An essential part of BC, a DR plan is a living document that details the precautions that must be taken to mitigate the effects of a disaster, while describing the step-by-step approach the organization will take to get back to business quickly in the aftermath of the event. DR applies to the operations of the organization that are dependent on a functioning information technology infrastructure, with the goal of resolving data loss and recovering system functionality so that it can perform, even at a minimal level just temporarily, following an unplanned incident. Think of it as a “roadmap to recovery” that includes details of how an organization can get back on its feet following any of the following:
- Application failure
- Communication failure
- Data center disaster
- Building and/or campus disaster
- Citywide, regional, national, and international disaster
As with the full BC plan, the DR plan should prioritize applications to ensure the most mission-critical can be up and running immediately, while less important applications can be restored in time (this will involve the aforementioned RTO and RPO to be covered further in Chapter 5). Other considerations include budget, insurance coverage, resources (both people and physical facilities), technology, data, compliance requirements, and other involved parties, such as suppliers. Gaining management’s buy-in on these recovery strategies is also important, as they need to closely align with the organization's overall goals.
Another component of the DR plan is identifying the incident response team and what their roles will be, as well as creating a communications plan. This must detail how both internal crisis communication (e.g., updates on the progress of the situation) and external crisis communication (e.g., informing stakeholders, clients, or the public as to the status of the disaster) will be managed.
Disaster Recovery Solutions
Once the DR plan is in place, an organization will often turn to DR solutions. A good DR solution replicates an environment; if there is a major disruption, an automatic failover transfers the management and operation of the infrastructure to a secondary machine and site to keep the applications and organization online. The servers will then run off the disaster recovery site until the primary facility is back online and capable of resuming system functionality. It’s important to note that disaster recovery options come in all shapes and sizes. Synchronous solutions replicate data in near real-time, making it the most comprehensive, but generally most expensive, option. On the other hand, asynchronous solutions have more delayed duplication, which makes it less expensive but also means that some of the most recent data may not be recovered.
It used to be that when it came to DR—based on their budgets—organizations often had to risk everything and do without a DR, or invest hundreds of thousands, or even millions, into off-premise real estate to house servers or tapes backing up their data. Fortunately, today they can opt for Disaster Recovery as a Service (DRaaS). DRaaS is a service offered by a third-party cloud provider that allows organizations to house data within their cloud backup solution without having to maintain their own storage infrastructure; instead, organizations can configure a cloud account to continually back up the most recent instances of servers and simply switch them on if the primary servers at the local sites fail.