Connecticut's IT Blog for Growing Businesses | NSI

A Quick Guide to Creating a Small Business IT Disaster Recovery Plan

Written by Tom McDonald | Aug 4, 2016 12:30:00 PM

By definition, a disaster is something you cannot plan for in advance, and in the case of your enterprise network, an unexpected IT disaster could cost your organization tens of thousands of dollars. So while you cannot anticipate disaster, you can be prepared for disaster recovery to minimize losses and get your business back online as quickly as possible.

Every organization needs an IT disaster recovery plan. It’s clearly much more expensive to do nothing than to have a disaster preparedness plan in place. Think of the potential losses from a network disaster in terms of a mathematical formula:

Losses = incident probability x cost of incident

span style="font-weight: 400;">For example, you have a new linen suit you just purchased for $500. The probability of rain this week is 50 percent. Your expected loss, i.e. the ruination of the suit, is $500 x 0.50 or $250, which is at least 10 times the cost of an umbrella. Now consider that the cost of downtime for the average enterprise network is $1 million a year for the average mid-sized organization, including losses from employee productivity (78 percent), revenue (17 percent), and the cost to fix the problem (5 percent).  The Ponemon Institute estimates that the average data center outage now costs about $740,000. When you consider that the average company can experience five or six outages per year, that’s a lot more expensive than implementing an IT disaster recovery plan.

In any disaster recovery plan you have three basic considerations: prevention, anticipation, and remediation. At each stage you have to consider all the moving parts in your network, including infrastructure, applications, databases, hardware, and organizational structure. Communication is also essential, so that the disaster recovery team has all the necessary details, can set recovery time objectives and priorities, inventory all the storage locations, notify customers, vendors, and others that might be affected, and implement systems recovery.

So what does it require to create a disaster recovery plan? The steps are fairly simple, but attention to detail and thoroughness are important:


  1. Assemble a disaster recovery team – The first step is to bring together the people who have a stake in disaster recovery. The team should include senior management all the way down to individual departments that will be affected by an outage. The team will be responsible for both developing and implementing a disaster recovery plan. If you are using a hosting provider or IT consultant to assist with network management, then be sure they are part of the team.
  1. Perform a risk assessment – With the disaster recovery team in place you are now ready to determine points of potential failure. Assess the overall network and determine what might fail and be sure to include equipment failures, human error, and natural disasters. You should create disaster scenarios to better understand the potential impact of a network disaster.
  1. Prioritize operations – Determine which systems are most vital and should be brought back online first. There will be a logical hierarchy, so rank various processes as essential, important, and non-essential.
  1. Data collection – Be sure to assemble all the documentation you will need for system recovery, including telephone numbers, contact details, hardware settings, details about backup data storage, necessary passwords, and any other materials you might need.
  1. Create the disaster recovery plan - Now you are ready to create the actual plan. Adopt a standardized format that is easy to follow and easy to update. Outline all the essential information, including step-by-step procedures and background information. Also be sure to update the plan regularly with the assistance of everyone in the disaster recovery team.
  1. Test the plan – Just as you perform fire drills, you need to test the disaster recovery plan. Testing the procedures in advance makes it easier to spot holes and errors and make adjustments before you need to implement the plan. Each time the plan is updated, test it again.

You can streamline much of this process by conferring with a disaster recovery expert. The right IT specialist will have experience developing disaster recovery strategies and can apply that expertise to your needs so you don’t have to begin from scratch. Using a managed IT services partner also can help alleviate concerns about IT disaster recovery by providing data backup and restoration as well as remote network monitoring services. An IT services provider can also advise you about possible cloud resources that can reduce disaster recovery time and safeguard data and operations using externally hosted systems.

Having a solid IT disaster recovery plan is your company’s insurance policy against cyber disaster. And as with insurance, you want to make sure you have the best plan possible lined up and ready to go, and then hope you never have to use it. If you want even more peace of mind, find an IT partner you can trust to help develop a comprehensive disaster recovery strategy and manage critical disaster recovery processes such as backup and recovery.