Disaster Recovery Plan (DRP) is a set of protocols that are followed by companies and businesses to protect information and assets in the event of a mishap or disaster. The outline of a DRP is a comprehensive document or statement of specific actions that are to be put in place before and after, and during a disaster. The disaster or catastrophe can be of any dimension and fall into three main categories – environmental, natural and man-made. Intentional man-made opponents refer to violence or terrorism; unintentional often related to accidents like the break-up or break of dam, building break-down etc.
With increasing dependence on IT to run their business operations, more and more companies are devising Disaster Recovery Plans. A COOP (Continuity of Operations Plan) is in place in most business operations to help with recovering assets, data and operational facilities.
Objectives of DRP
Disasters can not always be completed avoided but the consequent effects can be drastically minimized with careful planning and foreseeing the consequences. The primary objective of a DRP is protection of the company's functions in the event of a partial or total failure; in that sense it increasingly relates to the IT end that enables the running of all systems and networks relating to the main business areas and data storage. Therefore the two-fold aspects of a DRP, in a scenario where all systems and networks fail, are:
i. Minimize downtime of the business
ii. Minimize data loss
The Disaster Recovery Plan aims to minimize disruptions, it also ensures that some kind of stability and a level or regularly recovery can be put in place after a disaster. The two aspects mentioned above can be gauged in terms of two prime concepts – Recovery Point Objective (RPO) and Recovery Time Objective (RTO).
The RPO is measured from the time the disaster or MI (major incident) occurs – therefore the RPO starts 'back in time' and is the maximum acceptable volume of information loss or data loss that can be measured in time. Simply put, it means the age of the data or record or files in back-up storage that need to be rolled out or reclaimed to resume normal business functions again.
The RTO is the time measure within which a company or business must restore its function in a way so that consequences arising out of a break in business continuity are avoided.
Types of DRP
There is no one disaster plan that is a 'one-size fits all' type of plan. However, it is important to remember three strategic measures that are included in a DRP. These measures are:
1. Preventive – to identify risks and mitigate them. Preventive measures could be a single or more components like keeping data back-up offsite, installing generators, using power surge protectors, routine inspections etc.
2. Detective – to discover or detect the presence of potential threats in the IT infrastructure namely, installation of network and server monitoring software, fire alarms, best anti-virus software and training of employees.
3. Corrective – these of focus on systems restoration after a disaster like ensuring safety of critically important assets and documents, taking out appropriate insurance policies and using the situation to brainstorm 'lessons learned' sessions.
In essence, a Disaster Recovery Plan must address the three basic questions of disaster handling or preparedness to meet an eventuality.
i. What is the purpose and objective?
ii. Who will combine key task force (team or teams of people) responsible to put into immediate effect recovery plans?
iii. What plan will the task force perform (procedures to follow) when an unforeseen event occurs?
Benefits of DRP
As with an insurance policy or plan, there are some benefits to be accrued from making and following a Disaster Recovery Plan. Although not all loss can be claimed or recovered, these benefits go a long way in restoring confidence to the work.
• Guarantees the reliability and dependability of standby systems
• Helps to lower a visibly stressful work environment
• Minimizes risks
• Minimizes decision making at the time of a disaster
• Provides a strong sense of security
• Provides a standard system for testing efficiency of the plan
• Reduces potential legal liabilities