WHITEPAPER

Disaster Recovery Planning:

Best Practices and Template

© 2019 MSP360. All rights reserved. MSP360.com

 Disaster Recovery Planning:
Best Practices and Template

At first glance, disaster recovery planning may seem as simple as creating a basic summary of how you will
restore data and infrastructure following a disaster.

In reality, however, effective disaster recovery planning requires much more than this. It entails creating
detailed, step-by-step procedures for restoring data and infrastructure. Those plans should detail not just the
steps for setting things back up, but should also specify:

• Which personnel will perform which disaster recovery tasks.

• How quickly recovery tasks need to be completed in order to meet RTO and RPO requirements.
• How disaster recovery procedures might vary between different facilities or sites.
• Whether disaster recovery operations for hardware need to be performed independently of disaster
recovery for software.

In this guide, we discuss these points and more as we explain best practices for developing a disaster recovery plan.

Disaster Recovery Best Practices

Before we delve into the process for creating a disaster recovery plan, let’s start with an overview of disaster
recovery best practices that you should keep in mind as you develop and update your plan.

Consider the Most Likely Cause of Disasters

Depending on the location (or locations) of your infrastructure, the types of disasters
you are most likely face can vary widely. If you support a datacenter located in
Southern California, for example, earthquakes are likely to be one of the main events
you have to plan for. In New England, hurricanes might be more likely. If you have a
data center in a remote location, power outages could be your main threat.

Identifying the types of disasters that are most likely to affect your infrastructure
is important because the severity, frequency and predictability of disasters varies
depending on type. For example, earthquakes happen with virtually no warning. In contrast, if a major hurricane
is coming up the coast of the United States, you will likely have at least a few days’ warning to prepare for the
event. Power outages may or may not happen suddenly, but it is easy to create a back-up plan for dealing with them.

When you know which disasters you are most likely to face, you can plan accordingly. You could even generate a
statistical model to help predict how often disasters will strike your infrastructure, and what their severity will be.

Employees Need to Be Able to Access Disaster Recovery Plans

The best disaster recovery plan is useless if your staff can’t access it during a disaster.
For that reason, you want to make sure that even if your main infrastructure or
network fails, employees still have access to the plan. Consider keeping copies on
USBs, or even printing them out.

© 2019 MSP360. All rights reserved. 2 MSP360.com

 Disaster Recovery Planning:
Best Practices and Template

Remember, too, that employees may need to be able to access things like passwords in order to execute a
disaster recovery plan. Make sure those passwords are accessible even if the main infrastructure fails.

Communication between employees is critical, too. Ensure that you have a plan in place for employees to talk to
each other and share information, even if it is via an old-fashioned phone tree.

Disaster recovery plans need to be updated

Infrastructures change constantly. Your disaster recovery plan needs to change, too, to keep pace. Toward that
end, make a point of regularly reviewing your disaster recovery plan. Perhaps once or twice a year, site down
and walk through how you would use the current plan to respond to a given type of disaster. This exercise will
help you identify gaps that need to be addressed.

Steps for Creating a Disaster Recovery Plan

Now, let’s discuss the steps you should follow to develop your actual disaster recovery plan.
The exact content of a disaster recovery plan will vary from business to business, of course. Below, we highlight
the main areas of focus that a typical business needs to address as part of its disaster recovery plan.

© 2019 MSP360. All rights reserved. 3 MSP360.com

 Disaster Recovery Planning:
Best Practices and Template

Business Impact Analysis and Risk Assessment

The first step in creating a disaster recovery plan is to evaluate the impact that a disaster would have on
various components of a business, and how quickly a recovery would need to be completed in order to avoid
a critical problem.

In most situations, some departments or processes could be disrupted for longer periods of time than others
without causing critical harm to the business. For example, perhaps your company could survive for a week
or two without functioning payroll operations, since staff are typically paid only once every couple of weeks. In
contrast, if your sales team can’t function for a week because its software is down, that could cost the company
a great deal of money in lost sales and customers.

To determine the business impact of a disaster on different parts of your organization, you’ll have to work
closely with department heads and key personnel. One way to do this is to distribute a questionnaire
asking them how long their departments could operate without functioning IT infrastructure, and what the
consequences would be to the company if the department ceased to operate. If the questionnaire doesn’t yield
enough information, you can perform in-person interviews.

Once you have assessed the impact of a disaster, you can develop RTO and RPO goals for the various
components of your infrastructure and data that will meet each department’s needs.

With RTOs and RPOs established, you know what needs to be recovered and how quickly recovery must
happen following a disaster.

Recovery Strategies
With that information in hand, you’re ready to develop your actual recovery strategies. To do this, you must
assess whether the resources your currently have in place are sufficient for meeting the various RTO and RPO
goals that you have set. Do you have enough personnel ready to respond to a disaster to meet those goals? Do
you have enough backup infrastructure and network bandwidth? Will you be able to acquire new hardware or
software quickly enough, if necessary?

By answering questions like these, you can develop the overall recovery strategies that will form the basis for
your disaster recovery plan. If you discover that you have too few resources to enable the strategies, discuss with
management in order to acquire what you need. Likewise, if you have more resources than necessary for disaster
recovery, this could be an opportunity to reduce this part of your budget (which is always a win with management).

Subscribe to MSP360 Blog to get

more valuable content each week!
Subscribe

© 2019 MSP360. All rights reserved. 4 MSP360.com

 Disaster Recovery Planning:
Best Practices and Template

Disaster Recovery Plan Development

Once you have developed your disaster recovery strategy and have management’s support, you are ready to fill
in the details for executing on the strategies.

To do this, you’ll want to:

• Develop an overall plan framework that defines the different components of your plan. For example,
perhaps your plan will be broken down into different sub-plans, each of which addresses a different
department in the company or a different data center.
• Identify personnel who will be responsible for executing the plan (or the sub-plans).
• Develop plans for relocating hardware, software or data following a disaster.
• Write out the specific disaster recovery procedures that need to be followed, along with steps for
accessing any special information required to follow the procedures.
• Document manual workarounds for your team to follow in the event that the main disaster recovery plan fails.
• Put the plan together and share it with management to get approval.

Test the Plan

After the plan is created, it’s time to test it. Do a dry run through the disaster recovery procedures to make sure
everything works as expected. Make sure that all staff who are part of the disaster recovery procedures know what
their roles are and how to perform them, as well as how to access any information they require during a disaster.

Be sure to document the results of these tests and review them in order to identify gaps that need to be fixed
before an actual disaster strikes.

Disaster Recovery Plan Base Template

Again, every business’s disaster recovery plan will be different. But to help you create yours, here is a basic
template that you might find useful for structuring your plan.

1. Goals
Your plan can begin with a definition of the overall goals of the disaster recovery procedures.

2. Personnel
Create a table that includes the name, position and contact information of all employees who will participate in
disaster recovery, as well as the role they will play.

Your personnel section can also include a calling tree for internal and external contacts that you can use to
share information during a disaster.

© 2019 MSP360. All rights reserved. 5 MSP360.com

 Disaster Recovery Planning:
Best Practices and Template

3. Hardware and software lists

This section of the plan includes tables or lists of hardware and software that the plan addresses. Identify which
components are mission-critical and which departments depend on them. In addition, define the RPO and RTO
for each system, and spell out any dependencies between systems.

4. Backup and disaster recovery procedures

This section is the “meat” of your disaster recovery plan. It specifies in detail the procedures required to restore
each hardware or software system identified in the previous section, and it explains who will be responsible for
performing each step.

Obviously, you need to use reason when determining how much detail to include in the procedures. You
probably don’t need to include a step like “Open your laptop” as the first procedure that an employee would
follow in order to log onto a remote system. But you do want to make sure that all non-trivial technical steps
and information are spelled out clearly in the plan. For example, if the plan entails spinning up virtual servers in
the cloud to replace downed physical servers, make sure the manual walks staff through the process of using
the cloud provider’s console or CLI to create a new server instance. You don’t want your personnel to have to
figure these things out on their own during a disaster.

The disaster recovery procedures should also include steps for documenting progress as your team follows the
plan. This information is important in the event that a new group has to take over; it is also useful for auditing
purposes after the event.

If you have multiple sites to support, you may need a sub-plan for each one’s disaster recovery needs.

5. Testing procedures
This section specifies procedures for testing the disaster recovery plan, as well as documenting and reviewing
test results.

6. Non-critical recovery processes

Here, your plan can explain how non-critical hardware or software systems will be addressed once critical services
have been restored. For example, perhaps your company has an internal online forum where employees can post
information about things like social activities. The site may not be critical to the business in any way, but you will
still want to make sure to document how it will be recovered once RPO and RTO goals for critical components have
been fulfilled.

© 2019 MSP360. All rights reserved. 6 MSP360.com

 Disaster Recovery Planning:
Best Practices and Template

Disaster Recovery with MSP360 Managed Backup

MSP360 is a leading cross-platform cloud backup and disaster recovery solution. MSP360 Backup is integrated
with major public cloud services, such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform.
MSP360 Backup comes with powerful, easy-to-use backup and disaster recovery capabilities, including file-level
and image-based backups, disaster recovery to virtual machines in the cloud, data compression and military-
grade encryption using customer-controlled keys. Customers can run MSP360 Backup on Windows, Mac and
Linux operating systems.

MSP360 also provides a turnkey, white-label data protection service to thousands of VARs and MSPs to help
them build their brand in the cloud backup market.

MSP360 Backup offers you fast and simple bare-metal restore process. It allows you to perform image-based
backups to any cloud or local backup destination, restoring image-based backups as VMware virtual machines
or Azure virtual machines.

File-level, System State and System Image

MSP360 Backup backup and recovery from:

• File-level backup
• System state backup: only the operating system and configuration
• System image backup: a full copy of the needed computer or server

Cloud and Local

MSP360 Backup will allow you to store your system images on local storage or any of the 30+
cloud storage providers of your choice, including Amazon S3 and Amazon Glacier, BackBlaze
B2, Wasabi Hot Storage, Microsoft Azure, Amazon Cloud Drive, Microsoft OneDrive, Google
Drive.

Bootable USB for Bare-Metal Restore

Easily create a recovery USB drive or bootable ISO file for an emergency recovery in case of
a system or hardware crash. Install additional drivers for a hardware configuration that is
different from the current machine.

© 2019 MSP360. All rights reserved. 7 MSP360.com

 Disaster Recovery Planning:
Best Practices and Template

Flexible Retention and Recovery

Why recover only the latest version? MSP360 Backup allows bare-metal restore to the point in
time that you choose. Store as many versions as you need for as long as you need with flexible
retention settings.

Compression and Encryption

MSP360 supports on-point compression and encryption. Compression allows you to save space
(and thus money) on the storage of your choice and time when performing backup. With AES-
256 encryption and encrypted upload channels, you can be sure that all your files are safe.

Request a demo or sign up for a free 15-day trial

of MSP360 Managed Backup

Free Sign Up

Conclusion
Planning for disaster recovery may seem like something you can always put off until tomorrow. But don’t trick
yourself into thinking that successful disaster recovery can be pulled off on-the-fly in the midst of a serious
disruption. There are too many moving pieces -- in terms of different hardware and software systems, personnel
and business processes -- to make it feasible to “wing” disaster recovery. That’s why it is essential to have a
detailed disaster recovery plan in place well before disaster strikes.

About MSP360
Established in 2011 by a group of experienced IT professionals, MSP360TM provides cloud-based backup and file
management services to small and mid-sized businesses (SMBs). MSP360’s offerings include powerful, easy-to-
use backup management capabilities and military-grade encryption using customer-controlled keys.

Customers can choose to store their backup data with more than 20 online storage providers, including
Amazon S3 and Amazon Glacier. MSP360 also collaborates with thousands of VARs and MSPs to provide them
with turnkey, white-label data protection services. It has been an Amazon Web Services Advanced Technology
Partner since 2012. MSP360 has also achieved Storage Competency Partner status in the AWS Partner Network.
For more information, visit www.MSP360.com. Follow us on Twitter at @MSP360.

© 2019 MSP360. All rights reserved. 8 MSP360.com