Disaster Recovery Planning

This disaster recovery planning document is a brief disaster recovery summary document partly based on the NIST Special Publication 800-34 titled Contingency Planning Guide for Information Technology Systems. This disaster recovery planning document outlines some information in the NIST document. The purpose of this disaster recovery planning document is to give an easy to read and brief overview of disaster recovery planning and guidelines. The amount of information you require will depend on the requirements of your organization. Those who want to do disaster recovery planning should also read the NIST document.

This disaster recovery planning document provides an outline of the phases of disaster recovery planning. Later, this disaster recovery planning document provides an outline of the creation of the disaster recovery plan covering the phases of the disaster or incident and the steps to recovery and resumption of normal business operations.

Disaster recovery planning is done in phases because several objectives must be accomplished and many of them are dependent upon others. Threats to the business must be identified, possible loss of equipment and business functionality must be identified, The dollar value of possible loss must be identified in order to establish a disaster recovery plan budget, roles and responsibilities of staff members must be identified, testing of the plan should be implemented, training should be done, and many more functions.

Disaster Recovery Goals

While creating a disaster recovery and business continuity plan, the disaster recovery and business goals must be kept in mind. These goals include:

  1. Communication
    • Report the problem.
    • Activate appropriate teams
    • Communicate any changes in work plans to workers
    • Communicate to customers or to the public
    • Use alternate communications where necessary.
  2. Protect and preserve your data.
  3. Minimize and reduce damage
  4. Preserve the business function
  5. Recovery quickly
  6. Restore normal operations

Disaster Recovery Aspects

Disaster recovery aspects are many and may include specific plans for specific aspects of disaster recovery. The main concern is the business functionality and continuity which makes the Business Continuity Plan (BCP) the central plan and other plans support it. Some of these plans include:

  • Business Continuity Plan (BCP) is used to sustain the business function during and after the disaster until business functions are restored. Plans that may be appended to the BCP include:
    • Incident Response Plan - Provides for response to security incidents and incidents disruptive to the business including disasters.
    • Disaster Recovery Plan (DRP) is IT focused and is used to recover mission-critical technology and applications at an alternate site when a large disruption to the business occurs.
      • Continuity of Support Plan/Contingency Plan provides for equipment support until normal business functions are restored. This plan can be part of the Disaster Recovery Plan.
    • Business Resumption (Recovery) Plan is used to continue mission-critical functions at the production site through work-arounds until normal function is restored. It is also used to restore business processes at the original site after an emergency.
    • Continuity of Operations Plan (COOP) restores essential functions at an alternate site usually for headquarters. This plan does not necessarily cover IT functions.
  • Crisis Communication Plan used to communicate internally and externally during the disaster.