Question no.

15
Disaster recovery: hurricanes, earth quakes, fires, floods,
criminal and terrorist acts, and human error can all severely
damage an organizations computing resources, and thus the
health of the organization itself. Why it is important for
organizations to develop disaster recovery procedures and
formalize them in a disaster recovery plan?

1|Page
 Introduction
IT disaster recovery plans provide step-by-step procedures for
recovering disrupted systems and networks, and help them resume
normal operations. The goal of these processes is to minimize any
negative impacts to company operations. The IT disaster recovery
process identifies critical IT systems and networks; prioritizes their
recovery time objective; and delineates the steps needed to restart,
reconfigure, and recover them. A comprehensive IT DR plan also
includes all the relevant supplier contacts, sources of expertise for
recovering disrupted systems and a logical sequence of action steps to
take for a smooth recovery.

2|Page
 Disaster Recovery Plan
A disaster recovery plan (DPR) is a set of “actions to be taken before,
during, and after a disaster”, and is made to help protect businesses
in such an event. Although disasters may not always be avoidable,
having a plan helps to reduce the potential damage and quickly
restore operations. Disaster recovery plan is a strategy set out to
help an organization quickly resume its operation after an
unexpected event.
A disaster recovery plan is also well documented, structured, and
regularly reviewed to maintain its viability.
A disaster recovery plan describes scenarios for resuming work
quickly and reducing interruptions in the aftermath of a disaster. It
is an important part of the business continuity plan and it allows for
sufficient IT recovery and the prevention of data loss.
The disaster recovery plan is an extensive, inclusive statement of
actions to be taken before, during, and after disaster. The plan must
be regularly tested and updated to ensure the continuity of
operations and the availability of critical data and processes in the
event of a disaster. The goal of the planning process is to minimize
the disruption of operations and ensure a measure of organizational
stability and orderly recovery after a disaster (Simpson, 2001). In all
organizations or facilities, a formal planning method is needed to
ensure quality, consistency, and comprehensiveness of disaster
recovery contingency plans. Informal, ad hoc, and (worst of all) “it
will never happen to us” approaches must absolutely be avoided.
In short, disaster recovery is a more complex process in which the
organization replicates the entire IT environment (data, systems,
networks, and applications) and establishes processes to enable

3|Page
them to restore functionality and data from this replicated
environment to the primary one.
The objective of a disaster recovery plan is to ensure that you can
respond to a disaster or other emergency that affects information
systems and minimize the effect on the operation of the business.
When you have prepared the information described in this topic
collection, store your document in a safe, accessible location off site.
Organizations can’t always avoid disasters, however having disaster
recovery plans and the preventative measures they include are
essential for minimizing potential damage, quickly getting things
back up and running, and most importantly preventing disasters in
the first place. The National Archives and Records Administration
reports that 93 percent of companies that experience data loss and
downtime, extending for 10 or more days, will file for bankruptcy
within 12 months. In addition, 43 percent of companies that do not
have a disaster recovery plan will go out of business in the
aftermath of major data loss.

4|Page
Planning Process
The disaster recovery contingency planning process includes these
steps.
1. Risk identification: Which problems might occur?
2. Risk analysis: What would be their impact?
3. Risk prioritization: Which problems are the most critical?
4. Risk management planning: How will I apply this to the
project?
5. Risk monitoring and testing: How effective is our risk control?
Disaster recovery procedures
For any disaster recovery plan, these three elements should be
addressed.
 Emergency response procedures
 To document the appropriate emergency response to a fire,
natural disaster, or any other activity in order to protect
lives and limit damage.
 Backup operations procedures
 To ensure that essential data processing operational tasks
can be conducted after the disruption.
 Recovery actions procedures
 To facilitate the rapid restoration of a data processing system
following a disaster.

5|Page
 Types of disaster recovery plan
Disaster recovery plans depend largely on the business' current IT
infrastructure. Typical plans include:
1. Virtualized disaster recovery plan
A cost-effective option for businesses that do not have the budget to
set up a physical restoring facility. Virtualization is the process of
creating virtual copies of operating systems, servers, storage
depositories, or network resources. In a virtualized environment,
the restoration of applications is done through virtual machine
instances, which can be created within minutes.
2. Network disaster recovery
Network failures can put a toll on the business' applications and the
entire IT infrastructure. To ensure businesses always have reliable
connectivity, a network disaster recovery plan should include a
step-by-step procedure on who to contact, how to replace
equipment, what actions to take to restore the network.
3. Cloud disaster recovery plan
Cloud disaster recovery is a combination of strategies and services
aimed at backing up data or applications via the public cloud or
cloud providers. This is also a more cost-effective option. However,
businesses need to consider factors such as bandwidth, cloud
storage costs, the location of physical and virtual servers, security
and compliance before implementation.
4. Data centre disaster recovery plan
This option focuses on the physical data centre. The plan should
detail procedures to identify, assess, resolve and mitigate risks that
may harm the building location, HVAC systems, physical security,
6|Page
support personnel, and much more. The preparation of the plan
requires input from the IT department, facility manager as well as
security experts.
Even though there’s no single right type of recovery plan, but there
are three main plan strategies that are often used: detective
measures, corrective measures, and most important of all
preventative measures.
Preventative measures are one of the most important parts of a
disaster recovery plan because they are used to identify, address,
and reduce environmental and other risks in order to stop disasters
from occurring in the first place. There are multiple preventative
strategies for data prevention plans, including:
 Backup Data & Store Records Off Site,
 Ransom ware, Fire-Suppressant Systems, and Climate-
Controlled Storage
 Manage Digital Documents & Data Securely
Regardless of the type of disaster recovery plans your business
chooses to implement, it should start at the business level and focus
on mission-critical applications, data as well as systems. The plan
should also contain an estimated amount of downtime the
organization is allowed to experience, calculated in hours, minutes,
or even seconds.

7|Page
The Major Importance Of Developing Disaster Recovery
Plan
1. Increased Employee Productivity
A disaster recovery plan will have to be executed by the right
people. When specific roles and responsibilities are assigned in
advance, effectiveness and productivity will both increase.
In some instances, disaster recovery planning can mean having at
least two people that are capable of handling the same task. Such
redundancies can prove to be incredibly beneficial in the long run.
When multiple employees are capable of handling a given task,
organizations can benefit from peace of mind pertaining to overall
the integrity of the network. Additionally, if someone is out on
vacation or on sick leave, there will still be a qualified individual
within the organization capable of dealing with the respective task.
Likewise, the same cross-training rule applies when an employee
leaves the company. These are just a couple of scenarios that could
be anticipated and addressed in a disaster planning strategy.
2. Greater Customer Retention
Clients today expect nothing short of perfection and reliability. They
are not forgiving in the case of failures or downtime. When a certain
business cannot meet their expectations, clients will simply move on
to another service provider.
Disaster recovery planning enables businesses to maintain a high
service quality, regardless of the circumstances. Reacquiring an old
customer in the aftermath of an IT disaster can be nearly impossible
– a disastrous effect that so many businesses have experienced
firsthand.

8|Page
Reducing the risk of downtime and data loss means your clients can
rest assured they will receive an adequate service even after
disaster strikes. As a result, investing in disaster recovery planning
is one of the imperatives when it comes to sustainable customer
retention.
3. A Better Understanding of Scalability
One of the key things you will have to do when planning disaster
recovery is identifying innovative solutions. Technologies like cloud-
based data storage and backups simplify the process of archive
maintenance, enhance the effectiveness of backups and reduce the
cost of disaster recovery.
Because cloud options are easily scalable, they offer more flexibility
than the maintenance of an onsite or offsite data center. A switch
can be completed far before a disaster strikes (if ever) and as the
technical demands of the company adapt, so too will the storage
solution being utilized.
Disaster recovery planning begins with a thorough research and a
comparison of possibilities. Businesses who engage in such a
strategic process can quickly uncover data storage solution that
makes a lot more sense than the one being currently utilized and
that can be tweaked on the go.

Other major importance to develop Disaster recovery plan

9|Page
  To minimize interruptions to the normal operations.
 To limit the extent of disruption and damage.
 To minimize the economic impact of the interruption.
 To establish alternative means of operation in advance.
 To train personnel with emergency procedures.
 Minimize recovery time & possible delays
 Prevent potential legal liability
 Improve security
 Avoid potentially damaging last-second decision-making
during a disaster
 Lessen damages and financial impacts as a result of the
disruption
 Train employees about safety procedures in case of an
emergency
 Describe operational alternatives well in advance
 Ensure a smooth and rapid restoration process
 To ensure businesses never lose valuable information.
The benefits and importance of a DR plan are clear. Once a thorough
plan is implemented, if an unforeseen and damaging event occurs,
you can mitigate risk, minimize downtime, remain compliant and
ensure client records are safe and protected through proper records
storage.

Things that can happen in the absence of disaster recovery

10 | P a g e
1. Effect on Business Continuity
When business continuity is affected, that means you have zero-
productivity, leading to a major loss. This threatens not just daily
profit-margin but also employee productivity. Without a disaster
recovery plan, it becomes impossible to recover with minimal
damage.
2. Loss of assets
“94% of companies suffering from a catastrophic data loss do not
survive – 43% never reopen and 51% close within two years.” –
University of Texas
The loss of data can result in extreme financial and reputational loss.
The type of loss depends on the impact of the breach. However, the
breach can be contained and resolved with the help of a strong
disaster recovery plan.
3. Extra expenditure
The average cost of a data breach is $3.92 million, which has
increased 12% over the past five years. It is clear that the cost to
recover from a data breach is extremely high, which makes it
difficult for most businesses to recover. Many factors influence this
cost.
The more sophisticated the attacks are, the worse the consequence.
Pre-planned strategies are not enough for organizations, especially
for small businesses that can’t spend much to build a secure and safe
cyber environment. Reports suggest 60% of small businesses face
bankruptcy within six months of a cyber attack.

Conclusion
11 | P a g e
The main purpose of having a Business Continuity and Disaster
Recovery Plan and associated controls is to ensure that the organization
can still accomplish its mission and it would not lose the capability to
process, retrieve and protect information maintained in the event of an
interruption or disaster leading to temporary or permanent loss of
computer facilities. The absence of a well-defined and tested Business
Continuity and Disaster Recovery Plan may pose the following major
threats to the very existence of the organization in the event of a disaster:
 The organization’s ability to accomplish its mission after re-
starting its operations.
 To retrieve and protect the information maintained.
 To keep intact all the organizational activities after the disaster.
 To start its operations on full scale at the earliest to minimize the
business loss in terms of money, goodwill, human resources and
capital assets.

References
12 | P a g e
1. Disaster recovery plan template, www. Disasterrecovery
plantemplate.org
2. Wold, G.H., & Shiver, R.F.(1997). Risk analysis techniques. Disaster
Recovery Journal 7
3. Veritis, "Disaster Recovery 2019 Statistics – Insights That Shape
Your Business Future", Veritis, June 23, 2019,
https://www.veritis.com/blog/disaster-recovery-2019-statistics-
insights-that-shape-your-business-future/
4. WHO, "WHO reports fivefold increase in cyber attacks, urges
vigilance", WHO, April 23, 2020 https://www.who.int/news-
room/detail/23-04-2020-who-reports-fivefold-increase-in-cyber-
attacks-urges-vigilance.
5. Osborne, Charlie, "COVID-19 blamed for 238% surge in cyber
attacks against banks", ZDNet, May 14, 2020,
https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-
cyberattacks-against-banks/

13 | P a g e