Disaster recovery planning is an IT function often involving a whole of business team whose role it is to anticipate disasters of any scale, determine the effects these would have on business continuity, and then create a set of policies and procedures for minimizing downtime and expediting recovery to pre-disaster levels.
In smaller corporations the disaster recovery plan may in fact be just a sheets of paper listing steps to take when the unforeseen occurs, in fact, smaller organizations may be able to download disaster recovery templates from expert websites and simply follow the instructions for completing the audit and creating the recovery plan.
However, larger corporations and the government sector typically require a great deal more detail in their disaster recovery plan which will more likely be a set of procedures and policies filling several folders and requiring extensive staff training from board level right down to data entry operators.
Planning for disaster recovery requires detailed business risk analysis, and a keen understanding of the effect various disasters will likely have on the business, from temporary setbacks that can be coped with, right thru to disasters that threaten the viability of the corporation in the short and long term after the plan is implemented.
In the pre-planning stage an audit by certified disaster recovery experts should be carried out. This may take considerable time to complete but is absolutely necessary for ensuring some critical measure is not forgotten. A small detail could have huge ramifications.
Probably the most important step in preparing a disaster recovery plan, the pre-planning stage will pick up potential threats to data storage, specifically whether off-site backups will be affected by the same disaster that incapacitates the live data. Similarly, a professionally undertaken audit should be able to establish if redundancies in networking will be affected by the disaster.
Having determined the threats to the business data, analysis of recovery options and budgeting for them takes place, and at this stage the complete plan takes shape. This is a commercially sensitive document and is usually known in its entirety to only the most trusted corporate officers.
No disaster recovery plan is ever complete without also testing its efficacy, a process that allows for fine tuning and fault analysis well before ever having to rely on the plan for business continuity. Testing the recovery plan should be considered a necessary expense of producing the plan rather than an unneeded cost after the fact. Far too many corporations neglect testing their systems and procedures, resulting in business closure.
Once the disaster recovery plan is complete, any authorized officer of the organization should be able to refer to it in the event of a major disaster, and sad to say, this means not keeping the plan in soft copy on the Intranet. Printed copies need to be distributed to relevant personnel, and better yet, a copy of the plan needs to be stored off-site. Never take for granted the security of the head office.