How to Write a Disaster Recovery Plan + Template

Table of Contents

What is a disaster recovery plan?

Disaster recovery plan vs business continuity plan, what are the measures included in a disaster recovery plan, how to write a disaster recovery plan, disaster recovery plan template, disaster recovery plan examples, how secureframe can help your disaster recovery planning efforts.

disaster recovery plans use

  • July 10, 2024

Anna Fitzgerald

Senior Content Marketing Manager at Secureframe

Cavan Leung

Senior Compliance Manager at Secureframe

A study found that only 54% of organizations have a company-wide disaster recovery plan in place. This percentage is even lower for government IT departments (36%) despite the proliferation of ransomware and other cyber threats. 

Not having a documented disaster recovery plan can seriously hamper an organization’s ability to recover lost data and restore its critical systems. This can result in significantly higher financial losses and reputational damage.

To help ensure your organization can recover from disaster as swiftly and easily as possible, learn what exactly a disaster recovery plan is and how to write one. Plus, find some examples and a template to help get you started.

A disaster recovery plan (DRP) is a contingency planning document that outlines the procedures an organization will follow to recover and restore its critical systems, operations, and data after a disaster. Examples of disasters that may disrupt the continuity of product or service delivery are natural disasters, cyber attacks, hardware failures, power outages, and human errors. 

In planning for disaster recovery, what is the ultimate goal?

The ultimate goal of disaster recovery planning is to minimize the impact of a disaster, and ensure business continuity.

Having a disaster recovery plan in place that is well-designed and regularly maintained can help organizations:

  • minimize downtime
  • reduce financial losses
  • protect critical applications aginst data loss
  • resume operations quickly 
  • maintain service level agreements
  • provide peace of mind for employees

A disaster recovery plan and business continuity plan both take a proactive approach to minimize the impact of a disaster before it occurs and may even be combined into a single document as a result. 

However, the key difference is that a disaster recovery plan focuses on limiting abnormal or inefficient system function by restoring it as quickly as possible after a disaster, whereas a business continuity plan focuses on limiting operational downtime by maintaining operations during a disaster. 

In other words, a disaster recovery strategy helps to ensure an organization returns to full functionality after a disaster occurs. A business continuity plan helps an organization keep operating at some capacity during a disaster. That’s why organizations need to have both documents in place, or need to incorporate disaster recovery strategies as part of their overall business continuity plan. 

Recommended reading

disaster recovery plans use

How to Write a Business Continuity Plan & Why It’s Important for a SOC 2 Audit [+ Template]

Just as no two businesses are the same, no two disaster recovery plans are. However, they do typically include some common measures. These are detailed below.

  • Data backup and recovery

A section of a DRP should be dedicated to data backup and recovery. This should list backup methods, frequency of backups, the storage locations, and the procedures for data protection and restoration.

  • Redundant systems and infrastructure

Another section may explain how the organization implements redundant systems and IT infrastructure to ensure high availability and minimize downtime if a disaster occurs. This may involve duplicating critical servers, network equipment, power supplies, and storage devices using clustering, load balancing, failover mechanisms, virtualization technologies, or other measures. 

Alternate worksite

A DRP may identify disaster recovery sites or recovery locations where the organization can operate if the primary site becomes inaccessible. This section should also define procedures and infrastructure needed to quickly transition operations to the identified alternate sites.

  • Communication and notification

Another part of DRP may define communication protocols and notification procedures to ensure communication during and after a disaster. Protocols and procedures typically include:

  • notifying management teams, employees, customers, vendors, and stakeholders about the disaster
  • providing updates on recovery progress
  • maintaining contact information for key personnel and emergency services

Recovery objectives

A DRP may set acceptable time frames for recovering systems and data in terms of recovery time objectives (RTO) and recovery point objectives (RPO). These objectives should be based on the criticality of systems and shape recovery strategies accordingly. 

  • RTO : The maximum amount of downtime allowed
  • RPO : The maximum data loss accepted (measured in time)

disaster recovery plans use

The 10 Most Important Cybersecurity Metrics & KPIs for CISOs to Track

Writing and maintaining a disaster recovery plan requires collaboration and coordination among key stakeholders across an organization and can seem intimidating. Below we’ll outline the process step by step to help you get started. 

disaster recovery plans use

1. Define the plan’s objectives and scope

To start, define the objectives and scope of your disaster recovery plan.

Objectives may include:

  • safeguarding employees’ lives and company assets
  • making a financial and operational assessment
  • securing data
  • quickly recovering connectivity and operations

Next, identify what and who the plan applies. Typically, assets utilized by employees and contractors acting on behalf of the company or accessing its applications, infrastructure, systems, or data fall within the scope of the disaster recovery plan. In this case, employees and contractors are required to review and accept the plan. 

2. Perform a risk assessment

Identify potential risks and vulnerabilities that could lead to a disaster, both internal and external to the organization. This should involve evaluating your reliance on external vendors, cloud service providers, and suppliers for critical services or resources and assessing their own disaster recovery solutions to ensure they align with your organization's requirements.

3. Perform a business impact analysis

Next, determine the business functions, business processes, information systems, and sensitive data that are essential for your organization's normal business operations. For each critical component, establish recovery time objectives and recovery point objectives. 

4. Define recovery measures and procedures

Define the appropriate measures and step-by-step procedures for disaster recovery based on the risks and business impact you identified. This includes identifying the individuals or disaster recovery team members responsible for recovery tasks, the resources required, and the order of recovery tasks.

As stated above, these recovery tasks may fall into the following categories:

  • Alternative worksites

You may also want to outline specific disaster recovery procedures. These are the actions that should be taken during and immediately after a disaster strikes, and may include evacuation plans and communication protocols and coordination with emergency services.

5. Conduct testing and training regularly

Regularly test the disaster recovery plan to ensure its effectiveness and identify any potential gaps or weaknesses. Conduct training sessions for employees to familiarize them with their roles and responsibilities during a disaster.

6. Review and update the plan regularly

Review and update the disaster recovery plan periodically to incorporate changes in technology, business operations, and potential risks. Ensure that contact information, system configurations, and other relevant details are up to date.

Use this template to kick off your disaster recovery planning and customize it based on your organization's specific risks and objectives.

disaster recovery plans use

Below you can find examples of disaster recovery strategies and procedures from disaster recovery plans created and maintained by universities and other organizations. This should help you in brainstorming and documenting your own recovery strategies and plans for different services, environments, and types of disasters. 

1. IT disaster recovery plan

Southern Oregon University has a comprehensive disaster recovery plan specifically for its IT services because they are so heavily relied upon by faculty, staff, and students. There are disaster recovery processes and procedures outlined for various IT services and infrastructure, including its data center, network infrastructure, enterprise systems, desktop hardware, client applications, classrooms, and labs. 

Some of the IT disaster recovery processes and procedures outlined in the plan are:

  • Secure facility as necessary to prevent personnel injury and further damage to IT systems and data management systems.
  • Coordinate hardware and software replacement with vendors
  • Verify operational ability of all equipment on-site in the affected area (servers, network equipment, ancillary equipment, etc.). If equipment is not operational, initiate actions to repair or replace as needed.
  • If the data center is not operational or recoverable, contact personnel responsible for the alternate data center and take necessary steps to ready the facility.
  • Retrieve most recent on-site or off-site back-up media for previous three back-ups. Prepare back-up media for transfer to primary or secondary datacenter, as determined during the initial assessment.

2. AWS disaster recovery plan

AWS walks through disaster recovery options in the cloud in this whitepaper . It explains four primary approaches to cloud disaster recovery:

  • Backup and restor e: Backup the data, infrastructure, configuration, and application code of your primary Region and redeploy them in the recovery Region. This is the least costly and complex approach. 
  • Pilot light : Replicate your data from one Region to another and provision a copy of your core workload infrastructure so that you can quickly provision a full scale production environment by switching on and scaling out your application servers if a disaster occurs. This simplifies recovery at the time of a disaster and also minimizes the ongoing cost of disaster recovery by “switching off” some resources until they’re needed.
  • Warm standby : Create and maintain a scaled down, but fully functional, copy of your production environment in another Region. This decreases the time to recovery compared to the pilot light approach, but is more costly because it requires more active resources.  
  • Multi-site active/active : Run your workload simultaneously in multiple Regions so users are able to access your workload in any of the Regions in which it is deployed, which reduces your recovery time to near zero for most disasters. This is the most costly and complex approach. 

3. Data center disaster recovery plan

The University of Iowa also has a comprehensive disaster recovery plan , which includes several processes and procedures for recovering from a disaster that affects its data center. Some of these include: 

  • Have large tarps or plastic sheeting available in the data center ready to cover sensitive electronic equipment in case the building is damaged due to natural disasters like tornadoes, floods, and earthquakes.
  • If replacement equipment is required, make every attempt to replicate the current system configuration.
  • If data is lost, then request that the IT department recover it from an off-site backup or cloud deep archive storage.

Secureframe’s automation compliance platform and in-house compliance expertise can help ensure your organization has the policies, controls, and expertise in place to protect entire systems proactively from business disaster and to recover if they do occur. Request a demo to learn how.

What are the 5 steps of disaster recovery planning?

The five steps of disaster recovery planning are prevention, mitigation, preparedness, emergency response, and recovery. That means when planning, you should identify measures and actions to:

  • avoid or prevent a disaster from occurring
  • reduce the chances of a disaster occurring or the impact of it
  • enhance your ability to respond in the event of a disaster
  • be carried out immediately before, during, and after disruptive events
  • restore your normal operations as quickly as possible

What are the 4 C's of disaster recovery?

The 4 C's of disaster recovery are communication, coordination, collaboration, and cooperation. Below are brief definitions of each:

  • Communication  - developing and maintaining effective channels for sharing information before, during, and after disasters
  • Coordination  - aligning actions to other parts of an organization or other organization to prepare for and respond to disasters
  • Cooperation  - working with internal or external parties that share the same goal (ie. responding to and recovering from disasters) and strategies for achieving it
  • Collaboration - partnering with internal or external parties to identify challenges and responsibilities to recover from a disaster as quickly as possible

What are the three types of disaster recovery plans?

A disaster recovery or DR plan can be tailored to different services, environments, and types of disasters. So types of disaster recovery plans include ones for IT services, data centers, and cloud environments.

How do you create a good disaster recovery plan?

Creating a good disaster recovery plan requires a few key steps such as:

  • Performing a risk assessment and business impact analysis
  • Setting objectives, including data retention objectives, recovery time objectives (RTO) and recovery point objectives (RPO)
  • Creating an inventory of critical assets
  • Defining data backup procedures and recovery strategies
  • Establishing alternate communication methods
  • Assigning specific roles and responsibilities

What are the key elements of a disaster recovery plan?

Key elements of a disaster recovery plan are:

  • Objectives and goals
  • Recovery measures and procedures
  • Testing processes
  • A communication plan
  • Defined disaster recovery stages


Vendor risk, trust exchange, product features, vendor risk assessments, security questionnaires.

  • Security Ratings

Data Leaks Detection

  • Integrations

AI Autofill

  • Financial Services

eBooks, Reports, & more

What is a disaster recovery plan + complete checklist.

Kyle Chin

A disaster recovery plan (DRP) is a set of detailed, documented guidelines that outline a business’ critical assets and explain how the organization will respond to unplanned incidents. Unplanned incidents or disasters typically include cyber attacks , system failures, power outages, natural disasters, equipment failures, or infrastructure disasters.

More specifically, a disaster recovery plan measures how capable an organization’s ability to restore IT infrastructure functionality and access to critical data, regardless of the disaster event.

A DRP should identify the responsibilities of staff within the organization, outline the step-by-step instructions for the disaster recovery process, and create plans to mitigate and reduce the impact of the incident so that the company can resume basic operations.

Why Is Having a Disaster Recovery Plan Important?

Disaster recovery plans are just one part of an overall security plan and should be established and implemented along with business continuity plans and incident response plans . Without these plans in place, companies can suffer catastrophic damage in form of data loss, data exposure, significantly reduced productivity, penalties and fines, reputational damage, lost revenue, and unplanned recovery expenses.

Creating disaster recovery plans, along with business continuity and incident response plans, can help build confidence with stakeholders, investors, clients, and business partners that demonstrate the capability and preparation to deal with any incident.

What is a Business Continuity Plan?

A business continuity plan (BCP) is similar to a disaster recovery plan, but a continuity plan is an overarching plan that outlines the steps needed for a business to continue operating in the event of an incident or disaster. A disaster recovery plan considers a more structured approach to the recovery process rather than the continuity process.

Learn more about business continuity plans >

What is an Incident Response Plan?

Incident response plans are critical to any security program because they provide detailed actions for responding and reacting to specific incidents. An incident response plan is focused on handling a cybersecurity incident and its fallout from start to finish, whereas a DR plan is a more robust plan that considers the potential of serious damage to the whole enterprise and how to restore technology.

Learn more about incident response plans >

Disaster Recovery Plan Checklist

Clear disaster response procedures are critical. Implementing disaster recovery quickly minimizes damage and speeds up recovery. The first few hours, in particular, can be critical. The disaster recovery plan’s emergency response procedures section should comprise clear, practical steps in language sufficient for widespread understanding.

A disaster recovery plan should be organized by location and type of disaster. No single disaster recovery plan template exists because every business is different, but a comprehensive disaster recovery plan should cover the following factors:

1. Perform a Business Impact Analysis (BIA)

A business impact analysis should be performed before creating a disaster recovery or business continuity plan . The analysis should determine the entire scope of potential aftereffects and impacts in case of a disruption to critical business operations.

Each potential disaster scenario must be planned for, and the systems and subsequent parties that will be affected must also be identified to determine which business components must be protected first to continue operating. The main difference between a BIA and BCP is that a BIA assesses the potential impact while a BCP outlines a plan based on the BIA to ensure operations are minimally affected.

Impacts that should be considered include:

  • Loss of sales or income
  • Cost of recovery (time, labor, equipment, staffing, public relations)
  • Total business downtime
  • Regulatory fines for failed compliance
  • Damage to reputation or customer trust

Ultimately, a BIA provides the necessary context and data for businesses to progress in their risk management and disaster recovery processes.

2. Perform Risk Analysis and Vulnerability Assessments

Risk analysis and vulnerability assessments identify the biggest threats and vulnerabilities that could potentially affect the business. The risk and vulnerability assessment process is designed to help businesses prioritize risk and vulnerability mitigation processes.

Different threats and vulnerabilities can affect different industries, so it’s important to identify which ones pose the biggest risk to your organization. Risks should be classified by the likelihood of occurrence and impact on assets, so the company can begin to plan business recovery processes surrounding those threats.

Risk analyses are important to anticipate and plan for the worst-case scenario and have plans in place to minimize the impact of a critical disaster. Once the risks and vulnerabilities have been identified, businesses can begin to build a risk management plan.

Risk analysis can be accomplished in two ways: qualitative and quantitative risk analysis methods . Qualitative risk analysis assesses risk using subjective data (such as perceived reputational impact) and hypothetical scenarios to determine disaster impact. Quantitative risk analysis measures risk through statistical probabilities and estimated quantifiable impact to determine risk tolerance and risk management cost investments.

Both processes should be conducted together to have a complete overview of the organization’s risk acceptance and resilience, which can then be used to make more informed business decisions.

Learn more about how to perform a cyber risk analysis >

2. Identify Roles and Responsibilities

A disaster recovery plan needs to define the roles and responsibilities of the disaster recovery team or those within the organization responsible for the following processes:

  • Maintaining business continuity systems
  • Incident reporting to executive management, stakeholders, and related authorities
  • Who is in charge of overseeing the crisis and ensuring recovery
  • Team members’ roles in securing and protecting critical business components
  • Contacting third-party vendors or affected parties
  • Liaising with people external to the organization, such as customers, clients, and the press

3. Take Inventory of Assets

To properly manage a cyber incident or cyber threat , it’s important to understand the complete overview of the assets an organization handles. Taking inventory of the organization’s IT infrastructure, including hardware, software, applications, and critical data allows the organization to prioritize the most valuable systems and assets to protect.

Asset inventory should be updated regularly in the disaster recovery plan, especially if there are large changes to the asset management strategy. To facilitate prioritization, the inventory should categorize inventory as follows:

  • Critical assets essential to business operations
  • Important assets, such as applications used once or more per day and whose absence would disrupt typical operations
  • Unimportant assets, which are accessed or used less than once per day

Sensitive data , such as payment details, intellectual property, and personally identifiable information (PII) , can also be subject to compliance requirements . A disaster recovery plan needs to address how critical data is handled during a crisis or disaster in relation to compliance standards.

In addition, it’s important to note that the people with the authority to access sensitive data during normal business operations may differ from those who can access sensitive data during a disaster to ensure its safety.

4. Disaster Recovery Sites

Disaster recovery sites refer to where the company’s assets are located and where they will be moved if disaster strikes. Businesses need to have the sites defined ahead of time should an incident occur, whether the assets are physical or digital.

The three types of recovery sites are as follows:

  • Cold sites — Used to store data backups but cannot immediately run systems.
  • Warm sites — Functional data centers that allow access to critical systems. However, up-to-date customer data may be unavailable.
  • Hot sites — Functioning data centers that contain IT equipment and personnel to use it, as well as up-to-date customer data.

In the event that businesses are still using physical documents and storage media that are still important to business operations, the disaster recovery plan also needs to include where these physical copies will be stored offsite in case of disaster.

As good practice, recovery sites and data backups should be updated regularly. Organizations should implement backup procedures at least a few times per week to ensure business continuity.

5. Disaster Recovery Testing

Much a fire or earthquake drill, it’s necessary to test the disaster recovery procedure and its procedures at least once a year. The plan should be tested in a simulated situation that varies in complexity to ensure protection against all threats.

Testing phases should accomplish the following steps:

  • Identify faults and inconsistencies within the plan that can lead to potential miscommunication or improper incident management
  • Ensure all relevant team members know their specific roles, duties, and workloads
  • Simulate a live cyber attack or other disasters
  • Test success of recovery site upload and backup processes

Regular testing should include updates to the plan and any new threats or vulnerabilities that pose a risk to critical assets.

6. Communication or Reporting Plan

Communicating information about the nature, impact, and cause of a disaster can be critical to the company’s reputation. Timely communication and incident reporting may also be required to comply with cybersecurity regulations . Therefore, the disaster recovery plan needs to define who will deliver what information to whom in the event of a disaster.

Parties that need to be kept up to date will include any or all of the following:

  • Stakeholders or investors
  • Executive management
  • Staff and employees
  • Relevant third-party vendors
  • Governing authorities
  • Customers and clients
  • Media outlets and press
  • Legal counsel

To ensure that communication is clear and prompt, the plan should outline who has primary communication responsibilities and which communication channels they should use.

7. Minimum Physical Facility Requirements

A part of the disaster recovery plan should include the minimum physical facilities a business needs to operate if its usual facility is rendered unusable by a disaster, such as an earthquake. Minimum physical facility requirements should include how much space is required, where it needs to be located, and what equipment is required.

8. RTO and RPO

As part of the disaster recovery planning process, businesses also need to define its RTO and RPO as part of its recovery strategy:

  • Recovery Time Objective (RTO) - A business’s RTO is how long it can tolerate an interruption to normal operations. This can be anything from a few minutes to many hours, depending on the nature of the business.
  • Recovery Point Objective (RPO) - The RPO refers to how much data the organization can stand to lose and is normally measured in time, such as an hour of data or 24 hours of data. A business that backs up once daily considers its RPO 24 hours.

Benefits of a Disaster Recovery Plan

Ultimately, the aim of a thorough disaster recovery plan is to facilitate faster response and smoother restoration if disaster strikes, such as a data breach or cyber attack that results in data loss or downtime .

With the increasing prevalence of cyber attacks and human error in the information technology (IT) sphere involving malware like ransomware , affected businesses are seeing rising costs and damages due to poor recovery execution and extended downtimes. It’s imperative to have strong disaster recovery processes as part of the entire business strategy

  • Lower Cyber Insurance Premiums - The modern threat landscape is such that more businesses require cyber insurance to protect themselves in case of a severe cyber attack. The cyber liability insurance industry has reached a point where it can no longer insure all businesses unless they have clearly defined security programs that minimize its overall risk. Having a disaster recovery plan can significantly lower the overall risk profile of a business and thus lower the associated cyber liability insurance premiums .
  • Fewer Recovery Costs - Formal policies and procedures demonstrating a firm’s preparedness for unplanned events can also lower costs during a data breach by helping team members respond to the issues, shortening the data breach lifecycle. The more time that is spent responding to the disaster can lead to increased damages and loss of business.
  • Minimal Penalties - In heavily-regulated sectors like healthcare or public entities, penalties for a data breach and non-compliance with cybersecurity regulations can be costly. The longer a data breach lasts, the more significant the potential penalties can be for non-compliance. A business with a disaster recovery plan will likely recover far more quickly than a company without one.
  • Minimal Business Interruption - Anything facilitating restoring technology will reduce costs for the organization if an unplanned incident interrupts operations. An excellent IT disaster recovery plan can differentiate between minimal impact and complete operational shutdown. When a cyber attack or another incident interrupts critical services, organizations must do all they can to restore technology and normal business processes as quickly as possible.

What Is a Disaster Recovery as a Service (DRaaS)?

A DRaaS provider is a third-party provider that uses cloud technology to facilitate rapid restoration of data servers and applications in case of an emergency or disaster.

A third-party solution provider’s security policies and procedures will impact data and database recovery, so it’s highly recommended to work with a trusted vendor that includes data protection as a core part of their offering. Subscribers should also consider the capacity of the provider to ensure it can handle the data transfer required for backing up and restoring the business’s information systems effectively.

Cloud disaster recovery solutions can have the following benefits for modern businesses.

  • Connectivity - One of the benefits of DRaaS is that restorations can be initiated from any location using various kinds of computers, which is ideal in a disaster scenario that may affect physical locations and data. It makes sense to use a provider in another region to avoid the likelihood of the DRaaS provider being affected by the same physical disaster as the subscriber. This way, a business affected by a geographically-specific disaster can use cloud services to create a functional data center in a new location to restore its applications and customer data.
  • Instant Mirroring - Another benefit of DRaaS is that they mirror data changes instantly. This cloud service creates a backup database server that copies the master database server created on the fly. With such a system, restoration can be performed from a point seconds before an outage.
  • Cost-Effective - For many organizations, migrating to cloud services for data management and disaster recovery processes is a cost-effective contingency plan for disruptive events. Excellent cloud service DR providers provide around-the-clock data protection and data management , keeping software up-to-date and monitoring the network to prevent data breaches in the first place. They can also respond quickly and automatically in the event of a disaster.

Reviewed by

Kaushik Sen

Kaushik Sen

Ready to see upguard in action, ready to save time and streamline your trust management process, join 27,000+ cybersecurity newsletter subscribers.


Related posts

The top cybersecurity websites and blogs of 2024.

Abi Tyas Tunggal

14 Cybersecurity Metrics + KPIs You Must Track in 2024

What are security ratings cyber performance scoring explained, why is cybersecurity important, what is typosquatting (and how to prevent it), introducing upguard's new sig lite questionnaire.

Caitlin Postal

  • UpGuard Vendor Risk
  • UpGuard BreachSight
  • Product Video
  • Release notes
  • SecurityScorecard
  • All comparisons
  • Security Reports
  • Instant Security Score
  • Third-Party Risk Management
  • Attack Surface Management
  • Cybersecurity

CrashPlan logo

  • Pricing Overview
  • CrashPlan Essential
  • CrashPlan Professional
  • CrashPlan Enterprise
  • CrashPlan for MSPs
  • Ransomware Recovery
  • Device Migration
  • Disaster Recovery
  • State and Local
  • Financial Services
  • Research & Development
  • Technology & Media
  • Business Services
  • Our Partners
  • Become a Reseller
  • Become an MSP Partner
  • Become an Affiliate
  • Resources Overview
  • Security and Compliance

The complete guide to disaster recovery planning (DRP)

A disaster recovery plan, or DRP, is a documented process that lays out specific procedures to follow when an organization experiences a disaster (often involving data-loss). It’s designed to minimize data loss and business disruption and, most importantly, to get an organization back on itsfeet as quickly as possible.

An IT disaster recovery plan is an important component of a larger business continuity plan (BCP). In this article, we’ll define what a disaster recovery plan is, why it’s important, and what elements it should encompass. Even if you already have some policies and procedures in place, it’s essential to regularly revisit your risk analysis, make sure you have a trained disaster recovery team in place, test run scenarios, and ensure your plan covers all your bases. With ever-changing technology, evolving cyber risks, and employee turnover, developing and maintaining a DRP must never be a “set it and forget it” exercise.

Importance of a Disaster Recovery Plan

Photo of a street sign almost completely submerged in floodwater

Imagine yourself in these scenarios:

  • You’re ankle-deep in water with a hurricane bearing down on you, jeopardizing your own safety while you wonder if you’ll need to try to haul computers out to your car before evacuating; loss of the critical data on those machines could spell the end of your small business.
  • You’re responsible for a database of personal identification data, including biometric data and bank account numbers. A hacker slips in through a vulnerability in the API; they sell access to your customers’ data on WhatsApp.
  • An unscrupulous employee copies and encrypts the guest reservation database of your multinational hotel chain; you’re fined £18.4 million by the Information Commissioner’s Office in the UK.

All of these examples are true stories of data disaster, and all could have been mitigated by a thorough disaster recovery plan.

7 key objectives for a disaster recovery plan

A successful disaster recovery plan will help you:

  • Keep employees, facilities, and equipment safe
  • Minimize disruptions to business operations
  • Limit data loss and exposure of private information
  • Cap liability
  • Preserve your organization’s reputation
  • Reduce financial losses
  • Recover lost data

Types of IT Disaster Events

types of disasters-square

Let’s review some of the most common types of disasters you’ll want to cover in your disaster recovery plan.

Natural disasters

Natural disasters can include highly localized events like a lightning strike causing a fire in your data center, larger disasters like city-wide blackouts caused by storms, or widespread catastrophes like hurricanes or wildfires.

Make sure when you develop your DRP, you’re thinking about the full range of natural disasters from the smallest to the largest, what systems they could affect, and what resources may or may not be available to you during a time of crisis.

Also keep in mind that when we think of the word “disaster”, what often comes to mind is a natural disaster. While you should diligently prepare for natural disasters, your disaster recovery plan should also encompass man-made disasters.

Hackers and cyber attacks

Cybercrime is on the rise. Until 2022, human error was the largest cause of data loss but now for the first time, cyberattacks have become the greatest source of data loss ( source ). Here are some common attack vectors that can give access to hackers and lead to data loss:

  • Misconfigurations in applications or servers
  • Software vulnerabilities
  • SQL injection attacks
  • Insider threats
  • DNS tunneling
  • Zero-day exploits
  • Credential theft

When malicious parties gain access to your data using these and other tactics, they can do any combination of the following:

  • Install malware on your system
  • Steal your data
  • Release your data to the public
  • Sell your data to the highest bidder
  • Demand a ransom for return of your data

Hardware failure

Hardware failure is one of the top causes of data loss and it can create a huge disruption when you least expect it. Endpoints, on-site servers, and external drives are all potential points of hardware failure. Hard drives are among the most fragile parts of computers and there are numerous ways they can be damaged or simply fail. And even cloud storage solutions with multiple layers of protection aren’t completely immune from hardware failure.

Any organization is vulnerable to data loss due to hardware failure, but small businesses are especially likely to suffer from this as they typically house servers on-premises rather than in a managed data center, and they’re less likely to back up their files regularly (and test those backups).

Human error

Let’s face it, nobody’s perfect and anyone who’s ever forgotten to click the save icon on a regular basis knows that unique feeling of terror right after your application crashes. As frustrating as it is to lose an afternoon’s worth of work on a big presentation, the consequences of human error are not limited to data on a single device. According to a study by Stanford University, around 88% of all data breaches are caused by employee error.

Having clear policies, keeping current on employee training, and automating as many processes as possible are all ways to help cut down on the probability of human error.

Some examples of human error include:

  • Misconfiguring cloud services
  • Falling for phishing scams
  • Lost or stolen, or damaged devices
  • Accidental deletions or overwrites
  • Password mishandling

Stages of a Disaster Recovery Plan

There are many different ways to slice and dice the stages of a disaster recovery plan. Here, we’ll break it down into five stages: Preparation, Assessment, Restoration, Recovery, and Lessons Learned.

1. Preparation

Conduct a risk analysis. Preparing for a natural disaster will look different based on your geographical location. Maybe you’re located somewhere that tends to get hit with rolling blackouts, like California during fire season. Or you could have facilities in the path of hurricanes on the Atlantic coast, or along a fault line. When it comes to human-caused disasters, the likelihood of various incidents are potentially dependent on your industry and your user profile. For example, if you work in the manufacturing or healthcare industries, you should be aware that they’re the top two industries to be targeted by ransomware . And if your users are less tech-savvy, they’re more prone to become a victim of a phishing attack .

Determine potential points of failure. Assess your current state. Are your authentication protocols up to date? Are your physical failovers – like backup power generators or alternate networking equipment – in good working order? Are your files actively being backed up and have you recently tested restoring them? Are your partners staying up to date on their security certifications?

Identify a response team. Different types of disasters will require different disaster response team members. Make sure each person you’ve identified knows their role and be sure to designate a backup in case there’s employee turnover or someone’s on vacation when disaster strikes.

Document everything. And be sure everyone on the team knows where to find the documentation. In addition to documenting your disaster recovery processes themselves, also document things like technical specs, insurance policies, emergency contact information, and relevant government or community resources.

Practice, practice, practice. Disasters are a matter of when, not if. Think how horrified you’d be if a whitewater rafting guide brought you down a new river without doing a test run. It’s the same with disaster planning. With practice, you’ll find hidden obstacles ahead of time, and be able to respond quickly and competently when the time comes.

2. Assessment

Declare the event. The first step in assessing a disaster is to declare the event and notify leadership and your response team. Determine your chain of command based on the type of incident and the team you’ve previously identified. Share necessary information with employees, customers, and any relevant authorities. Keep in mind that how you communicate is just as important as what you communicate. As a team, decide upon necessary audiences (customers, prospects, employees, authorities) and draft communications to be sent as rapidly as possible. Calm, clear, correct communication can be the difference between successful containment and a PR calamity.

Assess current state. Is the disaster ongoing? What can be done now to mitigate further loss, and what is currently out of your control? When dealing with a natural disaster, physical safety should be your true North.

Take inventory . What’s good, what’s lost, what’s potentially recoverable, and what’s destroyed? Take stock of your physical assets like facilities, servers, and products, as well as your digital ones like customer-facing websites, financial databases, and files on users’ computers.

3. Restoration

Get back up and running. Here’s where all your preparation pays off. At this point, you know what you need to do and can immediately begin executing your plan. At this stage of your plan,time is of the essence. ITIC’s Global Server Hardware Security Survey in 2022 found that the average hourly cost of downtime is more than $300,000 – and 44% of medium and large businesses report that an hour of downtime could cost their businesses over $1 million.

Activate your failovers. Depending on your needs and your restore point objectives and restore time objectives (more on RPO and RTO below), you may have full redundancy in some of your systems, or you may have to spin up alternate hardware or set up alternate physical sites.

Keep lines of communication open. Make sure to keep updating your customers, clients, employees, and/or authorities as you work to restore services. In your initial communication with stakeholders, define an update frequency and stick to that cadence even if just to say “we’re still working on it.”

4. Recovery

Confirm everything is working. Now that the crisis has passed, you’ll want to methodically check all your systems to make sure everything is working properly. This is where you can rely on the documentation you had at the outset.

Recover lost data, if possible. Once your operations are restored, attempt to recover any lost data not already addressed. Depending on your data retention policies and RPO decisions you may lose varying amounts of data. If you’ve utilized a 3-2-1 backup strategy you should have at least one other copy of data from which to restore, even if a large-scale disaster (or terrible coincidence) were to take out more than one copy of your important dataat the same time.

5. Lessons Learned

Conduct a debrief. Get together with your disaster recovery team and discuss what went well, what went wrong, and/or what unexpected issues you encountered. Identify gaps in initial preparation AND execution of your plan. It is important at this point to conduct this exercise in the model of a blameless post-mortem. Things broke. Mistakes were made. Assigning blame to team-members is unhelpful to future success.

Integrate learnings into your disaster recovery plan. There will inevitably be something you wished you’d thought of earlier. This is your chance to document everything you’ve learned and update your DRP so you can improve your disaster response next time around.

Benefits of a Disaster Recovery Plan

Photo of two men talking and looking at a computer in a data center

Like the Scouts’ motto goes: “Be Prepared.” In so many areas of life, preparation is key to both peace of mind and avoiding or minimizing bad outcomes. Disaster preparedness that safeguards your essential business data is no different. We briefly outlined some of the major benefits already, but let’s dive into a few in more depth.

Improved recovery time objective (RTO) and recovery point objective (RPO)

As a refresher, recovery time objective (RTO) in the context of data loss refers to how quickly data must be made available after an outage without significantly impacting the organization. A short RTO is essential for operations that are business-critical or timely – like customer-facing websites, or files that were being used by employees at the time of the outage. You can increase your recovery time objective for things that are less critical, which allows you to turn your immediate focus and resources towards the most urgent operations.

Recovery point objective (RPO) , on the other hand, refers to the maximum allowable amount of data that an organization believes it can lose without crippling the business. Defining an RPO necessitates that the organization accept two facts:

  • It is not possible to protect all organizational data from disaster For the data that it is unacceptable to lose there is a period of time from the last version which is acceptable
  • You need to know how long of a gap in data is acceptable for your organization and what data within your business would be tolerable to theoretically lose completely. This helps you define your RPO which will define the rest of your data integrity and security strategy.

The first step in defining an RPO is to classify your data and understand where it’s stored and whether it’s being backed up. From there, you can negotiate as a business over costs, risks, and impact.

Once we get down to the brass-tacks for example, if you’re running tape backups of an important transactional database once a day, you would lose up to a day’s worth of data when the primary system experiences an outage. Is that acceptable? Is there an opportunity to add additional online redundancy to that system and is it worth the cost (in time, money or both) to mitigate that risk? All of those considerations must be taken into account for business data at every level of your classification schema.

As you construct your plan, you’ll likely need to make tradeoffs on RTO, as you may not have the resources to have layers of redundancy and continuous backups on everything. Therefore, thinking strategically ahead of time will ensure that the business is aware of its exposure in the event of an incident and that makes it much easier to recover in a timely manner.

Having a clear understanding and alignment on your organization’s risk tolerance is a critical foundation to disaster recovery planning. Once you have your RTO and RPOs defined, you’ll use your disaster recovery plan to identify concrete tactics to meet your recovery point and recovery time objectives. A good disaster recovery plan can even uncover ways to exceed those objectives and further minimize risk.

Protecting your organization’s reputation

There are countless examples of customers jumping ship and stock prices plummeting after a data breach. It can take years to repair a brand’s tarnished reputation. According to a 2019 survey by PingIdentity, 81% of people would stop engaging with a brand online following a breach, and only 14% of respondents would readily sign up for and use an application or service following a breach.

The good news is that your disaster recovery plan can mitigate these dismal outcomes. By demonstrating and communicating to your customers and the public that you’re on top of the situation, your organization retains trust with your market. When faced with a data disaster, this can mean the difference between a public relations nightmare and simply a bad day.

During the Preparation stage of your disaster recovery plan, you can define ways to build a foundation of trust with your customers and the public. Some of these may include:

  • Identify applicable privacy regulations, like CAN-SPAM laws, CCPA and GDPR regulations and put policies in place to follow them.
  • Obtain any security certifications that are applicable to your organization, such as NIST, ISO2700 and SOC2.
  • Work with your marketing and web teams to post information about your security protocols on your website. Proactively show that you’re following best practices and that you value keeping your customer’s information safe.
  • Educate your customers on how to use your product or service in a way that protects their security and privacy – for example, prompt users to choose secure passwords or set up multi-factor authentication.

You can also include protocols that help to preserve trust during the Restoration stage of your DRP:

  • Plan for how you will explain in a timely and transparent way what has happened, who is impacted, and what steps you’re taking to address it.
  • Work with your PR and/or social media team to craft a strategy for how to demonstrate calm, transparency and responsiveness through communications channels (press, social, and customer communications) social media during and following a disaster.

Implementing initiatives to gain and keep customers’ trust is an important and sometimes overlooked part of a DRP, and will benefit your organization by helping to preserve your organization’s reputation.This leads to better customer retention and fewer financial losses when there’s a crisis. At this point, in the eyes of external stakeholders, it is often less about whether an organization deals with a data-loss incident and more about how it responds when it does. Having a plan in place beforehand will help ensure your organization rises to the challenge.

Minimizing legal liability

In a well-known case of a mishandled data breach, the CSO of a popular ride sharing app covered up a data breach and instead paid a $100,000 ransom to restore the stolen data. Not only did this executive’s action result in their termination, but they were also later convicted of obstruction of justice for the attempt to cover up the incident. This is not a good outcome for anyone.

Legal liability isn’t just limited to individuals. If a company is found negligent in its handling of customer data, it will find itself vulnerable to lawsuits and/or regulatory penalties. Using a disaster recovery plan, you can do your due diligence and show that when data loss does occur, it’s not due to negligence and there is a plan in place to minimize the impact and address shortcomings. This will save your organization time and headaches..

Because this section talks about legal liability we want to make it clear that none of this amounts to official legal advice. Laws and regulations vary by industry and situation. There are people who have devoted their entire professional careers to this pursuit. Consult with a lawyer if you want more specifics on how to protect yourself and your business from potential liability.

Putting an IT Disaster Recovery Plan Into Place

One last thing we should say about disaster recovery planning: it doesn’t have to be overly complicated to still be worth doing. In fact, if after reading this you feel intimidated, we have unfortunately done you a disservice.

If you do nothing else after reading this article, take some time to review what policies you currently have in place. Do they make sense? Do you know where all your data lives? Is it backed up? Do the relevant stakeholders understand their roles? Shore up what you currently have and then make a plan to expand. If disaster befalls you, you’ll be glad you were better prepared.

Learn more about how CrashPlan is built to protect your data and  help you bounce back from disasters .

folder in the center connected to other files

9 Point disaster recovery plan checklist

Disaster recovery planning

How to create a disaster recovery plan (DRP)

Report icon

Business continuity vs disaster recovery: The difference explained

Cybersecurity: disaster recovery planning to protect your business from ransomware.

CrashPlan logo

CrashPlan® provides peace of mind through secure, scalable, and straightforward endpoint data backup. We help organizations recover from any worst-case scenario, whether it is a disaster, simple human error, a stolen laptop, ransomware or an as-of-yet undiscovered calamity.

  • Become a Partner

© 2024 CrashPlan® All rights reserved.

Privacy | Legal | Cookie Notice | Free Trial

disaster recovery plans use

Cloudian Products  

The Object Storage Buyer’s Guide

Technical/financial benefits; how to evaluate for your environment.

HyperIQ Observability & Analytics

Watch 2-min Intro

Evaluator Group Webinar

Skills Shortage? Ease the Storage Management Burden. Watch On-Demand

Scaling Object Storage with Adaptive Data Management

Get White Paper



AI Workflows

2021 Enterprise Ransomware Victims Report

Don’t Be a Victim

Scalable S3-Compatible Storage, On-Prem with AWS Outposts

Trending Topic: On-Prem S3 for Data Analytics

Watch Webinar

Ransomware 2021: A Conversation with Veeam CISO Gil Vega

Hear His Thoughts

How a Private Cloud Addresses the Kubernetes Storage Challenge

Free White Paper

Data Security & Compliance: 3s Every CIO Should Ask Ask the Right ??s

Satellite Application Catapult Deploys Cloudian for Scalable Storage

Replaces conventional NAS, saves 75%

Read Their Story

On-Demand Webinar

Veeam & Cloudian: Office 365 Backup – It’s Essential

Why the FBI Can’t Stop Cybercrime and How You Can

Register Now

8 Reasons to Choose Cloudian for State & Local Government Data

Get 8 Reasons

Cloudian HyperStore SEC17a-4 Cohasset Assessment Report

Read the Assessment

Hybrid Cloud for Telecom

Hybrid Cloud for Manufacturers

Tape: Does It Measure Up?

Get Free eBook

Customer Testimonial: University of Leicester

Hear from Mark

Public Health England: Resilient IT Infrastructure for an Uncertain Time

Watch On-Demand

How to Accelerate Genomics Data Analysis Pipelines by 10X

Hear from Weka

How MSPs Can Build Profitable Revenue Streams with Storage Services

Technology Partners  

Get Scalable Storage On-Prem for AWS Outposts

Hear from AWS

The Path to the Hybrid World: Amazon S3-Compatible Storage On-Prem for AWS Hybrid Edge

Learn from AWS

Lock Ransomware Out with Commvault & Cloudian

Cribl Stream with Cloudian HyperStore S3 Data Lake

Why Object Storage is Best for Advanced Analytics Apps in Greenplum

Explore Solution

Customer Video: NTT Communications

Hear from NTT

How to Store Kasten Backups to Cloudian

Klik.Solutions Delivers World-Class Backup-as-a-Service with Lenovo & Cloudian

Why They Chose Us

Modernize SQL Server with S3 Data Lake

Find Out How

Immutable Object Storage for European SMBs from RNT Rausch and Cloudian

Backup/Archive to Cloudian with Rubrik NAS Cloud Direct

On-Premises Object Storage for Snowflake Analytics Workloads

Get the Details

Splunk, ClearShark, and Cloudian discuss Federal Industry Storage Trends

Teradata & Cloudian: Modern Data Analytics for Hybrid and Multi-Cloud

1-Step to Data Protection: All You Need to Know About Veeam v12 + Cloudian

Step up to Cloudian

Modernize Your Enterprise Archive Storage with Cloudian and Veritas

Read About It

Unified Analytics Data Lake Platform with Vertica and Cloudian HyperStore

VMware Cloud Providers: Get started in cloud storage, free.

Get Started

Weka + Cloudian: High-Performance, Exabyte-Scalable Storage for AI/ML


Cloudian Enables Leading Swiss Financial Institution to Retain and Analyze More Big Data

Read Case Study

Indonesian Financial Services Company Replaces NAS With Cloudian

National Cancer Institute Reduces Cost and Time to Insight with Cloudian

US Department of Defense Deploys Cloudian

State of California Selects Storage-as-a-Service Offering Powered by Cloudian

Australian Genomic Sequencing Leader Accelerates Research with Cloudian

Swiss Education Non-Profit Achieves Scale and Flexibility of Public Cloud On-Prem with Cloudian

Indonesia Ministry of Education Deploys Cloudian Object Storage to Keep Up with Data Growth

Leading German Paper Company Meets Growing Data Backup Needs with Cloudian

Vox Media Automates Archive Process to Accelerate Workflow by 10X

WGBH Boston Builds a Hybrid Cloud Active Archive With Cloudian HyperStore

Large German Retailer Consolidates Primary and Secondary Storage to Cloudian

How a Sovereign Cloud Provider Succeeds in Cloud Storage Services

View On-Demand

IT Service Provider Drives Business Growth with Cloudian-based Offering

Calcasieu Parish Sheriff Deploys Hybrid Cloud for Digital Evidence Data

Montebello Bus Lines Mobile Video Surveillance with Cloudian Object Storage


Storage Guides  

Ransomware Protection Buyer’s Guide

Get Free Guide


Cloudian Named a Gartner Peer Insights Customers’ Choice for Distributed File Systems and Object Storage

Read Reviews

Disaster Recovery: 5 Key Features and Building Your DR Plan

Disaster can strike a business at any moment. Research shows that without preparation and data protection , over 50% of businesses will not survive a major disaster. It is crucial to assess your IT infrastructure and understand what information security measures you can take to decrease the damage caused by a disaster and recover operations quickly. Learn about four essential elements you must include in your disaster recovery program for it to be effective.

This is part of an extensive series of guides about cybersecurity .

In this article you will learn:

  • Why Is Disaster Recovery Important?
  • What Is a Disaster Recovery Plan?

What Is the Difference Between Disaster Recovery and Business Continuity?

How does disaster recovery work key features of a disaster recovery program, building your disaster recovery plan, types of disaster recovery solutions and services, built-in data protection for disaster recovery with cloudian, what is disaster recovery.

Disaster recovery is the practice of anticipating, planning for, surviving, and recovering from a disaster that may affect a business. Disasters can include:

  • Natural events like earthquakes or hurricanes
  • Failure of equipment or infrastructure, such as a power outage or hard disk failure
  • Man-made calamities such as accidental erasure of data or loss of equipment
  • Cyber attacks by hackers or malicious insiders

What is a Disaster Recovery Plan?

A disaster recovery plan enables businesses to respond quickly to a disaster and take immediate action to reduce damage, and resume operations as quickly as possible.

A disaster recovery plan typically includes:

  • Emergency procedures staff can carry out when a disaster occurs
  • Critical IT assets and their maximum allowed outage time
  • Tools or technologies that should be used for recovery
  • A disaster recovery team , their contact information and communication procedures (e.g. who should be notified in case of disaster)

Why is Disaster Recovery Important?

Drafting a disaster recovery plan , and ensuring you have the right staff in place to carry it out, can have the following benefits:

  • Minimize interruption – in the event of a disaster, even if it is completely unexpected, your business can continue operating with minimal interruption.
  • Limit damages – a disaster will inevitably cause damage, but you can control the extent of damage caused. For example, in hurricane-prone areas, businesses plan to move all sensitive equipment off the floor and into a room with no windows.
  • Training and preparation – having a disaster recovery program in place means your staff are trained to react in case of a disaster. This preparation will lower stress levels and give your team a clear plan of action when an event occurs.
  • Restoration of services – having a solid disaster recovery plan means you can restore all mission critical services to their normal state in a short period of time. Your Recovery Time Objective (RTO) will determine the longest time you are willing to wait until service is restored.

Business continuity (BC) and disaster recovery (DR) are often grouped into one corporate identity called BCDR. However, while the two share similar objectives that help improve the organization’s resiliency, business continuity and disaster recovery differ in scope.

Business continuity is a proactive approach to minimizing risks and ensuring the organization can continue to deliver products and services regardless of the circumstances. BC primarily focuses on defining ways to ensure employees can continue their work and enable the business to continue operations during disaster events.

Disaster recovery is a subset of BC focused mainly on the IT systems required for business continuity. DR defines specific steps needed to resume technology operations after an event occurs. It is a reactive process that requires planning, but organizations implement DR only when a disaster truly occurs.

Related content: Read our guide to disaster recovery and business continuity

Here are four things you must include in your disaster recovery plan and process, to ensure your business continuity .

Know Your Threats

Learn about the history of your business, the industry and the region, and map out the threats you are most likely to face. These should include natural disasters, geopolitical events like wars or civil unrest, failure to critical equipment like servers, Internet connections or software, and cyber attacks that are most likely to affect your type of business.

Ensure your disaster recovery plan is effective against all, or at least the most likely or most significant threats. If necessary, develop separate DR plans or separate sections within your DR plan for specific types of disasters.

Know Your Assets

It’s important to be comprehensive. Get your team together and make a big list of all the assets that are important for the day-to-day operations of your business. In the IT sphere this includes network equipment, servers, workstations, software, cloud services, mobile devices, and more. Once you have your list organize it into:

  • Critical assets your business cannot operate without – for example, an email server
  • Important assets that can seriously hamper some activities – for example, a projector used for presentations
  • Other assets that will not have a major effect on the business – for example, a recreational system used by employees on their lunch break

Define Your RTO and RPO

Define your Recovery Time Objective (RTO) for critical assets. What period of downtime can you sustain? For example, a high traffic eCommerce site sustains major financial damage for every minute of downtime. An accounting firm may be able to sustain a day or two of downtime and resume normal operations, provided there is no data loss. Build a process and obtain technological means that can help you bring operations back online within the RTO.

The term recovery point objective (RPO) refers to the maximum age of files the organization must recover from backup storage to resume normal operations after a disaster occurs. Organizations use RPO to determine the minimum frequency of backups. For example, a four-hour RPO requires backing up at least every four hours.

Set Up Disaster Recovery Sites

A cornerstone of almost every disaster recovery plan is having a way to replicate data between multiple disaster recovery sites. While many businesses schedule periodic data backups, for disaster recovery purposes, the preferred approach is to continuously replicate data to another system. Data may be replicated to:

A backup device within your data center.

A redundant operational unit in your data center, for example, a secondary server.

A backup device in a remote data center, or cloud storage with high latency, involving a delay or extra cost to retrieve data.

A redundant operational unit in a remote data center, or cloud storage with low latency, enabling immediate data access.

Local storage is less resilient to disaster but gives you a shorter RTO. It also allows you to replicate or backup data more frequently, improving your Recovery Point Objective (RPO) – meaning you can restore your data from almost every point in time.

Test Backups and Restoration of Services

Just like business systems can fail in a disaster, so can backups. There are many horror stories of organizations that had a backup system in place, but discovered too late that backups were not actually working properly. A configuration problem, software error or equipment failure can render your backups useless, and you may never know it unless you test them.

An inseparable part of any disaster recovery plan is to test that data is being replicated correctly to the target location. It’s just as important to test that it’s possible to restore data back to your production site. These tests must be conducted once, when you set up your disaster recovery apparatus, and repeated periodically to ensure the setup is still working.

Here are key steps to help guide you through the process of creating a disaster recovery plan:

Risk Assessment

A disaster recovery plan should start with business impact analysis (BIA) and risk assessment that address the relevant potential disasters. Here are key aspects of considerations:

  • Analyze all functional areas of the organization – this analysis can help you identify possible consequences, such as data loss or leakage.
  • Evaluate risks and define suitable goals – disaster recovery is a key component in larger business continuity plans. Evaluating risks and setting goals can help organizations recover critical business operations that enable continuity even while IT teams address the incident.
  • Determine geographical and infrastructure risk factors – a risk analysis should factor these complex risks to enable organizations to prepare a suitable recovery strategy for these events. You should determine whether you need cloud backup, whether a single site will suffice or do you need multiple sites, and who is allowed access.

Evaluate Critical Needs

Once you have completed a risk assessment, you need to evaluate the critical needs of each department and establish priorities for operations and processing. It involves creating written agreements for predetermined alternatives and specifying the following details:

  • Special security procedures
  • Availability, cost, and duration
  • Guarantee of compatibility
  • Hours of operation
  • Scenarios the organization defines as emergencies
  • System testing
  • A procedure for notifying users of system changes
  • Personnel requirements
  • Specifications of hardware required for critical processes
  • Service extension negotiation process
  • Any relevant contractual issue

Set Disaster Recovery Plan Objectives

Here are key aspects to help you set disaster recovery plan objectives:

  • Create a list of mission-critical operations needed for business continuity – when creating your list, decide which applications, data, user accesses, and equipment are needed to support these operations.
  • Document your RTO and RPO – finalize the required RTO and RPO for each critical asset and document it.
  • Assess service level agreements (SLAs) – all of your objectives should account for SLAs promised to any stakeholder, including users and executives.

Collect Data and Create the Written Document

Data helps create informed and relevant disaster recovery plans. Here are key data types to collect at this stage:

  • Lists – include critical contact information lists, master vendor lists, backup employee position listings, notification checklists, master call lists.
  • Inventories – include communications equipment, documentation, data center computer hardware, forms, microcomputer hardware and software, insurance policies, office equipment, workgroup hardware, and off-site storage location equipment.
  • Schedules – include schedules defined for software and data files backup or retention.
  • Procedures – include all procedures defined for system restore or recovery.
  • Locations – include all temporary disaster recovery locations.
  • Documentation – include any relevant inventories, materials, and lists.

Organize and include this data in a written, documented plan.

Test and Revise

A disaster recovery plan should remain theoretical – you need to regularly test and revise the plan to ensure it remains relevant. Testing can help obtain the following benefits:

  • Ensure the organization is adopting feasible, compatible backup procedures and facilities.
  • Identify areas in the plan that require modification.
  • Training your team to ensure they are well prepared to implement the plan.
  • Prove the value of your plan and the organization’s ability to withstand disasters.

Here are several types of disaster recovery plan tests you can employ:

  • Disaster recovery plan checklist tests
  • Parallel tests
  • Full interruption tests
  • Simulation tests

Before running the test, you should determine the criteria and procedures for testing your disaster recovery plan. After choosing a test, you should conduct a structured walk-through test or an initial dry run and correct any issues. Ideally, you should run this run dry outside normal business hours to avoid disrupting work.

Related content: Read our guide to disaster recovery plans

Organizations may choose various DR strategies according to the infrastructure and assets they wish to protect and the backup and recovery methods they use. The scale and vision of an organization’s DR plan may require specific teams for departments like networking or data centers. Here are some examples of DR solutions:

Data Center Disaster Recovery

Data centers are the backbone of modern businesses, housing critical IT infrastructure, applications, and data. When a disaster impacts a data center, the consequences can be severe, leading to significant downtime, data loss, and financial losses. Implementing a comprehensive data center disaster recovery plan is essential to ensure the continuity of business operations and minimize the impact of such events.

A data center disaster recovery plan typically includes several components to ensure the quick and efficient recovery of data and systems. These components may include:

  • Risk assessment and business impact analysis: Identifying potential risks and assessing their impact on business operations.
  • Disaster recovery strategies: Developing strategies to recover critical data and systems, such as offsite data backups, redundant infrastructure, and failover mechanisms.
  • Recovery objectives: Establishing recovery time objectives (RTOs) and recovery point objectives (RPOs) to determine the acceptable levels of downtime and data loss.

Testing and maintenance: Regularly testing the disaster recovery plan to ensure its effectiveness and updating it as needed to address changes in the business environment.

Network Disaster Recovery

Network disaster recovery focuses on the restoration of an organization’s network infrastructure, ensuring that critical systems and applications remain accessible during and after a disaster. This type of recovery is essential for maintaining communication, collaboration, and data exchange between employees, customers, and partners.

Effective network disaster recovery planning involves several key elements, including:

  • Network redundancy: Implementing redundant network connections and equipment to ensure continuous availability in the event of a failure.
  • Network segmentation: Dividing the network into smaller segments to isolate issues and minimize the impact of a disaster on the entire network.
  • Failover mechanisms: Configuring systems and devices to automatically switch to an alternate network path or component in case of a failure.

Regular testing and monitoring: Continuously monitoring network performance and conducting regular tests to identify potential issues and assess the effectiveness of the disaster recovery plan.

Cloud-Based Disaster Recovery (Disaster Recovery as a Service)

Cloud disaster recovery, also known as disaster recovery as a service (DRaaS) is a modern approach to protecting your organization’s data and applications by leveraging cloud-based resources. This type of disaster recovery offers several benefits, including:

  • Cost savings: Cloud disaster recovery eliminates the need for costly on-premises infrastructure and allows you to pay only for the resources you need, reducing capital and operational expenses.
  • Scalability: Cloud disaster recovery solutions can easily scale to accommodate the needs of growing businesses, ensuring that you always have sufficient resources to recover from a disaster.
  • Flexibility: Cloud disaster recovery allows you to choose from various recovery options, such as full data restoration or partial recovery of specific applications and systems, depending on your organization’s needs.

Implementing a cloud disaster recovery plan involves several steps, such as:

  • Assessing your organization’s needs: Determine the criticality of your data and applications, as well as your RTOs and RPOs, to identify the appropriate recovery strategy.
  • Selecting a cloud disaster recovery provider: Choose a reputable cloud provider with a strong track record in disaster recovery and a robust, secure infrastructure.
  • Configuring the cloud environment: Set up and configure the cloud environment to replicate your on-premises infrastructure, ensuring that all critical systems and applications are protected.

Testing and monitoring: Regularly test the cloud disaster recovery plan to ensure its effectiveness and monitor the cloud environment to detect potential issues.

Related content: Read our guide to

  • Disaster recovery in the cloud
  • Disaster recovery as a service
  • Disaster recovery and business continuity
  • Disaster recovery policy
  • Disaster recovery plan examples
  • Disaster recovery solutions
  • Disaster recovery vs. high availability
  • Disaster recovery on aws
  • IT disaster recovery plan

Virtualized Disaster Recovery

Virtualized disaster recovery leverages virtualization technology to replicate and recover entire systems, including operating systems, applications, and data, on virtual machines (VMs). This approach offers several advantages, such as:

  • Faster recovery times: Virtualized disaster recovery allows for the rapid recovery of systems and applications, as VMs can be quickly provisioned and configured.
  • Simplified management: Virtualization simplifies disaster recovery management by consolidating multiple systems onto a single platform, reducing the complexity of the recovery process.
  • Improved resource utilization: Virtualized disaster recovery enables the efficient use of resources, as VMs can be dynamically allocated and scaled according to your organization’s needs.

To implement a virtualized disaster recovery plan, you should:

  • Assess your organization’s virtualization capabilities: Determine the extent to which your existing infrastructure can support virtualization and identify any gaps that need to be addressed.
  • Develop a virtualization strategy: Create a plan for implementing virtualization across your organization, including the selection of appropriate virtualization platforms and tools.
  • Configure and test the virtual environment: Set up and configure the virtual environment to replicate your on-premises infrastructure, ensuring that all critical systems and applications are protected.

Monitor and maintain the virtual environment: Continuously monitor the virtual environment to detect potential issues and perform regular maintenance to ensure optimal performance and reliability.

Do you need to backup data to on-premises storage, as part of your disaster recovery setup? Cloudian offers a low-cost disk-based storage technology that lets you backup data locally with a capacity of up to 1.5 Petabytes. You can also set up a Cloudian appliance in a remote site and use our integrated data management tools to save data there.

on-premises backup target

Another deployment option is a hybrid cloud configuration. You can backup data to a local Cloudian appliance, then replicate to the cloud for DR purposes. This combines the low latency of local storage with the resilience of the cloud.

hybrid cloud disaster recovery

Learn more about Cloudian’s data protection solutions.

See Additional Guides on Key Information Security Topics

Together with our content partners, we have authored in-depth guides on several other topics that can also be useful as you explore the world of cybersecurity .

Authored by Cynet

  • What Is Extended Detection and Response (XDR)? Complete Guide
  • XDR by Palo Alto: Understanding Cortex XDR
  • XDR Security Solutions: Get to Know the Top 8

Authored by Exabeam

  • What Is UEBA (User and Entity Behavior Analytics)?
  • What Is UEBA and Why It Should Be an Essential Part of Your Incident Response
  • UEBA Tools: Key Capabilities and 7 Tools You Should Know

Medical Device Cyber Security

Authored by Sternum IoT

  • Post-Market Surveillance for Medical Devices: Ultimate 2024 Guide 
  • Understanding Medical Device Regulation and Cybersecurity Standards

Get Started With Cloudian Today

disaster recovery plans use

Request a Demo

Join a 30 minute demo with a Cloudian expert.

disaster recovery plans use

Download a Free Trial

Try Cloudian in your shop. Run on any VM, even your laptop.

disaster recovery plans use

Receive a Cloudian quote and see how much you can save.


  • Privacy Overview
  • Strictly Necessary Cookies

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

disaster recovery plans use

  • Español – América Latina
  • Português – Brasil
  • Cloud Architecture Center

Disaster recovery planning guide

This document is the first part of a series that discusses disaster recovery (DR) in Google Cloud. This part provides an overview of the DR planning process: what you need to know in order to design and implement a DR plan. Subsequent parts discuss specific DR use cases with example implementations on Google Cloud.

The series consists of the following parts:

  • Disaster recovery planning guide (this document)
  • Disaster recovery building blocks
  • Disaster recovery scenarios for data
  • Disaster recovery scenarios for applications
  • Architecting disaster recovery for locality-restricted workloads
  • Disaster recovery use cases: locality-restricted data analytic applications
  • Architecting disaster recovery for cloud infrastructure outages

Service-interrupting events can happen at any time. Your network could have an outage, your latest application push might introduce a critical bug, or you might have to contend with a natural disaster. When things go awry, it's important to have a robust, targeted, and well-tested DR plan.

With a well-designed, well-tested DR plan in place, you can make sure that if catastrophe hits, the impact on your business's bottom line will be minimal. No matter what your DR needs look like, Google Cloud has a robust, flexible, and cost-effective selection of products and features that you can use to build or augment the solution that is right for you.

Basics of DR planning

DR is a subset of business continuity planning . DR planning begins with a business impact analysis that defines two key metrics:

  • A recovery time objective (RTO) , which is the maximum acceptable length of time that your application can be offline. This value is usually defined as part of a larger service level agreement (SLA) .
  • A recovery point objective (RPO) , which is the maximum acceptable length of time during which data might be lost from your application due to a major incident. This metric varies based on the ways that the data is used. For example, user data that's frequently modified could have an RPO of just a few minutes. In contrast, less critical, infrequently modified data could have an RPO of several hours. (This metric describes only the length of time; it doesn't address the amount or quality of the data that's lost.)

Typically, the smaller your RTO and RPO values are (that is, the faster your application must recover from an interruption), the more your application will cost to run. The following graph shows the ratio of cost to RTO/RPO.

Graph showing that small RTO/RPO maps to high cost.

Because smaller RTO and RPO values often mean greater complexity, the associated administrative overhead follows a similar curve. A high-availability application might require you to manage distribution between two physically separated data centers, manage replication, and more.

RTO and RPO values typically roll up into another metric: the service level objective (SLO) , which is a key measurable element of an SLA. SLAs and SLOs are often conflated. An SLA is the entire agreement that specifies what service is to be provided, how it is supported, times, locations, costs, performance, penalties, and responsibilities of the parties involved. SLOs are specific, measurable characteristics of the SLA, such as availability, throughput, frequency, response time, or quality. An SLA can contain many SLOs. RTOs and RPOs are measurable and should be considered SLOs.

You can read more about SLOs and SLAs in the Google Site Reliability Engineering book.

You might also be planning an architecture for high availability (HA) . HA doesn't entirely overlap with DR, but it's often necessary to take HA into account when you're thinking about RTO and RPO values. HA helps to ensure an agreed level of operational performance, usually uptime , for a higher than normal period. When you run production workloads on Google Cloud, you might use a globally distributed system so that if something goes wrong in one region, the application continues to provide service even if it's less widely available. In essence, that application invokes its DR plan.

Why Google Cloud?

Google Cloud can greatly reduce the costs that are associated with both RTO and RPO when compared to fulfilling RTO and RPO requirements on premises. For example, DR planning requires you to account for a number of requirements, including the following:

  • Capacity: securing enough resources to scale as needed.
  • Security: providing physical security to protect assets.
  • Network infrastructure: including software components such as firewalls and load balancers.
  • Support: making available skilled technicians to perform maintenance and to address issues.
  • Bandwidth: planning suitable bandwidth for peak load.
  • Facilities: ensuring physical infrastructure, including equipment and power.

By providing a highly managed solution on a world-class production platform, Google Cloud helps you bypass most or all of these complicating factors, removing many business costs in the process. In addition, Google Cloud's focus on administrative simplicity means that the costs of managing a complex application are reduced as well.

Google Cloud offers several features that are relevant to DR planning, including the following:

  • A global network . Google has one of the largest and most advanced computer networks in the world. The Google backbone network uses advanced software-defined networking and edge-caching services to deliver fast, consistent, and scalable performance.
  • Redundancy . Multiple points of presence (PoPs) across the globe mean strong redundancy. Your data is mirrored automatically across storage devices in multiple locations.
  • Scalability . Google Cloud is designed to scale like other Google products (for example, search and Gmail), even when you experience a huge traffic spike. Managed services such as Cloud Run, Compute Engine, and Firestore give you automatic scaling that enables your application to grow and shrink as needed.
  • Security . The Google security model is built on decades of experience with helping to keep customers safe on Google applications like Gmail and Google Workspace. In addition, the site reliability engineering teams at Google help ensure high availability and help prevent abuse of platform resources.
  • Compliance . Google undergoes regular independent third-party audits to verify that Google Cloud is in alignment with security, privacy, and compliance regulations and best practices. Google Cloud complies with certifications such as ISO 27001, SOC 2/3, and PCI DSS 3.0.

DR patterns

DR patterns are considered to be cold, warm, or hot. These patterns indicate how readily the system can recover when something goes wrong. An analogy might be what you would do if you were driving and punctured a car tire.

How you deal with a flat tire depends on how prepared you are:

  • Cold: You have no spare tire, so you must call someone to come to you with a new tire and replace it. Your trip stops until help arrives to make the repair.
  • Warm: You have a spare tire and a replacement kit, so you can get back on the road using what you have in your car. However, you must stop your journey to repair the problem.
  • Hot: You have run-flat tires. You might need to slow down a little, but there is no immediate impact on your journey. Your tires run well enough that you can continue (although you must eventually address the issue).

Creating a detailed DR plan

This section provides recommendations for how to create your DR plan.

Design according to your recovery goals

When you design your DR plan, you need to combine your application and data recovery techniques and look at the bigger picture. The typical way to do this is to look at your RTO and RPO values and which DR pattern you can adopt to meet those values. For example, in the case of historical compliance-oriented data, you probably don't need speedy access to the data, so a large RTO value and cold DR pattern is appropriate. However, if your online service experiences an interruption, you'll want to be able to recover both the data and the user-facing part of the application as quickly as possible. In that case, a hot pattern would be more appropriate. Your email notification system, which typically isn't business critical, is probably a candidate for a warm pattern.

For guidance on using Google Cloud to address common DR scenarios, review the application recovery scenarios. These scenarios provide targeted DR strategies for a variety of use cases and offer example implementations on Google Cloud for each.

Design for end-to-end recovery

It isn't enough just to have a plan for backing up or archiving your data. Make sure your DR plan addresses the full recovery process, from backup to restore to cleanup. We discuss this in the related documents about DR data and recovery.

Make your tasks specific

When it's time to run your DR plan, you don't want to be stuck guessing what each step means. Make each task in your DR plan consist of one or more concrete, unambiguous commands or actions. For example, "Run the restore script" is too general. In contrast, "Open a shell and run /home/example/ " is precise and concrete.

Implementing control measures

Add controls to prevent disasters from occurring and to detect issues before they occur. For example, add a monitor that sends an alert when a data-destructive flow, such as a deletion pipeline, exhibits unexpected spikes or other unusual activity. This monitor could also terminate the pipeline processes if a certain deletion threshold is reached, preventing a catastrophic situation.

Preparing your software

Part of your DR planning is to make sure that the software you rely on is ready for a recovery event.

Verify that you can install your software

Make sure that your application software can be installed from source or from a preconfigured image. Make sure that you are appropriately licensed for any software that you will be deploying on Google Cloud—check with the supplier of the software for guidance.

Make sure that needed Compute Engine resources are available in the recovery environment. This might require preallocating instances or reserving them.

Design continuous deployment for recovery

Your continuous deployment (CD) toolset is an integral component when you are deploying your applications. As part of your recovery plan, you must consider where in your recovered environment you will deploy artifacts. Plan where you want to host your CD environment and artifacts—they need to be available and operational in the event of a disaster.

Implementing security and compliance controls

When you design a DR plan, security is important. The same controls that you have in your production environment must apply to your recovered environment. Compliance regulations will also apply to your recovered environment.

Configure security the same for the DR and production environments

Make sure that your network controls provide the same separation and blocking that the source production environment uses. Learn how to configure Shared VPC and firewalls to let you establish centralized networking and security control of your deployment, to configure subnets, and to control inbound and outbound traffic. Understand how to use service accounts to implement least privilege for applications that access Google Cloud APIs. Make sure to use service accounts as part of the firewall rules.

Make sure that you grant users the same access to the DR environment that they have in the source production environment. The following list outlines ways to synchronize permissions between environments:

If your production environment is Google Cloud, replicating IAM policies in the DR environment is straightforward. You can use infrastructure as code (IaC) tools like Terraform to deploy your IAM policies to production. You then use the same tools to bind the policies to corresponding resources in the DR environment as part of the process of standing up your DR environment.

If your production environment is on-premises, you map the functional roles, such as your network administrator and auditor roles, to IAM policies that have the appropriate IAM roles. The IAM documentation has some example functional role configurations—for example, see the documentation for creating networking and audit logging functional roles.

You have to configure IAM policies to grant appropriate permissions to products. For example, you might want to restrict access to specific Cloud Storage buckets .

If your production environment is another cloud provider, map the permissions in the other provider's IAM policies to Google Cloud IAM policies.

Verify your DR security

After you've configured permissions for the DR environment, make sure that you test everything. Create a test environment. Verify that the permissions that you grant to users match those that the users have on-premises.

Make sure users can access the DR environment

Don't wait for a disaster to occur before checking that your users can access the DR environment. Make sure that you have granted appropriate access rights to users, developers, operators, data scientists, security administrators, network administrators, and any other roles in your organization. If you are using an alternative identity system, make sure that accounts have been synced with your Cloud Identity account. Because the DR environment will be your production environment for a while, get your users who will need access to the DR environment to sign in, and resolve any authentication issues. Incorporate users who are logging in to the DR environment as part of the regular DR tests that you implement.

To centrally manage who has administrative access to virtual machines (VMs) that are launched, enable the OS login feature on the Google Cloud projects that constitute your DR environment.

Train users

Users need to understand how to undertake the actions in Google Cloud that they're used to accomplishing in the production environment, such as logging in and accessing VMs. Using the test environment, train your users how to perform these tasks in ways that safeguard your system's security.

Make sure that the DR environment meets compliance requirements

Verify that access to your DR environment is restricted to only those who need access. Make sure that PII data is redacted and encrypted. If you perform regular penetration tests on your production environment, you should include your DR environment as part of that scope and carry out regular tests by standing up a DR environment.

Make sure that while your DR environment is in service, any logs that you collect are backfilled into the log archive of your production environment. Similarly, make sure that as part of your DR environment, you can export audit logs that are collected through Cloud Logging to your main log sink archive. Use the export sink facilities. For application logs, create a mirror of your on-premises logging and monitoring environment. If your production environment is another cloud provider, map that provider's logging and monitoring to the equivalent Google Cloud services. Have a process in place to format input into your production environment.

Treat recovered data like production data

Make sure that the security controls that you apply to your production data also apply to your recovered data: the same permissions, encryption, and audit requirements should all apply.

Know where your backups are located and who is authorized to restore data. Make sure your recovery process is auditable—after a disaster recovery, make sure you can show who had access to the backup data and who performed the recovery.

Making sure your DR plan works

Make sure that if a disaster does occur, your DR plan works as intended.

Maintain more than one data recovery path

In the event of a disaster, your connection method to Google Cloud might become unavailable. Implement an alternative means of access to Google Cloud to help ensure that you can transfer data to Google Cloud. Regularly test that the backup path is operational.

Test your plan regularly

After you create a DR plan, test it regularly, noting any issues that come up and adjusting your plan accordingly. Using Google Cloud, you can test recovery scenarios at minimal cost. We recommend that you implement the following to help with your testing:

  • Automate infrastructure provisioning . You can use IaC tools like Terraform to automate the provisioning of your Google Cloud infrastructure. If you're running your production environment on premises, make sure that you have a monitoring process that can start the DR process when it detects a failure and can trigger the appropriate recovery actions.
  • Monitor your your environments with Google Cloud Observability} . Google Cloud has excellent logging and monitoring tools that you can access through API calls, allowing you to automate the deployment of recovery scenarios by reacting to metrics. When you're designing tests, make sure that you have appropriate monitoring and alerting in place that can trigger appropriate recovery actions.

Perform the testing noted earlier:

  • Test that permissions and user access work in the DR environment like they do in the production environment.
  • Perform penetration testing on your DR environment.
  • Perform a test in which your usual access path to Google Cloud doesn't work.

What's next?

  • Read about Google Cloud geography and regions .
  • For more reference architectures, diagrams, and best practices, explore the Cloud Architecture Center .


  • Grace Mollison | Solutions Lead
  • Marco Ferrari | Cloud Solutions Architect

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-07-05 UTC.

One platform, all Microsoft data, 100% secure | Full SaaS security | M365 + Entra ID | Read the blog

Disaster Recovery Plan

Disaster recovery plan definition.

What is a disaster recovery plan? A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and more generally promote recovery.

The purpose of a disaster recovery plan is to comprehensively explain the consistent actions that must be taken before, during, and after a natural or man-made disaster so that the entire team can take those actions. A disaster recovery plan should address both man-made disasters that are intentional, such as fallout from terrorism or hacking, or accidental, such as an equipment failure.

What is a disaster recovery plan ?

Organizations of all sizes generate and manage massive amounts of data, much of it mission critical. The impact of corruption or data loss from human error, hardware failure, malware, or hacking can be substantial. Therefore, it is essential to create a disaster recovery plan for the restoration of business data from a data backup image.

It is most effective to develop an information technology (IT) disaster recovery plan in conjunction with the business continuity plan (BCP). A business continuity plan is a complete organizational plan that consists of five components:

1. Business resumption plan 2. Occupant emergency plan 3. Continuity of operations plan 4. Incident management plan (IMP) 5. Disaster recovery plan

Generally, components one through three do not touch upon IT infrastructure at all. The incident management plan typically establishes procedures and a structure to address cyber attacks against IT systems during normal times, so it does not deal with the IT infrastructure during disaster recovery. For this reason, the disaster recovery plan is the only component of the BCP of interest to IT.

Among the first steps in developing such adisaster recovery strategy is business impact analysis, during which the team should develop IT priorities and recovery time objectives. The team should time technology recovery strategies for restoring applications, hardware, and data to meet business recovery needs.

Every situation is unique and there is no single correct way to develop a disaster recovery plan. However, there are three principal goals of disaster recovery that form the core of most DRPs:

  • prevention, including proper backups, generators, and surge protectors
  • detection of new potential threats, a natural byproduct of routine inspections
  • correction, which might include holding a “lessons learned” brainstorming session and securing proper insurance policies

What should a disaster recovery plan include?

Although specific disaster recovery plan formats may vary, the structure of a disaster recovery plan should include several features:

Goals A statement of goals will outline what the organization wants to achieve during or after a disaster, including the recovery time objective (RTO) and the recovery point objective (RPO). The recovery point objective refers to how much data (in terms of the most recent changes) the company is willing to lose after a disaster occurs. For example, an RPO might be to lose no more than one hour of data, which means data backups must occur at least every hour to meet this objective.

Recovery time objective or RTO refers to the acceptable downtime after an outage before business processes and systems must be restored to operation. For example, the business must be able to return to operations within 4 hours in order to avoid unacceptable impacts to business continuity.

Personnel Every disaster recovery plan must detail the personnel who are responsible for the execution of the DR plan, and make provisions for individual people becoming unavailable.

IT inventory An updated IT inventory must list the details about all hardware and software assets, as well as any cloud services necessary for the company’s operation, including whether or not they are business critical, and whether they are owned, leased, or used as a service.

Backup procedures The DRP must set forth how each data resource is backed up – exactly where, on which devices and in which folders, and how the team should recover each resource from backup.

Disaster recovery procedures These specific procedures, distinct from backup procedures, should detail all emergency responses, including last-minute backups, mitigation procedures, limitation of damages, and eradication of cybersecurity threats.

Disaster recovery sites Any robust disaster recovery plan should designate a hot disaster recovery site. Located remotely, all data can be frequently backed up to or replicated at a hot disaster recovery site — an alternative data center holding all critical systems. This way, when disaster strikes, operations can be instantly switched over to the hot site.

Restoration procedures Finally, follow best practices to ensure a disaster recovery plan includes detailed restoration procedures for recovering from a loss of full systems operations. In other words, every detail to get each aspect of the business back online should be in the plan, even if you start with a disaster recovery plan template. Here are some procedures to consider at each step.

Include not just objectives such as the results of risk analysis and RPOs, RTOs, and SLAs, but also a structured approach for meeting these goals. The DRP must address each type of downtime and disaster with a step-by-step plan, including data loss, flooding, natural disasters, power outages, ransomware, server failure, site-wide outages, and other issues. Be sure to enrich any IT disaster recovery plan template with these critical details.

Create a list of IT staff including contact information, roles, and responsibilities. Ensure each team member is familiar with the company disaster recovery plan before it is needed so that individual team members have the necessary access levels and passwords to meet their responsibilities. Always designate alternates for any emergency, even if you think your team can’t be affected.

Address business continuity planning and disaster recovery by providing details about mission-critical applications in your DRP. Include accountable parties for both troubleshooting any issues and ensuring operations are running smoothly. If your organization will use cloud backup services or disaster recovery services, vendor name and contact information, and a list of authorized employees who can request support during a disaster should be in the plan; ideally the vendor and organizational contacts should know of each other.

Media communication best practices are also part of a robust disaster recovery and business continuity plan. A designated public relations contact and media plan are particularly useful to high profile organizations, enterprises, and users who need 24/7 availability, such as government agencies or healthcare providers. Look for disaster recovery plan examples in your industry or vertical for specific best practices and language.

Benefits of a disaster recovery plan

Obviously, a disaster recovery plan details scenarios for reducing interruptions and resuming operations rapidly in the aftermath of a disaster. It is a central piece of the business continuity plan and should be designed to prevent data loss and enable sufficient IT recovery.

Beyond the clear benefit of improved business continuity under any circumstances, having a company disaster recovery plan can help an organization in several other important ways.

Cost-efficiency Disaster recovery plans include various components that improve cost-efficiency. The most important elements include prevention, detection, and correction, as discussed above. Preventative measures reduce the risks from man-made disasters. Detection measures are designed to quickly identify problems when they do happen, and corrective measures restore lost data and enable a rapid resumption of operations.

Achieving cost-efficiency goals demands regular maintenance of IT systems in their optimal condition, high-level analysis of potential threats, and implementation of innovative cybersecurity solutions. Keeping software updated and systems optimally maintained saves time and is more cost-effective. Adopting cloud-based data management as a part of disaster recovery planning can further reduce the costs of backups and maintenance.

Increased productivity Designating specific roles and responsibilities along with accountability as a disaster recovery plan demands increases effectiveness and productivity in your team. It also ensures redundancies in personnel for key tasks, improving sick day productivity, and reducing the costs of turnover.

Improved customer retention Customers do not easily forgive failures or downtime, especially if they result in loss of sensitive data. Disaster recovery planning helps organizations meet and maintain a higher quality of service in every situation. Reducing the risks your customers face from data loss and downtime ensures they receive better service from you during and after a disaster, shoring up their loyalty.

Compliance Enterprise business users, financial markets, healthcare patients, and government entities, all rely on availability, uptime, and the disaster recovery plans of important organizations. These organizations in turn rely on their DRPs to stay compliant with industry regulations such as HIPAA and FINRA.

Scalability Planning disaster recovery allows businesses to identify innovative solutions to reduce the costs of archive maintenance, backups, and recovery. Cloud-based data storage and related technologies enhance and simplify the process and add flexibility and scalability.

The disaster recovery planning process can reduce the risk of human error, eliminate superfluous hardware, and streamline the entire IT process. In this way, the planning process itself becomes one of the advantages of disaster recovery planning, streamlining the business, and rendering it more profitable and resilient before anything ever goes wrong.

Ways to develop a disaster recovery plan

There are several steps in the development of a disaster recovery plan. Although these may vary somewhat based on the organization, here are the basic disaster recovery plan steps:

Risk assessment First, perform a risk assessment and business impact analysis (BIA) that addresses many potential disasters. Analyze each functional area of the organization to determine possible consequences from middle of the road scenarios to “worst-case” situations, such as total loss of the main building. Robust disaster recovery plans set goals by evaluating risks up front, as part of the larger business continuity plan, to allow critical business operations to continue for customers and users as IT addresses the event and its fallout.

Consider infrastructure and geographical risk factors in your risk analysis. For example, the ability of employees to access the data center in case of a natural disaster, whether or not you use cloud backup, and whether you have a single site or multiple sites are all relevant here. Be sure to include this information, even if you’re working from a sample disaster recovery plan.

Evaluate critical needs Next, establish priorities for operations and processing by evaluating the critical needs of each department. Prepare written agreements for selected alternatives, and include details specifying all special security procedures, availability, cost, duration, guarantee of compatibility, hours of operation, what constitutes an emergency, non-mainframe resource requirements, system testing, termination conditions, a procedure notifying users of system changes, personnel requirements, specs on required processing hardware and other equipment, a service extension negotiation process, and other contractual issues.

Set disaster recovery plan objectives Create a list of mission-critical operations to plan for business continuity, and then determine which data, applications, equipment, or user accesses are necessary to support those functions. Based on the cost of downtime, determine each function’s recovery time objective (RTO). This is the target amount of time in hours, minutes, or seconds an operation or application can be offline without an unacceptable business impact.

Determine the recovery point objective (RPO), or the point in time back to which you must recover the application. This is essentially the amount of data the organization can afford to lose.

Assess any service level agreements (SLAs) that your organization has promised to users, executives, or other stakeholders.

Collect data and create the written document Collect data for your plan using pre-formatted forms as needed. Data to collect in this stage may include:

  • lists (critical contact information list, backup employee position listing, master vendor list, master call list, notification checklist)
  • inventories (communications equipment, data center computer hardware, documentation, forms, insurance policies, microcomputer hardware and software, office equipment, off-site storage location equipment, workgroup hardware, etc.)
  • schedules for software and data files backup/retention
  • procedures for system restore/recovery
  • temporary disaster recovery locations
  • other documentation, inventories, lists, and materials

Organize and use the collected data in your written, documented plan.

Test and revise Next, develop criteria and procedures for testing the plan. This is essential to ensure the organization has adopted compatible, feasible backup procedures and facilities, and to identify areas that should be modified. It also allows the team to be trained, and proves the value of the DRP and ability of the organization to withstand disasters.

Finally, test the plan based on the criteria and procedures. Conduct an initial dry run or structured walk-through test and correct any problems, ideally outside normal operational hours. Types of business disaster recovery plan tests include: disaster recovery plan checklist tests, full interruption tests, parallel tests, and simulation tests.

The recovery point objective, or RPO, refers to how much data (in terms of the most recent changes) the company is willing to lose after a disaster occurs. For example, an RPO might be to lose no more than one hour of data, which means data backups must occur at least every hour to meet this objective.

The RPO answers this question: “How much data could be lost without significantly impacting the business?”

Example: If the RPO for a business is 20 hours and the last available good copy of data after an outage is 18 hours old, we are still within the RPO’s parameters.

In other words, the RTO answers the question: “How much time after notification of business process disruption should it take to recover?”

To compare RPO and RTO , consider that RPO means a variable amount of data that would need to be re-entered after a loss or would be lost altogether during network downtime. In contrast, RTO refers to how much real time can elapse before the disruption unacceptably impedes normal business operations.

It is important to expose the gap between actuals and objectives set forth in the disaster recovery plan. Only business disruption and disaster rehearsals can expose actuals—specifically Recovery Point Actual (RPA) and Recovery Time Actual (RTA). Refining these differences brings the plan up to speed.

Strategies and tools for a disaster recovery plan

The right strategies and tools help implement a disaster recovery plan.

Traditional on-premises recovery strategies The IT team should develop disaster recovery strategies for IT applications, systems, and data. This includes desktops, data, networks, connectivity, servers, wireless devices, and laptops. Identify IT resources that support time-sensitive business processes and functions so their recovery times match.

Information technology systems require connectivity, data, hardware, and software. The entire system may fail due to a single component, so recovery strategies should anticipate the loss of one or more of these system components:

  • Secure, climate-controlled computer room environment with backup power supply
  • Connectivity to a service provider
  • Hardware such as desktop and laptop computers, networks, wireless devices and peripherals, and servers
  • Software applications such as electronic mail, electronic data interchange, enterprise resource management, and office productivity

Data and restoration For business applications that cannot tolerate downtime, actual parallel computing, data mirroring, or multiple data center synchronization is possible yet costly. Other solutions for mission critical business applications and sensitive data include cloud backup and cloud-native disaster recovery, which reduce the need for expensive hardware and IT infrastructure.

Internal recovery strategies Some enterprises store data at multiple facilities and configure hardware to run similar applications from data center to data center when needed. Assuming off-site data backup or data mirroring are taking place, processing can continue and data can be restored at an alternate site under these circumstances. However, this is a costly solution, and one that demands an internal solution that is itself infallible.

Cloud-based disaster recovery strategies Cloud-based vendors offer Disaster recovery as a service (DRaaS), which are essentially “hot sites” for IT disaster recovery hosted in the cloud. DRaaS leverages the cloud to provide fully configured recovery sites that mirror the applications in the local data center. This allows users a more immediate response, allowing them the ability to recover critical applications in the cloud, keeping them ready for use at the time of a disaster.

Vendors can host and manage applications, data security services, and data streams, enabling access to information via web browser at the primary business site or other sites. These vendors can typically enhance cybersecurity because their ongoing monitoring for outages offers data filtering and detection of malware threats. If the vendor detects an outage at the client site, they hold all client data automatically until the system is restored. In this sense, the cloud is essential to security planning and disaster recovery.

Does Druva offer a cloud disaster recovery plan ?

With Druva’s cloud-native disaster recovery plan, workloads on-premises or in the cloud back up directly to the Druva Cloud Platform, built on AWS. This eliminates recovery complexities by enabling automated runbook execution and one-click disaster recovery. Druva’s cloud-native disaster recovery includes failover and failback, either back to on-premises systems or to any AWS region or account without hardware, a managed DR site, or excessive administration.

Watch the video below for a demo, and discover Druva's innovative one-click solutions for on-premises and cloud workloads on the disaster recovery page of the website .

Related Terms

Now that you’ve learned about the disaster recovery plan, brush up on these related terms with Druva’s glossary:

  • What is cyber resilience?
  • What is an RPO?
  • What is an RTO?
  • Disaster recovery planning and management

disaster recovery plans use

Olivier Le Moal -

6 benefits that make a disaster recovery plan worth it

Disaster recovery plans help reduce recovery time, ultimately saving time and money. time spent testing and planning upfront pays dividends when a disaster strikes..

Stuart Burns

  • Stuart Burns

Disaster recovery planning requires organizations to invest time, money and personnel. It often involves testing, trainings and exercises, not to mention hardware and software investments for offsite, on-premises and cloud recovery options.

However, the costs are far outweighed by the benefits of a DR plan . Businesses without good backups and tested DR plans are more likely to go out of business due to data loss, reputational damage and the other risks they take by not having a DR plan in place. Organizations with a DR plan can reap strong benefits, such as meeting legal requirements and having a better understanding of the resources they need.

Below are six benefits of a disaster recovery plan.

1. It reduces the panic of dealing with an unexpected crisis

One of the best things about having a disaster recovery plan ready to go is that most scenarios that could make a disaster worse have already been thought about, and mitigations and plans have been documented, tested and validated by the DR team . It provides a tested roadmap for the worst day imaginable. It can also highlight current risks that have not been thought about before.

Doing so reduces the risk of panic and improvisation that could potentially make the situation worse. As the name suggests, a plan gives an outline of what needs to happen, when and by whom. A good DR plan also includes exercises to test it, leading to snags being ironed out ahead of time.

As with most things, the more practice, the better the outcome.

2. The right people are involved at the right time

Another benefit of a disaster recovery plan is that those key individuals that are needed in a disaster know about it ahead of time. It also cuts through the chatter and gets the right people at the right time to the right place. When people know they are to be called upon in a DR plan, it enables them to manage that much better.

3. It manages expectations and brings in necessary parties

If a company is experiencing a crisis that requires it to invoke the DR plan, knowing who needs to be notified and how to contact them means that those people who can positively affect the situation are aware and well-rehearsed mitigations can be put in place. It also can inform stakeholders and customers of the disruption and manage their expectations. The last thing a company needs in a disaster is the distraction of third parties trying to conduct business as usual on systems that are down.

4. It helps meet legal and PR requirements

One thing a lot of administrators don't immediately think about is that some scenarios can have reporting and other legal requirements. Documenting these in the DR plan provides a degree of clarity.

This can also extend to PR teams and having preagreed communications to help protect the company's reputation. This can be a major concern for many organizations, especially high-profile businesses or those in regulated industries .

5. Investing in DR is good for data backup

Businesses that invest in a DR plan tend to be those that have quality, tested backups . Without backups, the best DR plan is worthless. This is an absolute requirement for successful recovery.

6. It provides a better understanding of required resources

Implementing disaster recovery plans can be expensive. That said, if an appropriate disaster recovery plan exists, it becomes straightforward to quantify the spending involved. DR plans outline internal and third-party resources the business will use in a crisis. Having these resources laid out in an official DR plan can ease future communications with third-party services and provide an understanding of the potential expenses that will be required.

Stuart Burns is a virtualization expert at a Fortune 500 company. He specializes in VMware and system integration with additional expertise in disaster recovery and systems management. Burns received vExpert status in 2015.

Dig Deeper on Disaster recovery planning and management

disaster recovery plans use

disaster recovery (DR) test


disaster recovery plan (DRP)


4 disaster recovery plan best practices for any business


Best practices for a strong disaster recovery testing strategy

This comprehensive guide explains backup basics, the issues affecting risk and the seven critical backup strategies you need to ...

There are several different types of backup. Here's how to choose the best way to safeguard your data and recover appropriately ...

Group Policy Objects represent a significant time investment and an important configuration management tool. Follow these simple ...

The acquisition brings Storj's distributed storage offerings together with Valdi's distributed compute services for ...

Pure Storage is the latest infrastructure vendor to add Nvidia DGX SuperPod certification and new product offerings to support ...

Hyperscaler service offerings to detect or eliminate malware add features that analysts call cyberstorage to common object ...

New research from Cisco Talos highlighted three of the most popular known vulnerabilities that were exploited by ransomware gangs...

A Check Point Software Technologies researcher who discovered CVE-2024-38112 said the Windows spoofing vulnerability may have ...

Microsoft disclosed and patched a whopping 142 vulnerabilities in a busy Patch Tuesday that included two zero-day flaws under ...

Vice President Kamala Harris' friendliness toward the tech sector could affect Biden's regulatory efforts should she replace him ...

Efficiency, resiliency, productivity and ROI are among the most critical digital transformation benefits for businesses fighting ...

The European Commission found both Meta and Apple to be in violation of the Digital Markets Act.

Incident management for high-velocity teams

Disaster recovery plan examples and best practices.

Benjamin Franklin was right. "If you fail to plan, you are planning to fail." This is especially true of disasters that threaten to disrupt your business operations—or bring them to a complete halt. So, you need a strategy and plan for disaster recovery .

To maximize protection and minimize disruption, you need clear, comprehensive, and practical plans to address multiple types of disasters. Each plan should be structured using a simple disaster recovery plan example, ideally following a template utilized throughout your company. Additionally, the disaster recovery plan format should adhere to proven best practices and be tailored to address your unique business needs and priorities.

This article explains disaster recovery plans and their importance and provides examples to help jump-start your efforts to protect your business. It also offers guidance on best practices for disaster recovery and invites you to explore the features of Jira Service Management that can simplify and improve your disaster recovery planning efforts.

Understanding disaster recovery planning

A wide range of potential disasters can threaten your business, and any of them could disrupt or completely halt your business operations. The cost of downtime can be as high as hundreds or thousands of dollars per minute . Your disaster recovery plans are critical to your company's business continuity strategy and long-term survival and success.

Your current IT service management ( ITSM ) and DevOps support processes can help you craft effective disaster recovery plans. Features of your chosen ITSM software may also help with your disaster recovery planning. IT incidents can quickly become disasters, and how well your business handles incident response and incident communication , including postmortem reports , can inform and support your disaster recovery planning efforts. 

What you choose to include in your disaster recovery plans depends on the type of disaster that plan aims to address and your business’s unique needs. However, all effective disaster recovery plans share two common goals: to prevent disasters whenever possible and to outline the steps to recover as quickly as possible when necessary. Below is a disaster recovery plan example for each of the most common and challenging disaster types. Your business should craft and maintain a plan for each of these.

5 disaster recovery plan examples

Disaster recovery planning should include multiple types of disasters to maximize the protection of your business operations. Here are examples of the most prevalent types, but you may need to plan for additional types depending on your business's unique characteristics.

Cybersecurity breach recovery plan

When starting your cybersecurity disaster recovery plan, you should carefully assess the risk and effect of a cybersecurity breach. A great cybersecurity plan includes the following elements:

  • Your plan should establish recovery objectives by specifying the time needed to restore basic and then full operations or by indicating the maximum acceptable amount of data loss. These are known respectively as recovery time objectives (RTOs) and recovery point objectives (RPOs).
  • It should detail your business’ data backup and protection measures, as well as your recovery strategies and solutions. 
  • It should describe what the recovery team should communicate to those affected and involved and how they should disseminate that information. 

It should include information about relevant documentation, maintenance activities, employee and stakeholder training, and regular testing of the plan itself.

Supply chain disruption recovery plan

PPRR, prevention, preparedness, response, and recovery, is a popular supply chain risk management approach. Your supply chain disruption recovery plan must address all four elements for maximum effectiveness and minimal business disruption.

To address prevention and preparedness, you should map each critical supply chain, highlighting which suppliers have alternatives in place and which do not.  Where you can access alternatives, your plan must detail how to invoke those alternatives and which stakeholders to notify.

Where no alternatives are available, you and your colleagues must ensure that your plan details which operations and teams are affected. You must also ensure your plan includes steps to inform those affected and advise them of specific actions to take in response to the disruption. Your plan should also guide rapid recovery once you have restored a supplier connection.

Infrastructure failure recovery plan

Your IT infrastructure failure recovery plan should mirror and complement your cybersecurity breach recovery plan. It must identify your critical infrastructure elements and include up-to-date, accurate, and complete details about hardware, software, and network configurations.

This plan should include information about alternatives, workarounds, and employees' actions when infrastructure fails. You should also include information about recovery from the failure of physical, non-IT infrastructure.

Data center outage recovery plan

Enterprises often designate critical data centers as automatically invoked "hot spare" or manually accessible "warm spare" backups. Your data center outage recovery plan must detail available backups for your critical data centers and explain how to access those backups.

Natural disaster recovery plan

Every natural disaster recovery plan should begin with detailed information about how and where critical data backups are stored and updated. Your company should store at least one backup offsite, preferably far enough away that a natural disaster affecting your business does not also affect your backup. You need to be able to securely access your offsite backups remotely, as natural disasters can hamper travel.

You should determine the types of natural disasters most likely to affect your business and plan for them. Local government agencies and online weather and climate resources can be valuable sources of information for the planning process.

Best practices for disaster recovery planning

Regardless of the plan you are creating, you should build it on these best practices.

  • Identify and prioritize the disasters and threats your business is most vulnerable to.
  • Prioritize your most critical operations so your recovery efforts focus on restoring those operations first.
  • Define acceptable recovery objectives. You can express these in terms of acceptable data loss and operational disruption (recovery point objective) or time to restore operations (recovery time objective).
  • Implement robust backup and recovery processes for critical business data. Keep at least one backup in a secure, offsite location and align access and recovery processes with your recovery objectives.
  • Assemble a team to implement each recovery plan. Ensure that each team includes people with the necessary skills to achieve rapid, effective recovery from even the most serious disasters. Also include people who can communicate with and reassure stakeholders throughout recovery.

Test and update your plans regularly. A disaster recovery plan that sits on a shelf will likely fail to meet your recovery objectives. Review and test your plans regularly to keep them current with evolving threats and business needs. Also, include plans for frequent and regular stakeholder education and training efforts as appropriate.

Use Jira Service Management for disaster recovery planning

As you've read above, disaster recovery planning is a challenging, critical, multifaceted element of business continuity planning. Multiple Jira Service Management features can simplify disaster recovery planning and make it more effective for you, your colleagues, and your business.

Jira Service Management provides a central platform to track tasks, incidents, and requests related to the disaster recovery process. This can speed collaboration among your disaster recovery team members and improve stakeholder communication. Issue tracking and reporting features help you monitor each recovery effort and modify them if and as needed. Jira Service Management also allows you to create disaster recovery information knowledge bases , allowing all team members to access the information quickly.

Disaster recovery plan examples: Frequently asked questions

How do you write a disaster recovery plan.

Below are some basic steps to create a recovery plan for each disaster type relevant to your business.

  • Work with IT decision-makers and other stakeholders to identify, assess, and prioritize possible disasters and their associated risks.
  • Align these with your most critical business operations—document recovery objectives for each.
  • Describe how backup and recovery address these risks and objectives. Highlight any known gaps or shortcomings in current backup and recovery practices or solutions.
  • List and briefly describe the members of the disaster recovery team and the role each member plays.
  • Describe the testing schedule for the recovery plan and how you will measure each plan's test performance.
  • Share the plan with all stakeholders and seek input and feedback during and after plan creation, testing, and implementation.

What should a disaster recovery plan include?

At a minimum, you should include the following elements in every disaster recovery plan.

  • Create a prioritized list of your most critical business operations and the disaster-related threats each face.
  • Write a brief description of your current backup and recovery policies, processes, and technologies, highlighting any known shortcomings or gaps.
  • Describe how current practices and solutions address the identified vulnerabilities.
  • Create a disaster recovery team membership roster with a brief description of each member and their role.
  • Write a schedule for regular plan testing and briefly describe how you will address any identified issues.

Invite questions, comments, and suggestions from key stakeholders.

What kind of events should a disaster recovery plan cover?

Disaster recovery plans should address as many disaster scenarios threatening your business operations as possible. This article addresses areas you and your colleagues should consider mandatory for your business. Depending on the specific characteristics of your business and markets, you may also need to plan for additional disaster types.

Learn incident communication with Statuspage

In this tutorial, we’ll show you how to use incident templates to communicate effectively during outages. Adaptable to many types of service interruption.

Incident communication templates and examples

When responding to an incident, communication templates are invaluable. Get the templates our teams use, plus more examples for common incidents.

Disaster Recovery Plan Templates

By Andy Marker | November 26, 2018

  • Share on Facebook
  • Share on LinkedIn

Link copied

In this article, you’ll find the most useful disaster plan templates, available for download in Microsoft Word, Excel, PowerPoint, and PDF formats. Customize the free templates to fit your business needs so you can maintain productivity and operations in the event of a disaster.

Disaster Recovery Plan Template

Disaster Recovery Plan Template

Use this template to document and track all critical operations, personnel contact information, and key procedures to perform in the event of a disaster or business disruption. Use the designated space to record critical information, like the backup process, recovery sites, and restoration steps. This template is available for download in Microsoft Word, PowerPoint, and PDF formats.

Download Disaster Recovery Plan Template

Word | PowerPoint | PDF  | Smartsheet

See how Smartsheet can help you be more effective

disaster recovery plans use

Watch the demo to see how you can more effectively manage your team, projects, and processes with real-time work management in Smartsheet.

Watch a free demo

Disaster Risk Reduction Management Plan Template

Disaster Risk reduction Management Plan Template

Use this template to record the most essential information your organization needs in order to effectively gauge risks. Within the disaster risk reduction management plan, you’ll find space to detail risk severity and likelihood and outline it on a visual chart. Use this template to stay on top of risks and detail how to handle any disaster or disruption, no matter the severity.

Download Disaster Risk Reduction Management Plan Template

Excel  | PDF  | Smartsheet

IT Disaster Plan Template

IT Disaster Recovery Plan Template

This template outlines the specific steps for continuing business operations and recovery in the IT field. Space is included to document IT objectives, key IT personnel and all necessary contact information, recovery plan overview, and emergency response teams. Available in Microsoft Word, PowerPoint, and PDF formats, this template serves as a blueprint for recovering from all IT disruptions. .

Download IT Disaster Plan Template

Word | PowerPoint | PDF

Data Disaster Recovery Plan Template

Data Disaster Recovery Plan Template

Use this template to document the process for recovering key data after a disaster or disruption in business operations. With space to list a statement of intent, emergency response processes, financial and legal information, and recovery plan practice and implementation, this template will aid in the restoration of all critical business data.

Download Data Disaster Recovery Plan Template

Disaster Recovery Communication Plan Template

Disaster Recovery Communication Plan Template

This disaster recovery communication plan template will help you identify the core communications across team members in the event of a disaster. This template provides space to assign responsibilities, identify stakeholders, and set up a proper response plan. This template is available in both Microsoft Word and PDF formats.

Download Disaster Recovery Communication Plan Template

Payroll Disaster Recovery Plan Template

Payroll Disaster Recovery Plan Template

Plan, track, and manage a disaster that affects the payroll process of your organization and hinders normal HR operations. You can use this template to detail key contact information, disaster recovery teams, and emergency alert and activation measures dealing with a disaster that affects typical payroll operations. This customizable template is available in Microsoft Word, PowerPoint, and PDF formats.

Download Payroll Disaster Recovery Plan Template

School Disaster Management Plan Template

School Disaster Management Plan Template

In the event of a disaster or emergency situation at a school, use this template to plan the exact details involved in the response, mitigation, and recovery plan. Manage all risks that could potentially plague schools, such as site security or power outages. With space to document a full risk assessment, a preparedness plan, and response actions, your school will be fully prepared.

Download School Disaster Management Plan Template

Disaster Management Plan Template

Disaster Management Plan Template

Use this comprehensive template to detail the response and management plan of your organization after a disaster strikes. With space to include an outline of your overall disaster recovery plan, key contact information, disaster recovery procedures, and alternate recovery sites, this template enables you to manage any catastrophe that may affect your organization.

Download Disaster Management Plan Template

Simple Disaster Recovery Plan for Small Businesses

Simple Disaster Recovery Plan for Small Business Template

This template offers a simple yet comprehensive recovery plan for small businesses when a disaster or emergency situation interrupts typical activity. You’ll find space to outline everything from recovery plans to backup procedures, and even disaster site rebuilding and relocation plans. This template is available for download in Microsoft Word, PowerPoint, and PDF formats.

Download Simple Disaster Recovery Plan for Small Businesses

SaaS Disaster Recovery Plan Template

SAAS Disaster Recovery Plan Template

This template is specifically designed for SaaS organizations to plan, manage, and assess the damage after a disaster occurs. Outline key objectives, provide a detailed overview, and assign responsibilities across emergency and disaster response teams with this comprehensive template available in Microsoft Word, PowerPoint, and PDF formats.

Download SaaS Disaster Recovery Plan Template

Disaster Drill Evaluation Template

Disaster Drill Evaluation Template

Use this template during and after a disaster drill to evaluate the effectiveness of your organization’s plan. Record the type of disaster the drill is for, drill initiation and complete times, emergency response team accuracy, and lessons learned. Download and customize for your business needs, available in both Microsoft Word and PDF formats.

Download Disaster Drill Evaluation Template

Excel | Word | PDF

Disaster Call Tree Template

Disaster Call Tree Template

Streamline the process of phone communication when an emergency occurs. Use this template to detail the person responsible for starting the call tree, as well as all of the people who then contact others to effectively and quickly alert all team members of the disaster.

Download Disaster Call Tree Template

Excel | Word | PowerPoint | PDF

Manufacturing Disaster Recovery Plan Template

Manufacturing Disaster Recovery Plan Template

In the event of a disaster that affects the normal manufacturing operations, use this template to outline the critical details needed to restore manufacturing. With space to document critical personnel responsibilities, contingency operations, backup locations, and more, manufacturing teams can continue or relocate operations to maintain normal functions as quickly as possible.

Download Manufacturing Disaster Recovery Plan Template

Disaster Recovery Runbook

Disaster Recovery Runbook Template

Use this template to document the steps to recovery from a disaster. You can apply this template across a multitude of business functions or teams. Easily document key details like communication strategies, disaster declaration and response procedures, infrastructure overviews, and restoration details in one place. This template is available for download in Microsoft Word, PowerPoint, and PDF formats.

Download Disaster Recovery Runbook

Application Disaster Recovery Plan Template

Application Disaster Recovery Response Template

Use this template to document specific steps for recovering from a disaster or business disruption. There is space to include policy statements, contact information, and disaster and emergency response teams and procedures. This template is available to customize and download in Microsoft Word, PowerPoint, and PDF formats.

Download Application Disaster Recovery Plan Template

Law Firm Disaster Recovery Plan Template

Law Firm Disaster Recovery Plan Template

This template offers specific recovery procedures and processes associated specifically with law firms. Document disaster response steps, personnel losses, new employee training, and office space information to effectively tackle the aftermath of a disaster that plagues a law company. This template is available for download in Microsoft Word, PowerPoint, and PDF formats.

Download Law Firm Disaster Recovery Plan Template

What Is a Disaster Recovery Plan?

A disaster recovery plan (DRP) is a step-by-step procedure that outlines how a business or organization will recover from disrupted systems, operations, processes, or networks. The aim of a DRP is to identify critical systems or procedures, prioritize recovery time objectives (RTOs), document key personnel contact information, and outline any necessary policies to follow in the event of a disaster.

What Is the Purpose of a Disaster Recovery Plan?

A DRP is an essential document for any business or organization, as it ensures that all normal business processes, infrastructure, and applications continue to operate when a major disaster strikes. Usually, a disaster recovery plan is included as part of the overall business impact analysis .

Additionally, the plan provides details for responding to unplanned incidents, which can include cyber attacks, environmental or natural disasters (flood, earthquake, landslide, volcano, tornado, etc.), power disruptions, fires, employee errors, hardware or software failures, terrorism or sabotage, bomb or shooter threats, and more.

A DRP can also minimize the negative impacts of disasters by helping to ensure that all business locations are kept safe. In addition to all of these positive effects of having a DRP, it also helps with the following:

  • Ensure employees and team members can react rapidly and restore activity effectively, in light of an emergency or disaster.
  • Capture, summarize, and organize critical information needed to restore business operations.
  • Develop, test, and document a detailed, easy-to-understand plan.
  • Secure contingency plans, and ensure they are cost effective.
  • Build resilience within the business.
  • Identify responsibilities of each team member, and outline disaster practices to ensure effectiveness.
  • Prepare and respond to emergencies most likely to plague certain business, teams, or roles.
  • Ensure the overall prosperity and survival of the business.

Most businesses cannot afford to be non-profitable and lose critical operations for an extended period of time. DRPs help to ensure that all operations can be restored in a quick, responsive manner.

Steps For Creating a Disaster Recovery Plan

When you are writing your disaster recovery plan, start by conducting a thorough business impact analysis to identify your organization’s most essential parts or critical services and how a disaster might affect them. Assess the risk and impact associated with losing business functions in a disaster.

Look at historical or company background information to determine if any disasters have affected the organization in the past, and how they were consequently handled. Perform a gap analysis to compare what is currently being done to prevent or handle a disaster against what should be done, and see if there are missing components. Next, identify any existing preventive controls to mitigate disasters.

From there, you can start creating a disaster recovery plan by following these steps:

  • Develop recovery strategies.
  • Obtain management commitment and authorization to proceed with DRP creation.
  • Classify and prioritize business operations.
  • Set the scope of the DRP, either in covering a whole business, specific teams, or individual people.
  • Develop the cost estimate and scheduling of the plan to share with key stakeholders.
  • Determine supplies, equipment, and other infrastructure that must be maintained during a disaster.
  • Establish an emergency communication system, usually through a call tree, and include support services and assistance information.
  • Document emergency response actions and internal recovery strategies, and designate specific teams to carry them out, as well as dependent processes that must be handled in a particular order.
  • Determine data and records backup and data restoration times to ensure timely IT recovery.
  • Designate specific phases of your DRP, such as a response phase, resumption phase, and restoration phase.
  • Identify “hot” and “cold” sites, when necessary.
  • Plan an evacuation route.
  • Include detailed instructions and contact information in the case of a medical emergency.
  • Determine a comprehensive plan to rebuild a disaster site.
  • Determine a hazard assessment to minimize exposure to risks and dangers.
  • Create an emergency checklist to have on-hand when a disaster strikes.
  • Conduct tests and trainings of the DRP.
  • Perform an annual review of your DRP and document any necessary changes in the plan.

Who Are the Resources Involved in a Disaster Recovery Plan?

A DRP is comprised of many different human resources who are leveraged when a disaster or emergency strikes. These participants are usually grouped into teams to cover a variety of important responsibilities included in a DRP.

The plan development team helps craft the plan and assigns responsibilities to the other resources. The IT and application teams deal with disaster strategies that disrupt that portion of the business, and the emergency response team focuses on the overall emergency response process of the entire organization.

Within the emergency response team is a primary crisis manager and a company spokesperson who both focus on communicating and acting on emergency response procedures. An emergency contact helps in altering the rest of the business of the disaster, specifically to vendors or suppliers who may work remotely.

Tips For Creating a Disaster Recovery Plan

Because a DRP is an important document for any business or organization to have, creating the most accurate, clear, and actionable plan can be daunting. The following tips can help:

  • Establish clearly defined roles for each team member.
  • Get support and buy-in from senior management.
  • Keep the wording and process description simple.
  • Review results with business units.
  • Be flexible and accept suggestions regarding all parts of the DRP.
  • Plan for emergencies most likely to happen where you live, or according to your business.
  • Detail what to do in the event of lost communication, evacuation, and safety threats.
  • Make sure you have a strong communication plan across your organization.
  • Always plan and prepare for the worst case scenario.
  • Conduct extensive risk assessments to ensure you are covering all your bases.
  • Consider the specific needs or accommodations of all employees.
  • Organize your team and perform practice plans before a disaster actually strikes.

Once you have completed the plan, ask the following questions to ensure that your DRP is coherent, comprehensive, and easy to implement:

  • Are all employees able to execute the plan, and is everyone aware of their role?
  • Are backup procedures detailed, and are they accessible within a desired timeline?
  • Are there specific contingency operations in place if one of the primary procedures fails?
  • Is the recovery time objective and recovery point objective (RPO) practical for your business and all of your team members?
  • Can systems be restored before an excessive amount of revenue or data is lost?

Examples of Effective Disaster Recovery Plans and Additional Resources

For more direction in creating the most appropriate and actionable DRP for your business, refer to these recovery plan examples to gain familiarity and understanding of how to write and what to include in a DRP.

  • MIT Disaster Recovery Plan : MIT outlines all critical components of a DRP, including purpose of plan, disaster response, disaster detection, and business continuity teams.
  • IBM Disaster Recovery Plan : IBM clearly documents key details of their business to minimize the effect of a disaster, including recovery procedures, recovery sites, major goals, and plan testing.

To gain an even better idea of how to create the best disaster recovery plan, and detail why every business should have one, refer to these helpful resources and reports:

  • NIST Special Publication 800-34
  • EMC IT Downtime Report
  • Computer Security Resource Center
  • Guide to Test, Training, and Exercise Programs for IT Plans & Capabilities
  • Building an Information Technology Security Awareness & Training Program
  • FEMA: “Emergency Management Guide for Business and Industry”

Deploy Your Disaster Recovery Plan with Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

  • Cloud Infrastructure

VMware Cloud Foundation

Scalable, elastic private cloud IaaS solution.

Key Technologies:

vSphere   |  vSAN   |  NSX   |  Aria

VMware vSphere Foundation

Enterprise workload engine with intelligent operations.

vSphere   |  vSAN   |  Aria

Live Recovery Private AI Foundation

App Platforms

Build, deploy, manage and scale modern apps.

  • VMware Tanzu

Security and Load Balancing

Zero trust lateral security and software-defined app delivery.

  • VMware Avi Load Balancer
  • VMware vDefend Distributed Firewall
  • VMware vDefend Advanced Threat Prevention
  • Software-Defined Edge

Empower distributed workloads with infrastructure and management.

  • Edge Compute Stack
  • VeloCloud SD-WAN/SASE
  • Telco Cloud

Run VMware on any Cloud. Any Environment. Anywhere.

   on public & hybrid clouds.

  • Alibaba Cloud VMware Service
  • Azure VMware Solution
  • Google Cloud VMware Engine
  • IBM Cloud for VMware Solutions
  • Oracle Cloud VMware Solutions
  • VMware Cloud on AWS
  • VMware Verified Cloud Providers

Desktop Hypervisor

Develop and test in a local virtualization sandbox.

  • Workstation Pro

By Category

  • App Platform

By Industry

  • Communications Service Providers
  • Federal Government
  • Financial Services
  • Healthcare Providers
  • Manufacturing
  • State and Local Government

VMware AI Solutions

Accelerate and ensure the success of your generative AI initiatives with multi-cloud flexibility, choice, privacy and control.

For Customers

  • Find a Cloud Provider
  • Find a Partner
  • VMware Marketplace
  • Work with a Partner

For Partners

  • Become a Cloud Provider
  • Cloud Partner Navigator
  • Get Cloud Verified
  • Learning and Selling Resources
  • Partner Connect Login
  • Partner Executive Edge
  • Technology Partner Hub
  • Work with VMware

Working Together with Partners for Customer Success

A new, simplified partner program to help achieve even greater opportunities for profitability.

Tools & Training

  • VMware Customer Connect
  • VMware Trust Center
  • Learning & Certification
  • Product Downloads
  • Cloud Services Engagement Platform
  • Hands-on Labs
  • Professional Services
  • Support Offerings
  • Support Customer Welcome Center


  • Cloud Marketplace
  • VMware Video Library
  • VMware Explore Video Library

Blogs & Communities

  • News & Stories
  • Communities
  • Customer Stories
  • VMware Explore
  • All Events & Webcasts
  • Topics 
  • VMware Glossary 
  • Content 
  • Disaster Recovery

What Is Disaster Recovery?

Disaster recovery is an organization’s method of regaining access and functionality to its IT infrastructure after events like a natural disaster, cyber attack, or even business disruptions related to the COVID-19 pandemic. A variety of disaster recovery (DR) methods can be part of a disaster recovery plan . DR is one aspect of business continuity .

disaster recovery plans use

Address and Overcome the Top Challenges of Deploying a Disaster Recovery Solution

disaster recovery plans use

Disaster Recovery as-aService using VMware Site Recovery with VMware Cloud on AWS

How does disaster recovery work.

Disaster recovery relies upon the replication of data and computer processing in an off-premises location not affected by the disaster. When servers go down because of a natural disaster, equipment failure or cyber attack, a business needs to recover lost data from a second location where the data is backed up. Ideally, an organization can transfer its computer processing to that remote location as well in order to continue operations. 

5 Top Elements of an Effective Disaster Recovery Plan

  • Disaster recovery team : This assigned group of specialists will be responsible for creating, implementing and managing the disaster recovery plan. This plan should define each team member’s role and responsibilities. In the event of a disaster, the recovery team should know how to communicate with each other, employees, vendors, and customers.
  • Risk evaluation : Assess potential hazards that put your organization at risk. Depending on the type of event, strategize what measures and resources will be needed to resume business. For example, in the event of a cyber attack, what data protection measures will the recovery team have in place to respond?
  • Business-critical asset identification : A good disaster recovery plan includes documentation of which systems, applications, data, and other resources are most critical for business continuity, as well as the necessary steps to recover data.
  • Backups : Determine what needs backup (or to be relocated), who should perform backups, and how backups will be implemented. Include a recovery point objective (RPO) that states the frequency of backups and a recovery time objective (RTO) that defines the maximum amount of downtime allowable after a disaster. These metrics create limits to guide the choice of IT strategy, processes and procedures that make up an organization’s disaster recovery plan. The amount of downtime an organization can handle and how frequently the organization backs up its data will inform the disaster recovery strategy.
  • Testing and optimization : The recovery team should continually test and update its strategy to address ever-evolving threats and business needs. By continually ensuring that a company is ready to face the worst-case scenarios in disaster situations, it can successfully navigate such challenges. In planning how to respond to a cyber attack, for example, it’s important that organizations continually test and optimize their security and data protection strategies and have protective measures in place to detect potential security breaches.

How to Build a Disaster Recovery Team

Whether creating a disaster recovery strategy from scratch or improving an existing plan, assembling the right collaborative team of experts is a critical first step. It starts with tapping IT specialists and other key individuals to provide leadership over the following key areas in the event of a disaster:

  • Crisis management: This leadership role commences recovery plans, coordinates efforts throughout the recovery process, and resolves problems or delays that emerge.
  • Business continuity: The expert overseeing this ensures that the recovery plan aligns with the company’s business needs, based on the business impact analysis.
  • Impact assessment and recovery: The team responsible for this area of recovery has technical expertise in IT infrastructure including servers, storage, databases and networks.
  • IT applications: This role monitors which application activities should be implemented based on a restorative plan. Tasks include application integrations, application settings and configuration, and data consistency.

While not necessarily part of the IT department, the following roles should also be assigned to any disaster recovery plan:

  • Executive management: The executive team will need to approve the strategy, policies and budget related to the disaster recovery plan, plus provide input if obstacles arise.
  • Critical business units: A representative from each business unit will ideally provide feedback on disaster recovery planning so that their specific concerns are addressed.

What Are the Types of Disaster Recovery?

Businesses can choose from a variety of disaster recovery methods, or combine several:

  • Back-up: This is the simplest type of disaster recovery and entails storing data off site or on a removable drive. However, just backing up data provides only minimal business continuity help, as the IT infrastructure itself is not backed up.
  • Cold Site: In this type of disaster recovery, an organization sets up a basic infrastructure in a second, rarely used facility that provides a place for employees to work after a natural disaster or fire. It can help with business continuity because business operations can continue, but it does not provide a way to protect or recover important data, so a cold site must be combined with other methods of disaster recovery.
  • Hot Site: A hot site maintains up-to-date copies of data at all times. Hot sites are time-consuming to set up and more expensive than cold sites, but they dramatically reduce down time.
  • Disaster Recovery as a Service (DRaaS): In the event of a disaster or ransomware attack, a DRaaS provider moves an organization’s computer processing to its own cloud infrastructure, allowing a business to continue operations seamlessly from the vendor’s location, even if an organization’s servers are down. DRaaS plans are available through either subscription or pay-per-use models. There are pros and cons to choosing a local DRaaS provider: latency will be lower after transferring to DRaaS servers that are closer to an organization’s location, but in the event of a widespread natural disaster, a DRaaS that is nearby may be affected by the same disaster.
  • Back Up as a Service: Similar to backing up data at a remote location, with Back Up as a Service, a third party provider backs up an organization’s data, but not its IT infrastructure.
  • Datacenter disaster recovery: The physical elements of a data center can protect data and contribute to faster disaster recovery in certain types of disasters. For instance, fire suppression tools will help data and computer equipment survive a fire. A backup power source will help businesses sail through power outages without grinding operations to a halt. Of course, none of these physical disaster recovery tools will help in the event of a cyber attack.
  • Virtualization: Organizations can back up certain operations and data or even a working replica of an organization’s entire computing environment on off-site virtual machines that are unaffected by physical disasters. Using virtualization as part of a disaster recovery plan also allows businesses to automate some disaster recovery processes, bringing everything back online faster. For virtualization to be an effective disaster recovery tool, frequent transfer of data and workloads is essential, as is good communication within the IT team about how many virtual machines are operating within an organization.
  • Point-in-time copies: Point-in-time copies, also known as point-in-time snapshots, make a copy of the entire database at a given time. Data can be restored from this back-up, but only if the copy is stored off site or on a virtual machine that is unaffected by the disaster.
  • Instant recovery: Instant recovery is similar to point-in-time copies, except that instead of copying a database, instant recovery takes a snapshot of an entire virtual machine .

How to Plan for COVID-19 Disaster Recovery and Business Continuity

COVID-19 and the resulting global crisis have pushed many companies to support employees working remotely and forced organizations to rethink their disaster recovery and business continuity strategies. With the pandemic in play, even just a network outage can have a significant effect on the business.

Here are a few things to consider:

  • Add the risks and potential consequences of infectious diseases to your disaster recovery plan. Although rare on such a global scale, having specific plans for this type of emergency will help ensure they’re handled as smoothly as possible.
  • Make plans for people, not just technology. The results of COVID-19 have shown that for businesses to remain successful employees need support, communication and resources. Plan ways that you will be able to provide these elements even when employees are working from home and may have different or limited access to their normal devices, networks or communication channels.
  • Consider additional cloud and software-as-a-service (SaaS) solutions for more efficient and flexible options for remote work, as well as lessening the reliance on one central data center or main HQ. Make sure your plans include IT redundancy—multiple systems in multiple sites, so that if one system gets compromised, the business remains operational.

What Are the Benefits of Disaster Recovery Software?

No organization can afford to ignore disaster recovery. The two most important benefits of having a disaster plan in place, including effective DR software, are:

  • Cost savings: Planning for potential disruptive events can save businesses hundreds of thousands of dollars and even mean the difference between a company surviving a natural disaster or folding.
  • Faster recovery: Depending on the disaster recovery strategy and the types of disaster recovery tools used, businesses can get up and running much faster after a disaster, or even continue operations as if nothing had happened.

Recommended for You

  • Business Continuity Application
  • Business Continuity Plan
  • Disaster Recovery Planning
  • Disaster Recovery as a Service
  • Data Center Solutions

Related Solutions and Products

Disaster recovery solutions.

Protect any workload, balancing the speed and cost of recovery with the criticality of your data.

VMware Cloud Disaster Recovery

On-demand disaster recovery with cloud economics

VMware Site Recovery

On-demand disaster recovery as a service (DRaaS)

  • What is Business Continuity?
  • What is Disaster Recovery as a Service (DRaaS)
  • What is a Disaster Recovery Plan?

Disaster recovery options in the cloud

Disaster recovery strategies available to you within AWS can be broadly categorized into four approaches, ranging from the low cost and low complexity of making backups to more complex strategies using multiple active Regions. Active/passive strategies use an active site (such as an AWS Region) to host the workload and serve traffic. The passive site (such as a different AWS Region) is used for recovery. The passive site does not actively serve traffic until a failover event is triggered.

It is critical to regularly assess and test your disaster recovery strategy so that you have confidence in invoking it, should it become necessary. Use AWS Resilience Hub to continuously validate and track the resilience of your AWS workloads, including whether you are likely to meet your RTO and RPO targets.

Graph showing disaster recovery strategies and highlights of each strategy.

Figure 6 - Disaster recovery strategies

For a disaster event based on disruption or loss of one physical data center for a well-architected , highly available workload, you may only require a backup and restore approach to disaster recovery. If your definition of a disaster goes beyond the disruption or loss of a physical data center to that of a Region or if you are subject to regulatory requirements that require it, then you should consider Pilot Light, Warm Standby, or Multi-Site Active/Active.

When choosing your strategy, and the AWS resources to implement it, keep in mind that within AWS, we commonly divide services into the data plane and the control plane . The data plane is responsible for delivering real-time service while control planes are used to configure the environment. For maximum resiliency, you should use only data plane operations as part of your failover operation. This is because the data planes typically have higher availability design goals than the control planes.

Backup and restore

Backup and restore is a suitable approach for mitigating against data loss or corruption. This approach can also be used to mitigate against a regional disaster by replicating data to other AWS Regions, or to mitigate lack of redundancy for workloads deployed to a single Availability Zone. In addition to data, you must redeploy the infrastructure, configuration, and application code in the recovery Region. To enable infrastructure to be redeployed quickly without errors, you should always deploy using infrastructure as code (IaC) using services such as AWS CloudFormation or the AWS Cloud Development Kit (AWS CDK) . Without IaC, it may be complex to restore workloads in the recovery Region, which will lead to increased recovery times and possibly exceed your RTO. In addition to user data, be sure to also back up code and configuration, including Amazon Machine Images (AMIs) you use to create Amazon EC2 instances. You can use AWS CodePipeline to automate redeployment of application code and configuration.

Architecture diagram showing backup and restore architecture

Figure 7 - Backup and restore architecture

AWS services

Your workload data will require a backup strategy that runs periodically or is continuous. How often you run your backup will determine your achievable recovery point (which should align to meet your RPO). The backup should also offer a way to restore it to the point in time in which it was taken. Backup with point-in-time recovery is available through the following services and resources:

Amazon Elastic Block Store (Amazon EBS) snapshot

Amazon DynamoDB backup

Amazon RDS snapshot

Amazon Aurora DB snapshot

Amazon EFS backup (when using AWS Backup)

Amazon Redshift snapshot

Amazon Neptune snapshot

Amazon DocumentDB

Amazon FSx for Windows File Server , Amazon FSx for Lustre , Amazon FSx for NetApp ONTAP , and Amazon FSx for OpenZFS

For Amazon Simple Storage Service (Amazon S3), you can use Amazon S3 Cross-Region Replication (CRR) to asynchronously copy objects to an S3 bucket in the DR region continuously, while providing versioning for the stored objects so that you can choose your restoration point. Continuous replication of data has the advantage of being the shortest time (near zero) to back up your data, but may not protect against disaster events such as data corruption or malicious attack (such as unauthorized data deletion) as well as point-in-time backups. Continuous replication is covered in the AWS Services for Pilot Light section.

AWS Backup provides a centralized location to configure, schedule, and monitor AWS backup capabilities for the following services and resources:

Amazon Elastic Block Store (Amazon EBS) volumes

Amazon EC2 instances

Amazon Relational Database Service (Amazon RDS) databases (including Amazon Aurora databases)

Amazon DynamoDB tables

Amazon Elastic File System (Amazon EFS) file systems

AWS Storage Gateway volumes

AWS Backup supports copying backups across Regions, such as to a disaster recovery Region.

As an additional disaster recovery strategy for your Amazon S3 data, enable S3 object versioning . Object versioning protects your data in S3 from the consequences of deletion or modification actions by retaining the original version before the action. Object versioning can be a useful mitigation for human-error type disasters. If you are using S3 replication to back up data to your DR region, then, by default, when an object is deleted in the source bucket, Amazon S3 adds a delete marker in the source bucket only . This approach protects data in the DR Region from malicious deletions in the source Region.

In addition to data, you must also back up the configuration and infrastructure necessary to redeploy your workload and meet your Recovery Time Objective (RTO). AWS CloudFormation provides Infrastructure as Code (IaC), and enables you to define all of the AWS resources in your workload so you can reliably deploy and redeploy to multiple AWS accounts and AWS Regions. You can back up Amazon EC2 instances used by your workload as Amazon Machine Images (AMIs). The AMI is created from snapshots of your instance's root volume and any other EBS volumes attached to your instance. You can use this AMI to launch a restored version of the EC2 instance. An AMI can be copied within or across Regions. Or, you can use AWS Backup to copy backups across accounts and to other AWS Regions. The cross-account backup capability helps protect from disaster events that include insider threats or account compromise. AWS Backup also adds additional capabilities for EC2 backup—in addition to the instance’s individual EBS volumes, AWS Backup also stores and tracks the following metadata: instance type, configured virtual private cloud (VPC), security group, IAM role , monitoring configuration, and tags. However, this additional metadata is only used when restoring the EC2 backup to the same AWS Region.

Any data stored in the disaster recovery Region as backups must be restored at time of failover. AWS Backup offers restore capability, but does not currently enable scheduled or automatic restoration. You can implement automatic restore to the DR region using the AWS SDK to call APIs for AWS Backup. You can set this up as a regularly recurring job or trigger restoration whenever a backup is completed. The following figure shows an example of automatic restoration using Amazon Simple Notification Service (Amazon SNS) and AWS Lambda . Implementing a scheduled periodic data restore is a good idea as data restore from backup is a control plane operation. If this operation was not available during a disaster, you would still have operable data stores created from a recent backup.

Diagram showing workflow of restoring and testing backups.

Figure 8 - Restoring and testing backups

Your backup strategy must include testing your backups. See the Testing Disaster Recovery section for more information. Refer to the AWS Well-Architected Lab: Testing Backup and Restore of Data for a hands-on demonstration of implementation.

Pilot light

With the pilot light approach, you replicate your data from one Region to another and provision a copy of your core workload infrastructure. Resources required to support data replication and backup, such as databases and object storage, are always on. Other elements, such as application servers, are loaded with application code and configurations, but are "switched off" and are only used during testing or when disaster recovery failover is invoked. In the cloud, you have the flexibility to deprovision resources when you do not need them, and provision them when you do. A best practice for “switched off” is to not deploy the resource, and then create the configuration and capabilities to deploy it (“switch on”) when needed. Unlike the backup and restore approach, your core infrastructure is always available and you always have the option to quickly provision a full scale production environment by switching on and scaling out your application servers.

Reference architecture diagram for pilot light architecture

Figure 9 - Pilot light architecture

A pilot light approach minimizes the ongoing cost of disaster recovery by minimizing the active resources, and simplifies recovery at the time of a disaster because the core infrastructure requirements are all in place. This recovery option requires you to change your deployment approach. You need to make core infrastructure changes to each Region and deploy workload (configuration, code) changes simultaneously to each Region. This step can be simplified by automating your deployments and using infrastructure as code (IaC) to deploy infrastructure across multiple accounts and Regions (full infrastructure deployment to the primary Region and scaled down/switched-off infrastructure deployment to DR regions). It is recommended you use a different account per Region to provide the highest level of resource and security isolation (in the case compromised credentials are part of your disaster recovery plans as well).

With this approach, you must also mitigate against a data disaster. Continuous data replication protects you against some types of disaster, but it may not protect you against data corruption or destruction unless your strategy also includes versioning of stored data or options for point-in-time recovery. You can back up the replicated data in the disaster Region to create point-in-time backups in that same Region.

In addition to using the AWS services covered in the Backup and Restore section to create point-in-time backups, also consider the following services for your pilot light strategy.

For pilot light, continuous data replication to live databases and data stores in the DR region is the best approach for low RPO (when used in addition to the point-in-time backups discussed previously). AWS provides continuous, cross-region, asynchronous data replication for data using the following services and resources:

Amazon Simple Storage Service (Amazon S3) Replication

Amazon RDS read replicas

Amazon Aurora global databases

Amazon DynamoDB global tables

Amazon DocumentDB global clusters

Global Datastore for Amazon ElastiCache for Redis

With continuous replication, versions of your data are available almost immediately in your DR Region. Actual replication times can be monitored using service features like S3 Replication Time Control (S3 RTC) for S3 objects and management features of Amazon Aurora global databases .

When failing over to run your read/write workload from the disaster recovery Region, you must promote an RDS read replica to become the primary instance. For DB instances other than Aurora, the process takes a few minutes to complete and rebooting is part of the process. For Cross-Region Replication (CRR) and failover with RDS, using Amazon Aurora global database provides several advantages. Global database uses dedicated infrastructure that leaves your databases entirely available to serve your application, and can replicate to the secondary Region with typical latency of under a second (and within an AWS Region is much less than 100 milliseconds). With Amazon Aurora global database, if your primary Region suffers a performance degradation or outage, you can promote one of the secondary regions to take read/write responsibilities in less than one minute even in the event of a complete regional outage. You can also configure Aurora to monitor the RPO lag time of all secondary clusters to make sure that at least one secondary cluster stays within your target RPO window.

A scaled down version of your core workload infrastructure with fewer or smaller resources must be deployed in your DR Region. Using AWS CloudFormation, you can define your infrastructure and deploy it consistently across AWS accounts and across AWS Regions. AWS CloudFormation uses predefined pseudo parameters to identify the AWS account and AWS Region in which it is deployed. Therefore, you can implement condition logic in your CloudFormation templates to deploy only the scaled-down version of your infrastructure in the DR Region. For EC2 instance deployments, an Amazon Machine Image (AMI) supplies information such as hardware configuration and installed software. You can implement an Image Builder pipeline that creates the AMIs you need and copy these to both your primary and backup Regions. This helps to ensure that these golden AMIs have everything you need to re-deploy or scale-out your workload in a new region, in case of a disaster event. Amazon EC2 instances are deployed in a scaled-down configuration (less instances than in your primary Region). To scale-out the infrastructure to support production traffic, see Amazon EC2 Auto Scaling in the Warm Standby section.

For an active/passive configuration such as pilot light, all traffic initially goes to the primary Region and switches to the disaster recovery Region if the primary Region is no longer available. This failover operation can be initiated either automatically or manually. Automatically initiated failover based on health checks or alarms should be used with caution. Even using the best practices discussed here, recovery time and recovery point will be greater than zero, incurring some loss of availability and data. If you fail over when you don’t need to (false alarm), then you incur those losses. Manually initiated failover is therefore often used. In this case, you should still automate the steps for failover, so that the manual initiation is like the push of a button.

There are several traffic management options to consider when using AWS services.

One option is to use Amazon Route 53 . Using Amazon Route 53, you can associate multiple IP endpoints in one or more AWS Regions with a Route 53 domain name. Then, you can route traffic to the appropriate endpoint under that domain name. On failover you need to switch traffic to the recovery endpoint, and away from the primary endpoint. Amazon Route 53 health checks monitor these endpoints. Using these health checks, you can configure automatically initiated DNS failover to ensure traffic is sent only to healthy endpoints, which is a highly reliable operation done on the data plane. To implement this using manually initiated failover you can use Amazon Route 53 Application Recovery Controller . With Route 53 ARC, you can create Route 53 health checks that do not actually check health, but instead act as on/off switches that you have full control over. Using the AWS CLI or AWS SDK, you can script failover using this highly available, data plane API. Your script toggles these switches (the Route 53 health checks) telling Route 53 to send traffic to the recovery Region instead of the primary Region. Another option for manually initiated failover that some have used is to use a weighted routing policy and change the weights of the primary and recovery Regions so that all traffic goes to the recovery Region. However, be aware this is a control plane operation and therefore not as resilient as the data plane approach using Amazon Route 53 Application Recovery Controller.

Another option is to use AWS Global Accelerator . Using AnyCast IP, you can associate multiple endpoints in one or more AWS Regions with the same static public IP address or addresses. AWS Global Accelerator then routes traffic to the appropriate endpoint associated with that address. Global Accelerator health checks monitor endpoints. Using these health checks, AWS Global Accelerator checks the health of your applications and routes user traffic automatically to the healthy application endpoint. For manually initiated failover, you can adjust which endpoint receives traffic using traffic dials, but note this is a control plane operation. Global Accelerator offers lower latencies to the application endpoint since it makes use of the extensive AWS edge network to put traffic on the AWS network backbone as soon as possible. Global Accelerator also avoids caching issues that can occur with DNS systems (like Route 53).

Amazon CloudFront offers origin failover, where if a given request to the primary endpoint fails, CloudFront routes the request to the secondary endpoint. Unlike the failover operations described previously, all subsequent requests still go to the primary endpoint, and failover is done per each request.

AWS Elastic Disaster Recovery

AWS Elastic Disaster Recovery (DRS) continuously replicates server-hosted applications and server- hosted databases from any source into AWS using block-level replication of the underlying server. Elastic Disaster Recovery enables you to use a Region in AWS Cloud as a disaster recovery target for a workload hosted on-premises or on another cloud provider, and its environment. It can also be used for disaster recovery of AWS hosted workloads if they consist only of applications and databases hosted on EC2 (that is, not RDS). Elastic Disaster Recovery uses the Pilot Light strategy, maintaining a copy of data and “switched-off” resources in an Amazon Virtual Private Cloud (Amazon VPC) used as a staging area. When a failover event is triggered, the staged resources are used to automatically create a full-capacity deployment in the target Amazon VPC used as the recovery location.

Architecture diagram showing AWS Elastic Disaster Recovery architecture.

Figure 10 - AWS Elastic Disaster Recovery architecture

Warm standby

The warm standby approach involves ensuring that there is a scaled down, but fully functional, copy of your production environment in another Region. This approach extends the pilot light concept and decreases the time to recovery because your workload is always-on in another Region. This approach also allows you to more easily perform testing or implement continuous testing to increase confidence in your ability to recover from a disaster.

Architecture diagram showing warm standby architecture.

Figure 11 - Warm standby architecture

Note: The difference between pilot light and warm standby can sometimes be difficult to understand. Both include an environment in your DR Region with copies of your primary Region assets. The distinction is that pilot light cannot process requests without additional action taken first, whereas warm standby can handle traffic (at reduced capacity levels) immediately. The pilot light approach requires you to “turn on” servers, possibly deploy additional (non-core) infrastructure, and scale up, whereas warm standby only requires you to scale up (everything is already deployed and running). Use your RTO and RPO needs to help you choose between these approaches.

All of the AWS services covered under backup and restore and pilot light are also used in warm standby for data backup, data replication, active/passive traffic routing, and deployment of infrastructure including EC2 instances.

Amazon EC2 Auto Scaling is used to scale resources including Amazon EC2 instances, Amazon ECS tasks, Amazon DynamoDB throughput, and Amazon Aurora replicas within an AWS Region. Amazon EC2 Auto Scaling scales deployment of EC2 instance across Availability Zones within an AWS Region, providing resiliency within that Region. Use Auto Scaling to scale out your DR Region to full production capability, as part of a pilot light or warm standby strategies. For example, for EC2, increase the desired capacity setting on the Auto Scaling group. You can adjust this setting manually through the AWS Management Console, automatically through the AWS SDK, or by redeploying your AWS CloudFormation template using the new desired capacity value. You can use AWS CloudFormation parameters to make redeploying the CloudFormation template easier. Ensure that service quotas in your DR Region are set high enough so as to not limit you from scaling up to production capacity.

Because Auto Scaling is a control plane activity, taking a dependency on it will lower the resiliency of your overall recovery strategy. It is a trade-off. You can choose to provision sufficient capacity such that the recovery Region can handle the full production load as deployed. This statically stable configuration is called hot standby (see the next section). Or you may choose to provision fewer resources which will cost less, but take a dependency on Auto Scaling. Some DR implementations will deploy enough resources to handle initial traffic, ensuring low RTO, and then rely on Auto Scaling to ramp up for subsequent traffic.

Multi-site active/active

You can run your workload simultaneously in multiple Regions as part of a multi-site active/active or hot standby active/passive strategy. Multi-site active/active serves traffic from all regions to which it is deployed, whereas hot standby serves traffic only from a single region, and the other Region(s) are only used for disaster recovery. With a multi-site active/active approach, users are able to access your workload in any of the Regions in which it is deployed. This approach is the most complex and costly approach to disaster recovery, but it can reduce your recovery time to near zero for most disasters with the correct technology choices and implementation (however data corruption may need to rely on backups, which usually results in a non-zero recovery point). Hot standby uses an active/passive configuration where users are only directed to a single region and DR regions do not take traffic. Most customers find that if they are going to stand up a full environment in the second Region, it makes sense to use it active/active. Alternatively, if you do not want to use both Regions to handle user traffic, then Warm Standby offers a more economical and operationally less complex approach.

Architecture diagram showing multi-site active/active architecture (change one Active path to Inactive for hot standby)

Figure 12 - Multi-site active/active architecture (change one Active path to Inactive for hot standby)

With multi-site active/active, because the workload is running in more than one Region, there is no such thing as failover in this scenario. Disaster recovery testing in this case would focus on how the workload reacts to loss of a Region: Is traffic routed away from the failed Region? Can the other Region(s) handle all the traffic? Testing for a data disaster is also required. Backup and recovery are still required and should be tested regularly. It should also be noted that recovery times for a data disaster involving data corruption, deletion, or obfuscation will always be greater than zero and the recovery point will always be at some point before the disaster was discovered. If the additional complexity and cost of a multi-site active/active (or hot standby) approach is required to maintain near zero recovery times, then additional efforts should be made to maintain security and to prevent human error to mitigate against human disasters.

All of the AWS services covered under backup and restore , pilot light , and warm standby also are used here for point-in-time data backup, data replication, active/active traffic routing, and deployment and scaling of infrastructure including EC2 instances.

For the active/passive scenarios discussed earlier (Pilot Light and Warm Standby), both Amazon Route 53 and AWS Global Accelerator can be used for route network traffic to the active region. For the active/active strategy here, both of these services also enable the definition of policies that determine which users go to which active regional endpoint. With AWS Global Accelerator you set a traffic dial to control the percentage of traffic that is directed to each application endpoint. Amazon Route 53 supports this percentage approach, and also multiple other available policies including geoproximity and latency based ones. Global Accelerator automatically leverages the extensive network of AWS edge servers , to onboard traffic to the AWS network backbone as soon as possible, resulting in lower request latencies.

Asynchronous data replication with this strategy enables near-zero RPO. AWS services like Amazon Aurora global database use dedicated infrastructure that leaves your databases entirely available to serve your application, and can replicate to up to five secondary Region with typical latency of under a second. With active/passive strategies, writes occur only to the primary Region. The difference with active/active is designing how data consistency with writes to each active Region are handled. It is common to design user reads to be served from the Region closest to them, known as read local . With writes, you have several options:

A write global strategy routes all writes to a single Region. In case of failure of that Region, another Region would be promoted to accept writes. Aurora global database is a good fit for write global , as it supports synchronization with read-replicas across Regions, and you can promote one of the secondary Regions to take read/write responsibilities in less than one minute. Aurora also supports write forwarding, which lets secondary clusters in an Aurora global database forward SQL statements that perform write operations to the primary cluster.

A write local strategy routes writes to the closest Region (just like reads). Amazon DynamoDB global tables enables such a strategy, allowing read and writes from every region your global table is deployed to. Amazon DynamoDB global tables use a last writer wins reconciliation between concurrent updates.

A write partitioned strategy assigns writes to a specific Region based on a partition key (like user ID) to avoid write conflicts. Amazon S3 replication configured bi-directionally can be used for this case, and currently supports replication between two Regions. When implementing this approach, make sure to enable replica modification sync on both buckets A and B to replicate replica metadata changes like object access control lists (ACLs), object tags, or object locks on the replicated objects. You can also configure whether or not to replicate delete markers between buckets in your active Regions. In addition to replication, your strategy must also include point-in-time backups to protect against data corruption or destruction events.

AWS CloudFormation is a powerful tool to enforce consistently deployed infrastructure among AWS accounts in multiple AWS Regions. AWS CloudFormation StackSets extends this functionality by enabling you to create, update, or delete CloudFormation stacks across multiple accounts and Regions with a single operation. Although AWS CloudFormation uses YAML or JSON to define Infrastructure as Code, AWS Cloud Development Kit (AWS CDK) allows you to define Infrastructure as Code using familiar programming languages. Your code is converted to CloudFormation which is then used to deploy resources in AWS.


To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.

U.S. flag

An official website of the United States government

Here’s how you know

world globe

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. .

National Disaster Recovery Framework

world globe

The National Disaster Recovery Framework (NDRF) enables effective recovery support to disaster-impacted states, tribes, territorial and local jurisdictions. It provides a flexible structure that enables disaster recovery managers to operate in a unified and collaborative manner. The NDRF focuses on how best to restore, redevelop and revitalize the health, social, economic, natural and environmental fabric of the community and build a more resilient nation.

The NDRF is a first step toward achieving a shared understanding and a common, integrated perspective in order to achieve unity of effort and to build a more resilient nation.

The National Disaster Recovery Framework defines:

Eight principles that guide recovery core capability development and recovery support activities.

A coordinating structure that facilitates communication and collaboration among all stakeholders, guidance for pre- and post-disaster recovery planning.

Roles and responsibilities of recovery coordinators and other stakeholders.

The overall process by which communities can capitalize on opportunities to rebuild stronger, smarter and safer.

View and Download the Framework

National Disaster Recovery Framework report cover

NDRF Fact Sheet

Recovery Support Function Leadership Group (RSFLG)

The Recovery Support Function Leadership Group (RSFLG) allows federal agencies to coordinate disaster recovery work under the National Disaster Recovery Framework (NDRF) across the six Recovery Support Functions in order to provide communities with unified federal assistance as quickly and effectively as possible.

Learn about Recovery Support Function Leadership Group (RSFLG) 's responsibilities, membership and priorities.

Additional Resources

Our National Preparedness Planning page provides information on operational and strategic planning.

A generic fact sheet document.

OneResponder : Use this free and accessible online system to help you manage your personnel and resources within the NIMS framework.

Pre-Disaster Recovery Guides

  • State Governments : Enables states to more easily adapt to new post-disaster roles needed to manage new or modified sources of state and federal recovery resources.
  • Local Governments : Provides tools for public engagement, whole-community recovery, identification of existing recovery resources, and identifying outside partnerships to help build resilience.
  • Tribal Governments : Designed to prepare tribal governments for future disasters by engaging with the whole community and planning for recovery activities that are comprehensive and long term.

Non-Stafford Act Events

Building on the principles and concepts outlined in the NRDF, Effective Coordination of Recovery Resources for State, Tribal, Territorial and Local Incidents is designed to be applied after an incident, either in concert with existing pre-incident recovery plans or to enhance post-incident planning efforts.

Successful business owners know how important it is to have a plan in place for when unexpected events shut down normal operations. Modern enterprises face many types of disasters, including pandemics, cyberattacks , large-scale power outages and natural disasters. Last year, companies around the world spent close to USD 219 billion on cybersecurity and security solutions, a 12% increase from the previous year according to the International Data Corporation (IDC)  (link resides outside

Leaders know they need to be prepared but the number of solutions and scenarios to consider can be overwhelming. In this article, we’re going to look at some common threats and how disaster recovery plans (DRPs) and solutions can optimize preparedness.

Let’s start with some commonly used terms:

  • Disaster recovery (DR): Disaster recovery (DR) refers to an enterprise’s ability to recover from an unplanned event that impacts normal business operations. Strong DR planning helps businesses protect critical data and restore normal processes in a matter of days, hours and even minutes.
  • Disaster recovery plan (DRP): A disaster recovery plan (DRP) is a document that clearly outlines how an enterprise will recover from an unexpected event. Alongside business continuity plans (BCPs), DRPs help businesses prepare for different scenarios, such as natural disasters, widespread power outages, ransomware attacks and malware attacks.
  • Failover/failback:  Failover is a widely used tactic where enterprises move valuable data or capabilities to a secondary system when a primary one fails due to an unexpected event. Failback is the process where operations are switched back to the original system once the threat has been mitigated. Failover and failback both use data replication and are widely used in DR strategies for data centers and communication networks.
  • Virtualized recovery plans (VRPs): A virtualized recovery plan is on-demand software as a service (SaaS) that relies on virtual machine (VM) instances that can be ready to operate within a couple of minutes of an interruption. Virtual machines (VM) and their accompanying apps are representations, or emulations, of physical computers that provide critical application recovery through high availability (HA), or a system’s capacity to run workloads continuously without failing.
  • Recovery time objective (RTO) and recovery point objective (RPO):  RTO and RPO refer to the amount of time it takes to restore business operations after an unplanned incident and the amount of data businesses can lose during an attack and still recover. Establishing your RTO and RPO are critical steps in your recovery process. Some enterprises tolerate zero RPO by constantly performing data backup to a remote data center to ensure data integrity in case of a massive breach. Others set a tolerable RPO of a few minutes (or even hours) because they’re confident they can recover from whatever was lost during that short amount of time.

Disasters can cause all kinds of problems for businesses. From a flood that shuts down access to critical physical assets to a cyberattack that compromises data protection or IT infrastructure, disaster recovery plans help ensure business continuity regardless of the threat. Here are some of the most common benefits for companies that invest in disaster recovery solutions:

  • Business continuity: Business continuity and business continuity disaster recovery (BCDR) help ensure organizations return to normal operations after an unplanned event. Creating a business continuity strategy helps restore critical off- and on-premises business functions after an unexpected event and restore stakeholder, client and investor confidence.
  • Reduced costs: According to  IBM’s recent Cost of Data Breach Report , the average cost of a data breach last year was USD 4.45 million—a 15% increase over the last 3 years. Enterprises without DR plans are taking an unnecessary risk, as the costs and penalties incurred by a successful attack could far outweigh the money saved by not investing in one.
  • Less downtime: Today’s top-performing enterprises often rely on complex technology for their most critical business operations. When an unplanned incident disrupts critical technologies, such as communication networks or infrastructure, it can cost companies millions. Additionally, the high-profile nature of many cyberattacks or human-error-related interruptions and the frequently analyzed length of network downtimes often cause customers and investors to flee.
  • Enhanced compliance capabilities: Many successful businesses operate in heavily regulated sectors like healthcare and personal finance. These sectors impose heavy fines and penalties for data breaches given the critical and personal nature of the data that is at stake. Business disaster recovery solutions help shorten response and recovery lifecycles for an enterprise facing an unplanned incident, critical in sectors where the amount of financial penalty is often tied to the duration and severity of a breach.

Business disaster recovery strategy plays a critical role in the event your organization faces an interruption due to an unplanned event. The following is a widely used, five-step process to help your organization prepare to face a variety of threats:

  • Conduct business impact analysis: Start by assessing each threat your company could face and its potential impact on your business operations. Consider how each potential threat might impact your critical services, cause loss of revenue, downtime or reputational repair (public relations).
  • Analyze risks: Now that you have a list of the risks your company faces, you can try to gauge the likelihood of each one. Risk analysis is a process where you rank each risk according to its potential impact and likelihood, then prioritize accordingly.
  • Critical: Assets that are required for normal business operations.
  • Important: Assets that are used at least once a day and, if disrupted, would have an impact on business operations but not shut them down entirely.
  • Unimportant: Assets your business uses infrequently that are not essential for normal operations.
  • Establish roles and responsibilities: Clearly outline responsibilities so your team members will know what’s expected of them in the event of a disaster. Examples of commonly assigned roles include an incident reporter whose job it is to communicate with stakeholders throughout a disaster, an asset manager who ensures the safety of assets during an incident, and a DRP supervisor who manages team members and makes sure they perform the tasks they’ve been assigned.
  • Rehearse and refine: Business disaster recovery requires constant practice and refinement to be effective. Regularly update your plans according to how your teams perform. Always keep an eye on how your organization changes over time and make sure to add any new assets you may have acquired since you formed your DRP to ensure they’re protected going forward.

Depending on an enterprise’s size, industry and priorities for disaster recovery, there are many different plans to consider. After performing business impact analysis (BIA) and risk analysis (RA), an enterprise might decide it needs different DR plans in place for different assets, such as its warehouses, data centers, critical equipment or others.

Regardless of what you need to protect, the overall goal of a good DRP should be the restoration of normal business processes as quickly and safely as possible. Here are five business disaster recovery use cases to help better understand the importance of choosing the right solution and creating a strong plan.

Natural disasters (flood, earthquake, fire, etc.)

Natural disasters like as floods, fires and earthquakes can threaten human lives and valuable buildings, equipment and software. Imagine arriving at work to discover a hurricane in another part of the world has laid waste to a warehouse where you keep your most valuable equipment. According to Forbes, 40% of small and mid-sized businesses (SMBs)  (link resides outside never reopen after a natural disaster. Strong disaster recovery plans (DRPs) help companies face a variety of natural disasters and ensure their most critical infrastructure, including their employees, remain safe.

One practice that is growing in popularity for natural disaster recovery plans is geo-redundancy. This method, where important company assets are moved offsite and even distributed across multiple locations, helps reduce the odds that the same unplanned event will impact multiple locations.


Due to its high-profile and costly nature, a cyberattack is one of the most devastating and expensive kinds of interruption a business can face. To recover from a cyberattack, enterprises often turn to a Disaster Recovery as a Service (DRaaS) provider. Companies that take a DRaaS approach to creating a DRP are essentially outsourcing their DRP to a service provider. The DRaaS provider hosts and manages the necessary infrastructure for recovery, then creates and manages response plans and ensures a swift resumption of business-critical operations after the attack.

According to a recent report by Global Market Insights (GMI)  (link resides outside, the market size for DRaaS was USD 11.5 billion in 2022 and was poised to grow by 22% percent in 2023. DRaaS providers can help companies with a broad range of problems caused by cyberattacks, including restoring access to impacted systems, reducing downtime, restoring investor confidence and ensuring compliance in heavily regulated sectors.

Cloud or local server outages

For damage mitigation from a cloud provider or local server provider outage, many enterprises use a failover/failback process. In the event of an outage in a cloud, multicloud or local server, a system running failover/failback as part of its DRP will immediately be switched over to a backup environment. In this environment, business operations can continue to run cloud services indefinitely. In some cases, users won’t even know they aren’t using their typical cloud computing environment. When the primary server is back up and running, operations switch back and the secondary server switches off. This seamless transfer helps prevent data loss and keeps valuable services online throughout the interruption.

Network connectivity failures

Along with cyberattacks, a network going down can cost millions in downtime and generate damaging news cycles for companies. Putting sound network recovery plans in place helps businesses bounce back from a variety of critical interruptions, including internet access, cellular communications, local area networks (LAN) and wide area networks (WAN).

With so many businesses relying on networked services for their core business operations, network recovery plans and solutions must clearly document the procedures and responsibilities necessary to restore service. Like cyberattack DRPs, network failure DRPs are increasingly being outsourced to DRaaS providers with specialized resources and expertise.

Data center crashes

A data center going down can cause all kinds of problems for an enterprise. Some common threats to data storage include power outages, overstretched personnel that can result in human error, and difficulty following compliance requirements. Data center disaster recovery plans focus on the security of the facility and the employees’ ability to get back up and running after an unplanned incident.

Data center DRPs assess risk and analyze key components, such as physical environment, connectivity, power sources and security. Since data centers face a wide range of potential threats, their DRPs tend to be broader in scope than others.

In today’s fast-moving, highly competitive business environment, even a minor outage can be a game-changer for an enterprise. The demand for scalable, capable and affordable backup and recovery solutions has never been greater. Veeam on IBM Cloud provides predictable backup and fast recovery for your entire hybrid cloud—letting you more easily move on-premises workloads and backups to the cloud for disaster recovery.

Explore Veeam on IBM Cloud

Insights you can’t miss. Subscribe to our newsletters.

Go beyond the hype with expert news on AI, quantum computing, cloud, security and much more.

  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

WPBeginner - WordPress Tutorials for Beginners

WPBeginner » Blog » Beginners Guide » How to Make a WordPress Disaster Recovery Plan (Expert Tips)

How to Make a WordPress Disaster Recovery Plan (Expert Tips)

Last updated on July 9th, 2024 by Editorial Staff | Reviewed by: Syed Balkhi

Imagine you have poured your heart and soul into your WordPress website with a beautiful design, engaging content, and a growing audience. But then disaster strikes. Your website crashes, you’re locked out of your dashboard, or your data vanishes.

It sounds scary, but in our years of experience, it happens more often than you might think. Website downtime and data loss can be devastating.

This is where a WordPress disaster recovery plan comes in. It’s like an insurance policy for your website, ensuring you can quickly recover from any unexpected event.

In this guide, we will show you how to make a WordPress disaster recovery plan.

How to make a WordPress disaster recovery plan

Why Do You Need a WordPress Disaster Recovery Plan?

Even though WordPress is a powerful and popular platform, unexpected events can still take down your website. A WordPress disaster recovery plan acts like a roadmap for restoring your website.

Here’s why it’s important to have one:

  • Minimizes Downtime and Data Loss: Disasters can strike in many forms, from hacking attacks to accidental deletion of files. A recovery plan helps you get your WordPress site back up and running quickly, minimizing the amount of time your site is unavailable.
  • Protects Your Reputation: A WordPress website outage can damage your reputation and erode user trust. A disaster recovery plan allows you to address the issue quickly and restore the user’s confidence.
  • Ensures Business Continuity: If your website is important for your business, then a disaster recovery plan lowers the disruption to your operations. By getting your site back online quickly, you can limit revenue loss.

That said, let’s look at how to create a disaster recovery plan. You can click the links below to move to any step:

Step 1. Analyze Weak Areas of Your WordPress Site

Step 2. regularly back up your wordpress site, step 3. monitor wordpress web server uptime, step 4. strengthen your website security.

  • Step 5. Hire a WordPress Maintenance & Support Service

Step 6. Test Your Disaster Recovery Plan

Before you can protect your website, you need to know what you’re protecting it from. Start by thinking about the potential disasters that could impact your website.

For instance, server crashes, power outages, plugin conflicts, corrupted databases , and WordPress errors can temporarily make your site unavailable to users or restrict the user experience.

You can start by enabling the debug mode, checking the WordPress error logs , and then fixing each issue.

Debug.log Contains Error Messages and Time Stamps

Another risk you need to consider is hackers trying to steal your data, inject malicious code , or hold your website hostage for ransom. Accidentally deleting important files, installing incompatible updates, or falling for phishing scams can also cause disasters.

You can try to find vulnerabilities and weak areas on your site that hackers can target. This involves out-of-date plugins, WordPress core files , themes, weak passwords, and more.

It is also a best practice to document everything on your site. This includes website login details, plugin and theme settings, custom code snippets, hosting account information, and emergency contact information for your hosting provider, security experts, or web developers.

You can also use a cloud storage service or a password manager to keep your documentation safe and accessible. This way, if something goes wrong, you can recover important information in an instant.

Once you’ve highlighted the weak areas, the next thing to do is back up all the important elements on your site. These include blog posts, landing pages, images, videos, theme files, customer information, comments, plugins, themes, CSS files, and more.

The easiest way to create WordPress backups is to use a plugin like Duplicator Pro . It is super easy to use for creating backup packages, along with migrating and cloning your site.

The WordPress backup plugin also includes more features like scheduled backups, recovery points, cloud storage integration, migration tools, and more.

Create new package in Duplicator

You can also manually backup your site’s data using an FTP client, the File Manager in your hosting company’s cPanel or dashboard, or the phpMyAdmin panel.

For step-by-step details, please see our guide on how to back up your WordPress website .

With a fresh copy of your site ready, you can easily restore WordPress from the backup anytime a disaster occurs. This way, you can prevent data loss and get your site up and running in no time.

Another important tool to have in your disaster recovery plan is a server uptime monitor. Uptime is when your website is available to users on the Internet without any interruption.

These tools will monitor your site’s server and inform you whenever it’s down. If something goes wrong with your site, they will notify you immediately by email or SMS, allowing you to fix it as soon as possible.

For example, you can use UptimeRobot to monitor uptime. The best part is that it is free, but you can also sign up for its premium plans to receive alerts via SMS, voicemail, email, and other channels.

Uptime Robot Dashboard Stats

For more uptime monitoring tools, you can follow our guide on how to monitor your WordPress website server uptime .

If you experience an outage or server downtime, then you’ll immediately know. The next step would be to clear the cache and DNS cache to see if your site is restored. Or you can reach out to your web hosting provider for assistance and ensure your site is back up and running.

A secure website is a website that’s less likely to experience disasters in the first place. In a WordPress disaster recovery plan, you can strengthen your site’s security by:

  • Choosing Strong Passwords:  Use unique and complex passwords for all your website accounts. If you experience a disaster, then it’s critical that you replace all the passwords with new and strong ones.
  • Enable Two-Factor Authentication:  You should enable two-factor authentication to add an extra layer of security for all your logins.
  • Keep Everything Updated:  Regularly update your WordPress core , plugins, and themes to patch security vulnerabilities. In case something goes wrong, ensure that you update your plugins, themes, and core files after recovering from a backup.
  • Use WordPress Security Plugins:  Install WordPress security plugins like Sucuri to scan for malware, block suspicious activity, and monitor your website’s security.
  • Add a Web Application Firewall (WAF): In addition to a security plugin, you should also use a WAF on your site. It will prevent malicious traffic from reaching your site and causing a disaster.

For more security tips, please see our ultimate guide to WordPress security .

Pro Tip: Has your WordPress site been hacked, and you’re not sure what to do? It might be time to call in the professionals.

With WPBeginner Hacked Site Repair , our team of experts will clean up malicious code, files, and malware and get your site back up and running in no time.

Step 5. Hire a WordPress Maintenance & Support Service

Another important part of your disaster recovery plan should be hiring WordPress experts who can fix problems quickly and restore your website.

There are many WordPress maintenance services you can choose from. They provide regular backups, monitor your site’s uptime, provide 24/7 support, optimize your site for speed, and help recover your website from any sort of disaster.

For instance, WPBeginner Pro Maintenance Services is the best support agency you can use for your website. We have over 15 years of experience in the industry and have helped more than 100,000 users with WordPress.

WPBeginner Pro Maintenance Services

We will also ensure that your WordPress core, plugins, and themes are always up-to-date and that the latest updates won’t negatively affect your website’s performance.

Besides basic website maintenance, there are other services you can also get. These include website design, SEO services to boost traffic, speed optimization, emergency support, and more.

See the complete list of WPBeginner Pro Services .

You won’t know how effective your WordPress disaster recovery plan is unless you actually test it.

For instance, you can simulate a disaster and test your plan by restoring your website from a backup to a local or staging environment. This will ensure that your backups are up to date or the scheduled backups are working correctly.

In case there is an error while restoring the backup or you feel an important element is missing in the backup files, then you can fix it during the simulation.

You should also ensure that your website is functioning correctly, all your data is intact, and everything is working as it should.

We hope this article helped you learn how to make a WordPress disaster recovery plan. You may also want to see our guide on how to contact WordPress support and eCommerce maintenance tips – how maintain your store .

If you liked this article, then please subscribe to our  YouTube Channel  for WordPress video tutorials. You can also find us on  Twitter  and Facebook .

disaster recovery plans use

13 Things You MUST DO Before Changing WordPress Themes

How to Fix the Error Establishing a Database Connection in WordPress

How to Fix the Error Establishing a Database Connection in WordPress

Google Analytics in WordPress

How to Install Google Analytics in WordPress for Beginners

Revealed: Why Building an Email List is so Important Today (6 Reasons)

Revealed: Why Building an Email List is so Important Today (6 Reasons)

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded , why it matters, and how you can support us. Here's our editorial process .

Editorial Staff

About the Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

9 comments leave a reply.

Syed Balkhi says

Jul 11, 2024 at 2:24 pm

Hey WPBeginner readers, Did you know you can win exciting prizes by commenting on WPBeginner? Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes. You can get more details about the contest from here . Start sharing your thoughts below to stand a chance to win!

Jul 10, 2024 at 1:19 am

is Cloudflare a good idea it uses basic WAF I use Cloudflare DNS and CDN, and it offers some security as well. And I never understood how backup works does it count towards my hosting data if I create daily backups does the previous one get deleted to save the space?

WPBeginner Support says

Jul 10, 2024 at 2:16 pm

It would depend on the specific tool you are using and the settings you set for where the data is stored and how backups are handled.

Jiří Vaněk says

Jul 11, 2024 at 4:45 am

When it comes to FTP data and your tariff, it’s important to plan ahead for how you’ll handle backups. For instance, if you use Duplicator for backups and store them on FTP, those backups will consume space and count towards your tariff. Logically, backups stored on FTP will occupy space just like your website data and will consume resources. Additionally, this isn’t a good practice because both your main website and backups are stored in one place on one server. If something physically happens to the server, you risk losing both data and backups. Therefore, it’s much better practice to store backups in a different location, both physically and geolocationally. Physically, to eliminate the risk of having everything on one server, and geolocationally, to eliminate the risk of something happening to the data center or the provider failing. Personally, I have my website on one server and backups stored in two completely independent locations. Moreover, when you automate backups, you don’t have to worry about them. Yes, in Duplicator, you can set up backups to Google Drive, for example, with a maximum number of backups and older backups will be deleted accordingly. For instance, you can have 5 backups, and when the 6th is created, the first one will be deleted to maintain a constant set of 5 backups. Elegant and fully automated.

Jul 9, 2024 at 4:43 pm

I have WordPress on my own server, and that’s why it was critically important for me to create a disaster recovery plan. Even from the perspective of a recently completed cybersecurity course, it is clear to me how crucial it is to maintain continuity and data availability in case of a disaster. Therefore, I never rely on just one backup in one place. I have a backup of the website in three separate locations, going back a month and automated. Thanks to this, I have copies of the website and MySQL up to 30 days back. What helped me with automation was Duplicator, which automates backups to Google Drive, and also the classic Cron on the server, which triggers backups to paid cloud storage. It’s great how detailed your plan is, that in addition to backups, you also focus on security, etc. A must-have article for beginners.

Mrteesurez says

Jul 9, 2024 at 12:45 pm

I gained more insights when read this article. The roadmap you gave is great and the tips there are helpful. It is a must for a professional website, a money making business website to take the matter of security very serious. Thanks your helpful guide. I want to ask if there is a server crash and all data are gone, is there any solution to restore the data from the hosting level and who is responsible for the crash ?

WPBeginner Comments says

Jul 9, 2024 at 12:58 pm

Some hosting options offer backups as part of the hosting package.

The site owner is typically the one who will need to take action to restore the site, but this will depend on the hosting agreement and type of plan.

For example, if the hosting plan is more of a managed hosting plan, the hosting service may take care of some of the steps for you.

Jul 9, 2024 at 4:47 pm

It depends on who is responsible for the crash. If it’s a hardware failure of the server, the server provider should be responsible, and they usually have their own disaster recovery solutions where they back up server data and can create a copy of the original within minutes. If the website crashes due to a user error, then you need your own solution because you are responsible for such a crash. For example, if you break the site with an update or it gets hacked. If you want to handle recovery with your own solution, I recommend Duplicator, especially if you don’t have much experience. With Duplicator, you can set up automatic backups to Google Drive, and you’ll have peace of mind because the plugin will perform the backups for you. And the restoration process is simple.

Jul 10, 2024 at 1:26 pm

Thanks for your answer. Do you have either how Duplicator keeps the backup as in, does it replace the previous backup data to store the new ones or create another storage path.

Leave A Reply Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy , and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

Copyright © 2009 - 2024 WPBeginner LLC. All Rights Reserved. WPBeginner® is a registered trademark.

Managed by Awesome Motive | WordPress hosting by SiteGround

I need help with…

Popular searches:

U.S. flag

An official website of the United States government.

Here’s how you know

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

  • American Rescue Plan
  • Coronavirus Resources
  • Disability Resources

Disaster Recovery Assistance

  • Equal Employment Opportunity
  • Guidance Search
  • Health Plans and Benefits
  • Registered Apprenticeship
  • International Labor Issues
  • Labor Relations
  • Leave Benefits
  • Major Laws of DOL
  • Other Benefits
  • Retirement Plans, Benefits and Savings
  • Spanish-Language Resources
  • Termination
  • Unemployment Insurance
  • Veterans Employment
  • Whistleblower Protection
  • Workers' Compensation
  • Workplace Safety and Health
  • Youth & Young Worker Employment
  • Breaks and Meal Periods
  • Continuation of Health Coverage - COBRA
  • FMLA (Family and Medical Leave)
  • Full-Time Employment
  • Mental Health
  • Office of the Secretary (OSEC)
  • Administrative Review Board (ARB)
  • Benefits Review Board (BRB)
  • Bureau of International Labor Affairs (ILAB)
  • Bureau of Labor Statistics (BLS)
  • Employee Benefits Security Administration (EBSA)
  • Employees' Compensation Appeals Board (ECAB)
  • Employment and Training Administration (ETA)
  • Mine Safety and Health Administration (MSHA)
  • Occupational Safety and Health Administration (OSHA)
  • Office of Administrative Law Judges (OALJ)
  • Office of Congressional & Intergovernmental Affairs (OCIA)
  • Office of Disability Employment Policy (ODEP)
  • Office of Federal Contract Compliance Programs (OFCCP)
  • Office of Inspector General (OIG)
  • Office of Labor-Management Standards (OLMS)
  • Office of the Assistant Secretary for Administration and Management (OASAM)
  • Office of the Assistant Secretary for Policy (OASP)
  • Office of the Chief Financial Officer (OCFO)
  • Office of the Solicitor (SOL)
  • Office of Workers' Compensation Programs (OWCP)
  • Ombudsman for the Energy Employees Occupational Illness Compensation Program (EEOMBD)
  • Pension Benefit Guaranty Corporation (PBGC)
  • Veterans' Employment and Training Service (VETS)
  • Wage and Hour Division (WHD)
  • Women's Bureau (WB)
  • Agencies and Programs
  • Meet the Secretary of Labor
  • Leadership Team
  • Budget, Performance and Planning
  • Careers at DOL
  • Privacy Program
  • Recursos en Español
  • News Releases
  • Economic Data from the Department of Labor
  • Email Newsletter

Recursos en Español sobre asistencia de desastres .

The U.S. Department of Labor assists recovery efforts in communities affected by severe storms, floods and other disasters.

contact us

For general questions and assistance, you can contact us 8 a.m. to 8 p.m. ET using our online form or by calling toll-free: 1-866-487-2365

Income and Job Assistance

Income and Job Assistance

If you become unemployed through no fault of your own, you may be eligible for unemployment insurance. States impacted by disasters may be eligible to apply for grant funding.

Staying Safe During Cleanup and Recovery

Staying Safe During Cleanup and Recovery

The Occupational Safety and Health Administration has guidance and resources to help protect workers participating in cleanup and recovery efforts.


Learn about workers' rights and employers' responsibilities regarding pay in the aftermath of a disaster.

worker claims

Worker Claims

Find more information for federal employees and workers in the longshore community injured in the line of duty.

Health and Retirement Benefits

Health and Retirement Benefits

Questions about your workplace health or retirement benefits? View disaster relief information for workers and families or for employers and advisors . You can also get help from our benefits advisors by calling 1-866-444-3272 or submitting your question online .

For workers:

  • The federal-state Unemployment Insurance Program provides unemployment benefits to eligible workers who are unemployed through no fault of their own. Find your state's unemployment insurance information .
  • Disaster Unemployment Assistance provides financial assistance to individuals whose employment or self-employment has been lost or interrupted as a direct result of a major disaster declared by the president and who are not eligible for regular unemployment insurance benefits.

For states:

  • States can apply for Dislocated Worker Grant funds , which can be used to create temporary employment opportunities to assist with cleanup and recovery efforts.

Call OSHA toll-free at 1-800-321-6742 with any questions. Learn how to keep workers safe during cleanup and recovery operations following hurricanes .

Review these OSHA fact sheets on natural disaster recovery:

  • Carbon Monoxide Poisoning [ PDF ] / [ En Español ]
  • Chainsaws [ PDF ]
  • Chipper Machines [ PDF ]
  • Cleanup Hazard [ PDF ] / [ En Español ]
  • Downed Electrical Wires [PDF]
  • Electrical [ PDF ]
  • Falls [ PDF ] / [ En Español ]
  • Flood Cleanup [ PDF ] / [ En Español ]
  • Mold [ PDF ] / [ En Español ]
  • Portable Generators [ PDF ]
  • Personal Protective Equipment [ PDF ] / [ En Español ]
  • Preventing Carbon Monoxide Poisoning While Working with Portable Generators [ PDF ] / [ En Español ]
  • Roof Tarping [ PDF ] / [ En Español ] 
  • Tree Trimming [ PDF ]
  • Vehicle Safety  [ PDF ] / [ En Español ]

If you have questions about your pay, contact the Wage and Hour Division online or call 1-866-487-9243 with any questions, 8 a.m. to 5 p.m. in your time zone.

  • The Service Contract Act , which generally applies to federal or District of Columbia contracts for clean-up activities following a disaster, requires contractors and subcontractors performing services on prime contracts in excess of $2,500 to pay service employees in various classes no less than the wage rates and fringe benefits found prevailing in the locality, or the rates (including prospective increases) contained in a predecessor contractor's collective bargaining agreement.
  • Davis-Bacon regulations require federal contractors and subcontractors performing work on contracts in excess of $2,000 to pay their laborers and mechanics not less than the prevailing wage rates and fringe benefits for corresponding classes of laborers and mechanics employed on similar projects in the area.
  • To record hours worked, download the DOL Timesheet App to record the number of hours you have worked and calculate the amount you may be owed by your employer.

Our Office of Workers' Compensation Programs offers:

  • Online claims filing for federal employees injured during the performance of duty, as well as general information for claimants on the Federal Employees' Compensation Act .
  • Claims filing information for workers in the longshore community injured during the performance of duty .

Additional Resources

  • FEMA resources for people with disabilities
  • Federal resources for disasters and emergencies
  • Programs relevant to disaster relief
  • Information from the CDC on how the COVID-19 pandemic can affect disaster recovery, and what you can do to keep yourself and others safe
  • Disaster Distress Helpline: 24/7, 365-days-a-year crisis counseling and support to people experiencing emotional distress related to natural or human-caused disasters

Note : If you live in a disaster declared county, you can register online for disaster assistance at or call FEMA's toll-free registration line at 1-800-621-3362 (TTY 800-462-7585).


  1. Infographic: 9 Important Items Disaster Recovery Plans Should Include

    disaster recovery plans use

  2. How to Create a Disaster Recovery Plan

    disaster recovery plans use

  3. 7 Effective Tips to Create a Solid Disaster Recovery Plan

    disaster recovery plans use

  4. ISO 27001 Disaster Recovery Plan (Updated 2023)

    disaster recovery plans use

  5. Your Disaster Recovery Plan Checklist

    disaster recovery plans use

  6. What a Disaster Recovery Plan (DRP) Is and How It Works

    disaster recovery plans use


  1. Making Disaster Recovery Plans in Advance

  2. Post Disaster Recovery Process & Resources Training 20240408

  3. DRS(Disaster Recovery System) 지표

  4. SaaS: The Hole in Your Disaster Recovery Plan

  5. Military Disasters That Are On Another Level

  6. disaster recovery plan


  1. How to build a successful disaster recovery strategy

    Step 3: Create your asset inventory. Disaster recovery relies on having a complete picture of every asset your enterprise owns. This includes hardware, software, IT infrastructure, data and anything else that's critical to your business operations. Here are three widely used labels for categorizing your assets:

  2. What is a Disaster Recovery Plan?

    An effective DR plan addresses three different elements for recovery: Preventive: Ensuring your systems are as secure and reliable as possible, using tools and techniques to prevent a disaster from occurring in the first place.This may include backing up critical data or continuously monitoring environments for configuration errors and compliance violations.

  3. How to Write a Disaster Recovery Plan + Template

    Writing and maintaining a disaster recovery plan requires collaboration and coordination among key stakeholders across an organization and can seem intimidating. Below we'll outline the process step by step to help you get started. 1. Define the plan's objectives and scope.

  4. How to Create a Disaster Recovery Plan (DRP)

    Create Your DRP Team. Put together a DRP team to oversee the development and actual implementation of your plan. Each member of the disaster recovery planning committee should play a specific role in the success of your plan. This ensures that the operations during a disaster are smooth and well coordinated. Here are the most critical roles on ...

  5. disaster recovery plan (DRP)

    Disaster recovery plans are living documents. Involving employees -- from management to entry-level -- increases the value of the plan. Each disaster recovery plan should outline the individuals tasked with executing it and include measures to use in the absence of key personnel. Take inventory of IT.

  6. What is a Disaster Recovery Plan? + Complete Checklist

    A disaster recovery plan (DRP) is a set of detailed, documented guidelines that outline a business' critical assets and explain how the organization will respond to unplanned incidents. Unplanned incidents or disasters typically include cyber attacks, system failures, power outages, natural disasters, equipment failures, or infrastructure ...

  7. What is Disaster Recovery?

    The disaster recovery plan determines how you back up your data. Options include cloud storage, vendor-supported backups, and internal offsite data backups. To account for natural disaster events, backups should not be onsite. The team should determine who will back up the data, what information will be backed up, and how to implement the ...

  8. What Is a Disaster Recovery Plan?

    A disaster recovery plan (DRP) is a detailed document that outlines how an organization will respond effectively to an unplanned incident and resume business operations. DRPs help ensure that businesses are prepared to face many different types of disasters, including power outages, ransomware and malware attacks, natural disasters and much ...

  9. What Is Disaster Recovery (DR)?

    Disaster recovery planning can dramatically reduce these risks. Disaster recovery planning involves strategizing, planning, deploying appropriate technology, and continuous testing. Maintaining backups of your data is a critical component of disaster recovery planning, but a backup and recovery process alone does not constitute a full disaster ...

  10. Disaster recovery plans for IT ops and DevOps pros

    A disaster recovery plan is a documented set of practices and procedures set up to protect an organization and its IT assets in the event of a disaster. Typically the plan encompasses scenarios, runbooks, backups, and instructions for getting the business and IT services operational. This is especially relevant in events like system failure ...

  11. The complete guide to disaster recovery planning (DRP)

    May 23, 2023. A disaster recovery plan, or DRP, is a documented process that lays out specific procedures to follow when an organization experiences a disaster (often involving data-loss). It's designed to minimize data loss and business disruption and, most importantly, to get an organization back on itsfeet as quickly as possible.

  12. What Is a Disaster Recovery Plan? 4 Examples

    Major goals of a disaster recovery plan - Details the major goals of a disaster recovery plan. Personnel - Use the tables in this topic to record your data processing personnel. You can include a copy of the organization chart with your plan. Application profile - Use the Display Software Resources (DSPSFWRSC) command to complete the ...

  13. What is a disaster recovery plan?

    Besides protecting your business, disaster recovery planning is a big audit point. Regulated environments need to prove that they are ready for a disaster and capable of recovering, or face consequences. The disaster recovery plan is a very important asset when an auditor comes knocking.

  14. How to create a disaster recovery plan

    We'll break down the best practices for how to create a disaster recovery plan as part of your business continuity planning. Prepare for a potential disaster so you can return to normal operation as quickly as possible. An estimated 60% of SMBs go out of business within 6 months of a cyberattack. Meanwhile, 25% never reopen after a natural ...

  15. What Is Disaster Recovery?

    Disaster recovery is the practice of anticipating, planning for, surviving, and recovering from a disaster that may affect a business. Disasters can include: Natural events like earthquakes or hurricanes. Failure of equipment or infrastructure, such as a power outage or hard disk failure.

  16. Disaster recovery planning guide

    Last reviewed 2024-07-05 UTC. This document is the first part of a series that discusses disaster recovery (DR) in Google Cloud. This part provides an overview of the DR planning process: what you need to know in order to design and implement a DR plan. Subsequent parts discuss specific DR use cases with example implementations on Google Cloud.

  17. What is a Disaster Recovery Plan? Definition + Strategies

    A disaster recovery plan (DRP), disaster recovery implementation plan, or IT disaster recovery plan is a recorded policy and/or process that is designed to assist an organization in executing recovery processes in response to a disaster to protect business IT infrastructure and more generally promote recovery. The purpose of a disaster recovery ...

  18. 6 benefits that make a disaster recovery plan worth it

    Implementing disaster recovery plans can be expensive. That said, if an appropriate disaster recovery plan exists, it becomes straightforward to quantify the spending involved. DR plans outline internal and third-party resources the business will use in a crisis.

  19. Disaster Recovery Plan Examples for Businesses

    Use Jira Service Management for disaster recovery planning . As you've read above, disaster recovery planning is a challenging, critical, multifaceted element of business continuity planning. Multiple Jira Service Management features can simplify disaster recovery planning and make it more effective for you, your colleagues, and your business.

  20. What is a Disaster Recovery Plan?

    A disaster recovery plan (DR or DRP) is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events. The plan contains strategies to minimize the effects of a disaster, so an organization can ...

  21. Free Disaster Recovery Plan Templates

    Disaster Recovery Plan Template. Use this template to document and track all critical operations, personnel contact information, and key procedures to perform in the event of a disaster or business disruption. Use the designated space to record critical information, like the backup process, recovery sites, and restoration steps.

  22. What is Disaster Recovery?

    Disaster recovery is an organization's method of regaining access and functionality to its IT infrastructure after events like a natural disaster, cyber attack, or even business disruptions related to the COVID-19 pandemic. A variety of disaster recovery (DR) methods can be part of a disaster recovery plan. DR is one aspect of business ...

  23. Disaster recovery options in the cloud

    Figure 6 - Disaster recovery strategies . For a disaster event based on disruption or loss of one physical data center for a well-architected, highly available workload, you may only require a backup and restore approach to disaster recovery.If your definition of a disaster goes beyond the disruption or loss of a physical data center to that of a Region or if you are subject to regulatory ...

  24. National Disaster Recovery Framework

    The National Disaster Recovery Framework (NDRF) enables effective recovery support to disaster-impacted states, tribes, territorial and local jurisdictions. It provides a flexible structure that enables disaster recovery managers to operate in a unified and collaborative manner. The NDRF focuses on how best to restore, redevelop and revitalize the health, social, economic, natural and ...

  25. 8 key VMware questions answered at the Azure VMware Solution digital

    Implementing a robust business continuity and disaster recovery plan. In this session, you'll learn how to implement your business continuity and disaster recovery (BCDR) strategy with Azure VMware Solution. Get tips and best practices for business continuity and disaster recovery and take a deeper dive into common scenarios, such as BCDR ...

  26. Disaster Recovery Examples & Use Cases

    Disaster recovery plan (DRP): A disaster recovery plan (DRP) is a document that clearly outlines how an enterprise will recover from an unexpected event. Alongside business continuity plans (BCPs), DRPs help businesses prepare for different scenarios, such as natural disasters, widespread power outages, ransomware attacks and malware attacks.

  27. Why You Need an ERP Disaster Recovery Plan

    Learn why it's crucial to have an ERP disaster recovery plan in place. ERPs are vital for business operations. So, what happens when your ERP goes offline? Learn why it's crucial to have an ERP disaster recovery plan in place. ...

  28. How to Make a WordPress Disaster Recovery Plan (Expert Tips)

    A disaster recovery plan allows you to address the issue quickly and restore the user's confidence. Ensures Business Continuity: If your website is important for your business, then a disaster recovery plan lowers the disruption to your operations. By getting your site back online quickly, you can limit revenue loss.

  29. How to choose the best disaster recovery option for your Amazon Neptune

    Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are two key metrics to consider when developing a DR plan. RTO represents how much time does it takes you to return to a working state after a disaster. RPO, which can also be expressed in hours, represents how much data you could lose when a disaster happens.

  30. Disaster Recovery Assistance

    Wages. If you have questions about your pay, contact the Wage and Hour Division online or call 1-866-487-9243 with any questions, 8 a.m. to 5 p.m. in your time zone.. The Service Contract Act, which generally applies to federal or District of Columbia contracts for clean-up activities following a disaster, requires contractors and subcontractors performing services on prime contracts in excess ...