Create a Right-Sized Disaster Recovery Plan
Close the gap between your DR capabilities and service continuity requirements.
This content requires an active subscription.
Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.
Your Challenge
- Traditional Disaster Recovery Plan (DRP) templates are onerous and result in a lengthy, dense plan that might satisfy auditors but is not effective in a crisis.
- Similarly, the myth that a DRP is only for major disasters and should be risk-based leaves organizations vulnerable to more common incidents.
- The increased use of cloud vendors and co-lo/MSPs means you may be dependent on vendors to meet your recovery timeline objectives.
Our Advice
Critical Insight
- DR is about service continuity — that means accounting for minor and major events.
- Remember Murphy’s Law. Failure happens, so focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
- Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all systems require fast-failover capability.
Impact and Result
- Create an effective DRP by following a structured process to discover current capabilities and define business requirements for continuity, not by completing a one-size-fits-all traditional DRP template. This includes:
- Defining appropriate objectives for maximum downtime and data loss based on business impact.
- Creating a DR project roadmap to close the gaps between your current DR capabilities and recovery objectives.
- Documenting an incident response plan based on a tabletop planning walkthrough that captures all of the steps from event detection to data center recovery.
Contributors
- Bernard Jones (MBCI, CBCP, CORP, ITILv3), Owner/Principal, B Jones BCP Consulting, LLC
- Paul Beaudry, Assistant Vice-President, Technical Services, MIS, Richardson International Limited
- Yogi Shulz, President, Corvelle Consulting
Note: Additional organizations were interviewed but requested anonymity. In addition, feedback from conducting our DRP workshop (based on the methodology in this blueprint) was incorporated into this research.
Get the Complete Storyboard
See how all the steps you need to take come together, with tools and advice to help with each task on your list.
Download NowGet to Action
Start here – read the Executive Brief
Read our concise Executive Brief to find out why you should create a right-sized DRP. Review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.
-
Define parameters for the DRP
Determine what would be required to recover from an incident and resume operations.
-
Determine the desired recovery timeline
Set appropriate recovery timeline targets based on business impact.
-
Determine the current recovery timeline and DR gaps
Identify the gap between achievable and desired recovery capability.
-
Create a project roadmap to close DR gaps
Summarize the results of the DRP pilot and create a DRP project roadmap to achieve the desired recovery timeline.
Guided Implementation
This guided implementation is a twelve call advisory process.
-
Call #1: Leverage Info-Tech’s DRP Project Charter Template to clarify expectations.
-
Call #2: Determine current DRP gaps through a DRP maturity scorecard.
-
Call #3: Document key applications and dependencies.
-
Call #1: Define an objective scoring scale to indicate different levels of impact.
-
Call #2: Define the criticality of each application.
-
Call #3: Identify desired RTOs and RPOs based on business impact.
-
Call #1: Conduct a tabletop planning exercise based on current capabilities.
-
Call #2: Analyze RTO and RPO gaps.
-
Call #3: Conduct a high-level risk assessment to identify additional vulnerabilities.
-
Call #1: Prioritize each project and establish a project roadmap.
-
Call #2: Conduct a tabletop planning exercise to define the desired state.
-
Call #3: Complete the DRP and review the DRP roadmap.
Guided Implementation #1 - Define parameters for your DRP
Guided Implementation #2 - Determine the desired recovery timeline
Guided Implementation #3 - Determine the current recovery timeline and DR gaps
Guided Implementation #4 - Create a project roadmap to close DR gaps
Onsite Workshop
Module 1: Define Parameters for Your DRP
The Purpose
Identify key applications and dependencies based on business needs.
Key Benefits Achieved
Understand the entire IT “footprint” that needs to be recovered for key applications.
| Activities: | Outputs: | |
|---|---|---|
| 1.1 | Assess current DR maturity. |
|
| 1.2 | Determine critical business operations. |
|
| 1.3 | Identify key applications and dependencies. |
|
Module 2: Determine the Desired Recovery Timeline
The Purpose
Quantify application criticality based on business impact.
Key Benefits Achieved
Appropriate recovery time and recovery point objectives defined (RTOs/RPOs).
| Activities: | Outputs: | |
|---|---|---|
| 2.1 | Define an objective scoring scale to indicate different levels of impact. |
|
| 2.2 | Estimate the impact of downtime. |
|
| 2.3 | Determine desired RTO/RPO targets for applications based on business impact. |
|
Module 3: Determine the Current Recovery Timeline and DR Gaps
The Purpose
Determine your baseline DR capabilities (your current state).
Key Benefits Achieved
Gaps between current and desired DR capability are quantified.
| Activities: | Outputs: | |
|---|---|---|
| 3.1 | Conduct a tabletop exercise to determine current recovery procedures. |
|
| 3.2 | Identify gaps between current and desired capabilities. |
|
| 3.3 | Estimate likelihood and impact of failure of individual dependencies. |
|
Module 4: Create a Project Roadmap to Close DR Gaps
The Purpose
Identify and prioritize projects to close DR gaps.
Key Benefits Achieved
DRP project roadmap defined that will reduce downtime and data loss to acceptable levels.
| Activities: | Outputs: | |
|---|---|---|
| 4.1 | Determine what projects are required to close the gap between current and desired DR capability. |
|
| 4.2 | Prioritize projects based on cost, effort, and impact on RTO/RPO reduction. |
|
| 4.3 | Validate that the suggested projects will achieve the desired DR capability. |
|
Module 5: Establish a Framework for Documenting Your DRP, and Summarize Next Steps
The Purpose
- Outline how to create concise, usable DRP documentation.
- Summarize workshop results.
Key Benefits Achieved
- A realistic and practical approach to documenting your DRP.
- Next steps documented.
| Activities: | Outputs: | |
|---|---|---|
| 5.1 | Outline a strategy for using flowcharts and checklists to create concise, usable documentation. |
|
| 5.2 | Review Info-Tech’s DRP templates for creating system recovery procedures and a DRP summary document. |
|
| 5.3 | Summarize the workshop results, including current potential downtime and action items to close gaps. |
|
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Book NowCase Studies and Deliverables
Right-Sizing DRP Case Study of a State Government Agency
Increasing complexity within the environment, with competing priorities within the organization, made it challenging to create an actionable DRP or even to know where to start.
DRP Workshop Summary for a Mid-Sized Insurance Company
The existing Business Continuity Plan lacked the specific details of a step-by-step incident response plan, and failed to account for all potential disaster scenarios. IT needed direction and focus to work through those details and create a workable disaster recovery plan.
DRP Case Study of a Global Chemical Manufacturing Firm
The Americas IT department of a global chemical manufacturing firm had made significant strides in building redundancy and resiliency within the environment. However, little had been done to define, assess, and prioritize recovery objectives or document recovery plans.
DRP Case Study of a Large Tourism Complex
A large American tourism complex had some system backup capabilities, but no disaster recovery plan (DRP). The data center was housed in a 90-year-old wooden building with a tar and gravel roof prone to leaks. Failure to develop disaster prevention and recovery plans will leave the organization in a precarious position should any incident affect the data center.
DRP Case Study of a Mid-Sized Credit Union
A highly virtualized credit union located in the eastern US has made great strides in building redundancy in the main data center. However, apart from two major applications, the company was unprepared for a major disaster – lending and user connectivity systems would be down for 5-7 days, with full functionality hampered for weeks. An assessment of risk and downtime costs needed to be completed to ensure that appropriate plan and process in place to address the risk of unplanned downtime.
DR and Business Continuity Map
-
1Create a Right-Sized Disaster Recovery Plan
-
2Evaluate Cloud, Co-lo, and In-House DR Deployment Models
-
3Optimize the DRP for Business-Critical Analytics
-
4Reduce Costly Downtime Through DR Testing
-
5Prepare for a DRP Audit
-
6Optimize Backup Operations with a Recovery Services Plan
-
7Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
-
8Develop a Business Continuity Plan
-
9Implement Crisis Management Best Practices
-
10Document and Maintain the Disaster Recovery Plan
-
11Bridge the Gap between Service Management & Disaster Recovery
-
12Review Continuity Plans to Deal with the Threat of Ebola
-
13Predict System Failures and Performance Issues with Analytics
Search Code: 76457
Published: November 17, 2014
Last Revised: December 1, 2015
