Create a Right-Sized Disaster Recovery Plan

Close the gap between your DR capabilities and service continuity requirements.

Unlock

This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • Traditional Disaster Recovery Plan (DRP) templates are onerous and result in a lengthy, dense plan that might satisfy auditors but is not effective in a crisis.
  • Similarly, the myth that a DRP is only for major disasters and should be risk-based leaves organizations vulnerable to more common incidents.
  • The increased use of cloud vendors and co-lo/MSPs means you may be dependent on vendors to meet your recovery timeline objectives.

Our Advice

Critical Insight

  • DR is about service continuity — that means accounting for minor and major events.
  • Remember Murphy’s Law. Failure happens, so focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
  • Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all systems require fast-failover capability.

Impact and Result

  • Create an effective DRP by following a structured process to discover current capabilities and define business requirements for continuity, not by completing a one-size-fits-all traditional DRP template. This includes:
    • Defining appropriate objectives for maximum downtime and data loss based on business impact.
    • Creating a DR project roadmap to close the gaps between your current DR capabilities and recovery objectives.
    • Documenting an incident response plan based on a tabletop planning walkthrough that captures all of the steps from event detection to data center recovery.

Create a Right-Sized Disaster Recovery Plan

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should create a right-sized DRP. Review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.


1

Define parameters for the DRP

Determine what would be required to recover from an incident and resume operations.

2

Determine the desired recovery timeline

Set appropriate recovery timeline targets based on business impact.

Info-Tech Academy

Get Info-Tech Certified

Train your staff and develop a world class IT team.

New to Info-Tech Academy? Learn more here

Disaster Recovery Planning Course

Close the gap between your DR capabilities and service continuity requirements.
This course makes up part of the Security & Risk Certificate.

Now Playing: Executive Brief

Course information:

Title: Disaster Recovery Planning Course
Number of Course Modules: 4
Estimated Time to Complete: 2-2.5 hours

Featured:
Frank Trovato, Research Director, Infrastructure Practice
Eric Wright, SVP of Research and Advisory

Onsite Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Define Parameters for Your DRP

The Purpose

Identify key applications and dependencies based on business needs.

Key Benefits Achieved

Understand the entire IT “footprint” that needs to be recovered for key applications. 

Activities:
Outputs

1.1

Assess current DR maturity.

  • Current challenges identified through a DRP Maturity Scorecard.

1.2

Determine critical business operations.

1.3

Identify key applications and dependencies.

  • Key applications and dependencies documented in the Business Impact Analysis (BIA) Tool.

Module 2: Determine the Desired Recovery Timeline

The Purpose

Quantify application criticality based on business impact.

Key Benefits Achieved

Appropriate recovery time and recovery point objectives defined (RTOs/RPOs).

Activities:
Outputs

2.1

Define an objective scoring scale to indicate different levels of impact.

  • Business impact analysis scoring criteria defined.

2.2

Estimate the impact of downtime.

  • Application criticality validated.

2.3

Determine desired RTO/RPO targets for applications based on business impact.

  • RTOs/RPOs defined for applications and dependencies.

Module 3: Determine the Current Recovery Timeline and DR Gaps

The Purpose

Determine your baseline DR capabilities (your current state).

Key Benefits Achieved

Gaps between current and desired DR capability are quantified.

Activities:
Outputs

3.1

Conduct a tabletop exercise to determine current recovery procedures.

  • Current achievable recovery timeline defined (i.e. the current state).

3.2

Identify gaps between current and desired capabilities.

  • RTO/RPO gaps identified.

3.3

Estimate likelihood and impact of failure of individual dependencies.

  • Critical single points of failure identified.

Module 4: Create a Project Roadmap to Close DR Gaps

The Purpose

Identify and prioritize projects to close DR gaps.

Key Benefits Achieved

DRP project roadmap defined that will reduce downtime and data loss to acceptable levels.

Activities:
Outputs

4.1

Determine what projects are required to close the gap between current and desired DR capability.

  • Potential DR projects identified.

4.2

Prioritize projects based on cost, effort, and impact on RTO/RPO reduction.

  • DRP project roadmap defined.

4.3

Validate that the suggested projects will achieve the desired DR capability.

  • Desired-state incident response plan defined, and project roadmap validated.

Module 5: Establish a Framework for Documenting Your DRP, and Summarize Next Steps

The Purpose

  • Outline how to create concise, usable DRP documentation.
  • Summarize workshop results. 

Key Benefits Achieved

  • A realistic and practical approach to documenting your DRP.
  • Next steps documented. 

Activities:
Outputs

5.1

Outline a strategy for using flowcharts and checklists to create concise, usable documentation.

  • Current-state and desired-state incident response plan flowcharts.

5.2

Review Info-Tech’s DRP templates for creating system recovery procedures and a DRP summary document.

  • Templates to create more detailed documentation where necessary.

5.3

Summarize the workshop results, including current potential downtime and action items to close gaps.

  • Executive communication deck that outlines current DR gaps, how to close those gaps, and recommended next steps.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.

Client

$ Saved

Days Saved

Testimonial

Cheshire Medical Center

N/A

15

Introduced a good methodology for documenting DR plan and gave insights into what's realistic to expect. Downside is the project was just a kick-off and much work remains!

City of Lethbridge

$30,000

30

Best: The resources provided and experience brought to the engagement. Frank and David were great. Worst: Looking backwards is 20/20; doing this again I would have included a larger distribution of business leaders. Nothing should be changed on the workshop side. It went well.

City of Santa Fe

$328K

30

The facilitator was knowledgeable, flexible, credible and had a proven approach for developing a plan.

Elementis Specialities

$65,617

N/A

The workshop was very useful for Elementis.

Global Partners LP

$13,123

N/A

Best: The methodology and knowledge of the workshop facilitators.

London Health Sciences Centre

$2,501

11

Best: Participant learning of DRP process and also internal workings and processes. Clear methodology and direction to implementing DRP for the organization. A lot learned in a short period of time. Worst: Ensuring the right people were at the table for focus portions of workshop.

Marsh Supermarkets

N/A

90

The sessions went very well. The facilitation was very good. We plowed through a ton of material and my staff walked away with a much better understanding of the process. I would say it was eye opening to them. I can't think of anything that wasn't good, other then I was sick that week. Overall, Frank did a great job!

Messer

$26,247

15

Best: Getting my team all on the same page, all speaking the same language. Worst: The amount of content can be daunting. Not sure we can get to everything we would want to.

Moog Inc.

N/A

N/A

This workshop was to bring the different Moog IT teams together to work on DR within the same framework. There was no day or $ savings. It was arranged to work collaboratively and using the same framework. It was a very good use of our time.

Niagara Health System

N/A

N/A

Best: The Info-Tech team was knowledgeable, experienced, friendly and provided excellent information, feedback and facilitation to get us going. Worst: I would say there really wasn't any related to Info-Tech, but the amount of work remaining for us is quite daunting.

Office of the Ombudsperson

$5,000

90

Brought the C level to the table and spelled out their expectations on what is or is not critical.

Peoples Bank

$26,247

5

Best - excellent consultants with exactly the skillsets and experience we needed. Worst - not enough time to get the full BIA completed, but we're well on our way.

TRAC Intermodal

N/A

15

Too soon to tell dollar value.

Client

Facilitator(s) effectiveness

INFO & materials effectiveness

Overall experience

Understanding of next steps

Testimonial

Rend Lake College

10.0

10.0

10.0

8.0

The workshop has really given us a good springboard to talk with our board and our upper management to indicate where IT is as a whole, things that we need in the future, and possible pitfalls. As a whole, I think we are much better prepared to respond to disasters following this workshop. We had identified critical systems before, but we had not gone to the depth we did in the workshop. We expanded it tenfold. We are better able to articulate the justification for future investment in DR than we were. We're really proud to have hosted this workshop, and just so thankful to Info-Tech for being able to do it for us. We found this workshop to be incredibly valuable in that it was reasonably priced and resulted in a wealth of information and tactics.

Centrastate Healthcare Systems

9.0

9.0

9.0

9.0

Braun Intertec Corporation

10.0

10.0

9.0

The London Public Library Board

9.0

9.0

9.0

9.0

Portage College

8.0

8.0

8.0

7.0

Hartford Community College

8.5

8.0

9.0

9.0

The way that Info-Tech does disaster recovery is to tackle it from a business continuity perspective. I like the way that they did it; it was refreshing and helped me get different members of my team on the big picture. I really like the practical aspect of it. That's where the value is derived. It helped to give me action items that I can also take higher up the food chain. A lot of times in disaster recovery exercises they use scare tactics, something that's highly improbable. I liked the Info-Tech table-top exercise because it is very practical. Rather than saying there's a thermonuclear meltdown, or zombies are coming, we actually took something that could happen; there's a fire in the building, and now they have to shut off gas and electricity. What do we do? For some of the members of the team, it was eye-opening. If we put a couple of key things in place, it makes a huge difference. It was excellent. We had a shortcoming when it came to disaster recovery, and in some cases just business continuity. This helped me to bring it to light with the other members of the team.

Farm Credit Services Central IL

10.0

10.0

10.0

10.0

It turned out to be a great team-building exercise. We were elbow-to-elbow for a week. It's hard to get any team that's in technology to pull up and be strategic, and Info-Tech did a good job of making sure we were there with each other. At the end of it, all my staff were very happy that I put them through the workshop and we felt that we're very well armed for what we need to do. I was pleasantly surprised at the level of expertise, the engagement, the passion we had around the conversation. I just didn't know how much we were able to get from Info-Tech. This was a great start for us. The table-top exercise was exceptionally enlightening. We as a team were engaged with it, joking and arguing at the same time. To see the results, and then have something tangible -- I feel honored to be able to say to my senior staff, "Here's where we're at. Here's why we need to do this." Most people think you just do a DR test once a year and that should be okay. We thought through it; "how would this actually work?" I adamantly give it a 10. You hit a home run. When I saw the presentation that was put together, aligned with everything I wanted to do this year and gave us the roadmap for what we need to be. I just talked to my CFO about it, and he said "Okay!"

Assurance Agency

10.0

10.0

10.0

10.0

Not only was the material relevant, but as we worked through things over the span of the week we figured out what's useful and what's not useful for the next day or the next several hours. It continued to be more and more relevant as time went on. The exercises were nice and methodical. Going through a process like that and having it already laid out not only made it easier and more efficient, but gave us a consistent outcome. The outcome especially after including various groups of people from my team, to business leaders, to interior operational leaders, and so on, helped us to really set a path that was tied to what business needs. From a DR perspective, several of the things that we did over the week pointed out a few extra things my team really needed to do that we hadn't considered yet. I was really happy with the outcome there. There were a few shortcomings in the data center that we'd built in terms of equipment or roles of that equipment that we really hadn't thought all the way through. Those were big because those make our data center even more responsive in terms of being able to get ourselves back online after a disaster.

Tikinagan Child & Family Services

9.0

9.0

9.0

9.0

The Corporation of the City of Timmins

9.5

9.0

9.5

9.0

Madison Dearborn Partners

10.0

10.0

10.0

10.0

Zoological Society of San Diego

10.0

10.0

10.0

10.0

DRP is one of those subjects that's easy to put off. I decided to draw a line in the sand and have the workshop. It's probably the best investment we've made in IT in general in terms of our ability to get a better handle on where we are and where we need to be. One of the things I've been so impressed with Info-Tech about has been that not only do you say "Here are best practices," but "Here are tools to help you get started in emulating those best practices." That's really been helpful for me. Never having done an Info-Tech workshop before, it was an eye-opening experience that really helped us focus our attention where it needed to be focused and left us with a set of tools that we can now pick up and start to advance the ball down the field.

Teva Canada

9.0

10.0

10.0

9.0

Takasago International Corporation (U.S.A)

10.0

10.0

10.0

10.0