Create a Right-Sized Disaster Recovery Plan

Close the gap between your DR capabilities and service continuity requirements.


This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • Traditional Disaster Recovery Plan (DRP) templates are onerous and result in a lengthy, dense plan that might satisfy auditors but is not effective in a crisis.
  • Similarly, the myth that a DRP is only for major disasters and should be risk-based leaves organizations vulnerable to more common incidents.
  • The increased use of cloud vendors and co-lo/MSPs means you may be dependent on vendors to meet your recovery timeline objectives.

Our Advice

Critical Insight

  • DR is about service continuity — that means accounting for minor and major events. 
  • Remember Murphy’s Law. Failure happens, so focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
  • Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all systems require fast-failover capability.

Impact and Result

  • Create an effective DRP by following a structured process to discover current capabilities and define business requirements for continuity, not by completing a one-size-fits-all traditional DRP template. This includes:
    • Defining appropriate objectives for maximum downtime and data loss based on business impact.
    • Creating a DR project roadmap to close the gaps between your current DR capabilities and recovery objectives.
    • Documenting an incident response plan based on a tabletop planning walkthrough that captures all of the steps from event detection to data center recovery.


  • Bernard Jones (MBCI, CBCP, CORP, ITILv3), Owner/Principal, B Jones BCP Consulting, LLC
  • Paul Beaudry, Assistant Vice-President, Technical Services, MIS, Richardson International Limited
  • Yogi Shulz, President, Corvelle Consulting

Note: Additional organizations were interviewed but requested anonymity. In addition, feedback from conducting our DRP workshop (based on the methodology in this blueprint) was incorporated into this research.

Get the Complete Storyboard

See how all the steps you need to take come together, with tools and advice to help with each task on your list.

Download Now

Get to Action

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should create a right-sized DRP. Review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

  1. Define parameters for the DRP

    Determine what would be required to recover from an incident and resume operations.

  2. Determine the desired recovery timeline

    Set appropriate recovery timeline targets based on business impact.

  3. Determine the current recovery timeline and DR gaps

    Identify the gap between achievable and desired recovery capability.

  4. Create a project roadmap to close DR gaps

    Summarize the results of the DRP pilot and create a DRP project roadmap to achieve the desired recovery timeline.

Guided Implementation icon Guided Implementation

This guided implementation is a twelve call advisory process.

    Guided Implementation #1 - Define parameters for your DRP

  • Call #1: Leverage Info-Tech’s DRP Project Charter Template to clarify expectations.

  • Call #2: Determine current DRP gaps through a DRP maturity scorecard.

  • Call #3: Document key applications and dependencies.

  • Guided Implementation #2 - Determine the desired recovery timeline

  • Call #1: Define an objective scoring scale to indicate different levels of impact.

  • Call #2: Define the criticality of each application.

  • Call #3: Identify desired RTOs and RPOs based on business impact.

  • Guided Implementation #3 - Determine the current recovery timeline and DR gaps

  • Call #1: Conduct a tabletop planning exercise based on current capabilities.

  • Call #2: Analyze RTO and RPO gaps.

  • Call #3: Conduct a high-level risk assessment to identify additional vulnerabilities.

  • Guided Implementation #4 - Create a project roadmap to close DR gaps

  • Call #1: Prioritize each project and establish a project roadmap.

  • Call #2: Conduct a tabletop planning exercise to define the desired state.

  • Call #3: Complete the DRP and review the DRP roadmap.

Onsite Workshop

Module 1: Define Parameters for Your DRP

The Purpose

Identify key applications and dependencies based on business needs.

Key Benefits Achieved

Understand the entire IT “footprint” that needs to be recovered for key applications. 

Activities: Outputs:
1.1 Assess current DR maturity.
  • Current challenges identified through a DRP Maturity Scorecard.
1.2 Determine critical business operations.
1.3 Identify key applications and dependencies.
  • Key applications and dependencies documented in the Business Impact Analysis (BIA) Tool.

Module 2: Determine the Desired Recovery Timeline

The Purpose

Quantify application criticality based on business impact.

Key Benefits Achieved

Appropriate recovery time and recovery point objectives defined (RTOs/RPOs).

Activities: Outputs:
2.1 Define an objective scoring scale to indicate different levels of impact.
  • Business impact analysis scoring criteria defined.
2.2 Estimate the impact of downtime.
  • Application criticality validated.
2.3 Determine desired RTO/RPO targets for applications based on business impact.
  • RTOs/RPOs defined for applications and dependencies.

Module 3: Determine the Current Recovery Timeline and DR Gaps

The Purpose

Determine your baseline DR capabilities (your current state).

Key Benefits Achieved

Gaps between current and desired DR capability are quantified.

Activities: Outputs:
3.1 Conduct a tabletop exercise to determine current recovery procedures.
  • Current achievable recovery timeline defined (i.e. the current state).
3.2 Identify gaps between current and desired capabilities.
  • RTO/RPO gaps identified.
3.3 Estimate likelihood and impact of failure of individual dependencies.
  • Critical single points of failure identified.

Module 4: Create a Project Roadmap to Close DR Gaps

The Purpose

Identify and prioritize projects to close DR gaps.

Key Benefits Achieved

DRP project roadmap defined that will reduce downtime and data loss to acceptable levels.

Activities: Outputs:
4.1 Determine what projects are required to close the gap between current and desired DR capability.
  • Potential DR projects identified.
4.2 Prioritize projects based on cost, effort, and impact on RTO/RPO reduction.
  • DRP project roadmap defined.
4.3 Validate that the suggested projects will achieve the desired DR capability.
  • Desired-state incident response plan defined, and project roadmap validated.

Module 5: Establish a Framework for Documenting Your DRP, and Summarize Next Steps

The Purpose

  • Outline how to create concise, usable DRP documentation.
  • Summarize workshop results. 

Key Benefits Achieved

  • A realistic and practical approach to documenting your DRP.
  • Next steps documented. 

Activities: Outputs:
5.1 Outline a strategy for using flowcharts and checklists to create concise, usable documentation.
  • Current-state and desired-state incident response plan flowcharts.
5.2 Review Info-Tech’s DRP templates for creating system recovery procedures and a DRP summary document.
  • Templates to create more detailed documentation where necessary.
5.3 Summarize the workshop results, including current potential downtime and action items to close gaps.
  • Executive communication deck that outlines current DR gaps, how to close those gaps, and recommended next steps.

Workshop Icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now

Case Studies and Deliverables

Right-Sizing DRP Case Study of a State Government Agency

Increasing complexity within the environment, with competing priorities within the organization, made it challenging to create an actionable DRP or even to know where to start.

DRP Workshop Summary for a Mid-Sized Insurance Company

The existing Business Continuity Plan lacked the specific details of a step-by-step incident response plan, and failed to account for all potential disaster scenarios. IT needed direction and focus to work through those details and create a workable disaster recovery plan.

DRP Case Study of a Global Chemical Manufacturing Firm

The Americas IT department of a global chemical manufacturing firm had made significant strides in building redundancy and resiliency within the environment. However, little had been done to define, assess, and prioritize recovery objectives or document recovery plans.

DRP Case Study of a Large Tourism Complex

A large American tourism complex had some system backup capabilities, but no disaster recovery plan (DRP). The data center was housed in a 90-year-old wooden building with a tar and gravel roof prone to leaks. Failure to develop disaster prevention and recovery plans will leave the organization in a precarious position should any incident affect the data center.

DRP Case Study of a Mid-Sized Credit Union

A highly virtualized credit union located in the eastern US has made great strides in building redundancy in the main data center. However, apart from two major applications, the company was unprepared for a major disaster – lending and user connectivity systems would be down for 5-7 days, with full functionality hampered for weeks. An assessment of risk and downtime costs needed to be completed to ensure that appropriate plan and process in place to address the risk of unplanned downtime.

GET HELP Contact Us
VL Methodology