Disaster recovery is an organization’s method of regaining access and functionality to its IT infrastructure after a natural or human disaster, like equipment failure or cyber attack. A variety of disaster recovery (DR) methods can be part of a disaster recovery plan. DR is one aspect of business continuity.

  • Preventive measures
  • Corrective measures
  • Detective measures

A good disaster recovery plan includes documentation of which systems and data are the most critical for business continuity, as well as the necessary steps to recover the data. The plan should include a recovery point objective (RPO) that states the frequency of backups and a recovery time objective (RTO) that defines the maximum amount of downtime allowable after a disaster. These metrics create limits to guide the choice of IT strategy, processes, and procedures that make up an organization’s disaster recovery plan. The amount of downtime an organization can handle and how frequently the organization backs up its data will inform the organization’s disaster recovery strategy. Finally, it is important to test the plan on a regular basis before disaster strikes, to ensure that it works.

More specifically, a DRP needs to anticipate and delineate a plan of action in response to the loss of such mission-critical IT components and services as:

  • Complete computer room environments
  • Critical IT hardware including network infrastructure, servers, desktop or laptop computers, wireless devices, and peripherals
  • Service provider connectivity
  • Enterprise software applications
  • Data storage devices or applications