technology during a disaster.
- Updates. Make sure your plan is kept up to date as changes occur to your organization. These changes may include changes to personnel, changes to infrastructure, and changes to business priorities.
- Testing. DR testing is critical to both training and keeping your DR plan up to date. Testing makes employees familiar with the DR plan, the plan execution, and exposes any flaws or gaps in the DR plan. DR testing should be done frequently, at least twice a year, if possible, or at the very least, once a year.
Best Practices in Disaster Recovery Planning
DR Planning in the Current World
To exit, click outside the image
Disaster Recovery Testing - It May Just Save Your Business
Zerto and Your Disaster Recovery Plan
When you are faced with a disaster, a simple and clear plan can make or break your recovery. Zerto is a scalable solution that can provide your organization with a variety of tools to help make your DR plan not only simple and clear, but effective and robust. With Zerto, you can see the real-time status of your protected environment from any device. And you can test and validate, as often as you want, that your disaster recovery plan delivers and meets its SLAs, in a non-disruptive way for your production environment. Simply perform a full failover test in seconds and quickly get back to other business-critical tasks.
Zerto Solution Overview
FAQ about the Discovery Plan
The lifecycle of a DR plan goes through three main phases:
Plan development: based on a risk assessment and and a business impact analysis, some risk mitigation actions are identified, RPO and RTO targets are established based on the criticality of the business processes to be recovered, system agnostic procedures and runbooks are developed, and roles and responsibilities are identified for the DR team. Proper solutions are also evaluated and selected to meet the established RPO and RTO targets. They usually cover a mix of DR and backup technologies.
Plan Implementation: Deploy and configure the DR solution, adapt the procedures and runbooks to the procured tool(s), provide training to the DR team, and set the communication channels to be used by that team in case of an IT disruption.
Plan Maintenance: once implementation is done, and until the next major RA or BIA run, the following phase should translate into a continuous loop for: testing and validation of the plan, test reviews to integrate learnings into the plan, adjustments of the plan and its implementation as needed (based on testing or changes in the environment), maintain components of the DR solution up to date, and level of training of the DR team.
A good DR plan should be based on a robust business continuity planning exercise featuring risk assessment and business impact analysis (BIA). This will help the DR team to implement proper risk mitigation options and establish the right RTO and RPO targets for the systems involved in critical business processes and functions.
From there the DR team will include key elements in the DR plan to ensure its smooth and swift execution when the time comes to initiate it, such as: roles and responsibilities, communication protocols and channels, and references to runbooks for recovery procedures and workflows.
The DRP should also cover training and testing of the plan, in terms of scope and frequency, but also about how to integrate any learning into the plan. Also, a regular review of the DRP should ensure alignment with the ever-evolving priorities and capabilities of an organization.
Other Resources
LATEST FROM ZERTO SEE ALL
Resource Center
Discover and access content from Zerto and 3rd parties (IDC, Gartner, ESG, etc.) related to Disaster Recovery.
The Disaster Recovery Guide
Get everything you need to know about disaster recovery in one guide.
Disaster Recovery Blog Series
Get some insights on how DR is evolving and some perspectives from customers about how they enact it.
What is Zerto?
Learn about Zerto and how it can help you solve your data protection and recovery challenges.