IT Innovation. Business Value.

Executive Brief: 4 Stages of IT Disaster Recovery Planning

As the enterprise IT landscape becomes more complex, customers more demanding, and computing devices more abundant and powerful, the need for business resiliency is of critical importance. Resilience is the ability for a company to adapt and recover from any unplanned changes to the IT environment by managing risk and implementing contingency and continuity planning.

Companies develop disaster recovery plans to ensure that they have a documented, detailed, tested blueprint for directing the IT recovery process in the event of a man-made or natural disaster. In general, a “disaster” is defined as any event that causes sufficient interruption of computer operations that the decision is made to move those operations to an off-site recovery location.

Executive Brief: 4 Stages of IT Disaster Recovery Planning

Please note, this business continuity planning executive brief is an abbreviated version of the original. For the full version with charts, please view the Executive Brief: 4 Stages of  IT Disaster Recovery Planning (PDF).


Disaster recovery plans are designed to restore the company’s applications, data, and physical network within established critical timeframes that minimize the impact on the business, with respect to lost revenue and operational interference. Furthermore, disaster recovery planning is also critical to ensure compliance with mandatory business regulations—regulations that have penalties for non- compliance ranging from monetary fines to loss of business.

Business Impact Analysis (BIA)

Performing a careful and complete Business Impact Analysis (BIA) is critical to developing an effective Disaster Recovery Plan. During this phase, system requirements, functions, and interdependencies are analyzed — the results are then used to identify system contingencies as well as setting priorities.

The Business Impact Analysis drives the Disaster Recovery Plan by identifying the applications and systems that will significantly impact the business in the event of a disaster.

During this phase, it is vital that input be obtained from departments across the enterprise, from Human Resources and Customer Service, to Information Technology and Accounting. In addition to using this information gathering to define critical timeframe, the BIA is also an effective strategy to educate the enterprise on the need for a Disaster Recovery Plan and to identify any alternative manual procedures that could potentially minimize the impact of an interruption in system availability.

Defining RPO and RTO

Critical to BIA is determining the Recovery Point Objective (RPO) and the Recovery Time Objective (RTO). The RPO is the point in time to which data must be recovered; the RTO is the overall length of time an IT component can be in recovery before it negatively impacts critical business processes.

The analysis is important because different applications and IT components will have different RPOs and RTOs. For example, an application that supports a mission-critical application, such as customer order processing, may have a short RPO/RTO, while an application that runs an internal, non-customer- facing of low import may have a much longer RPO/RTO.

Architecting Your Recovery Strategies

Developing a solid Disaster Recovery strategy requires a comprehensive approach. Key items that need to be considered include network requirements, infrastructure needs, data recovery, data and record management, security and compliance.

After the critical applications and data recovery objectives are identified, the company needs to architect the specific strategies and solutions to make sure the recovery objectives for applications, network and data are restored in the appropriate timeframes. Meeting these recovery objectives may involve deploying new architecture, tools, and infrastructure internally or with the assistance of an external service provider.

Options to be considered include electronic vaulting, tape retention, or a dual data center approach.

Testing and Training

Performing thorough analysis and developing sound recovery strategies are critical to a solid Disaster Recovery Plan; however, testing the plan and training staff on executing the plan is vital to successful DR planning. The only way to validate that your plan will work is to test the plan on a regular basis and put a function in place to ensure it is updated to reflect changes in the environment.

There are various levels of testing, with varying degrees of involvement—from a structured walkthrough with key technical resources verbally assessing the plan, to simulation testing where a disaster is simulated so the plan can be implemented, to full interruption testing, in which the disaster recovery plan is activated in total. The organization needs to establish the testing required to effectively assess the validity of the plan.

In tandem with testing the plan is the need to train assigned personnel both on their roles in the disaster recovery scenario and on the broader content of the plan itself. Like testing, the organization needs to regularly revisit the training plan to address the organizational changes, new hires, and attrition that are inevitable.

To learn more about how Secure-24 can help solve your IT challenges, call us today at 800-332-0076 or Contact Us.

Secure-24 is a premier provider of managed IT operations, hosting and cloud services, providing highly available environments and expert management and support for your business critical applications.