Skip to content

What to include in your IT Disaster Recovery Plan

Most businesses will experience a cyber incident; some may even be affected by floods or other natural disasters. Being as prepared as possible will help reduce the impact of an IT disaster. One way to be prepared is to have a formal IT disaster recovery plan in place that dictates the step-by-step protocols and processes required to get your business back up and running. In this blog post, we outline 15 elements of a good plan. 

1: Have a Disaster Recovery Plan: This is the first step. Having a plan in place will dramatically minimize your business risk in the event of unplanned downtime.  

2: Business Functions & Processes: Identify mission-critical business processes, applications and documents.  

3: Required IT Infrastructure: It’s imperative to evaluate and prioritize your IT infrastructure so you can document critical applications, systems and networks. What IT infrastructure does your organization rely on to operate? 

4: Supply Chain: Getting business done today often depends on third-party vendors. Have you made a list of suppliers and vendors essential to your day-to-day business operations?  

5: Risk Assessment: Building an effective recovery strategy demands understanding your unique risks. Have you identified potential natural disasters and technology-related incidents?  

6: Business Impact Assessment: Have you thought about the potential repercussions of a business disruption? Understanding probable impacts is key to developing a successful disaster recovery strategy.  

7: Financial Assessment: Determining the full financial impact of downtime for your business is instrumental in evaluating your disaster recovery plan expenses. Do you know what downtime could cost your business? 

In February 2023, Canadian retailer Indigo Books and Music was hit by a ransomware attack that heavily impacted its fourth quarter decreasing revenue by $26.5 million. Indigo had to shut down its e-commerce platforms, with full online access being restored after four weeks. Stores couldn’t process electronic payments for approximately three days. 

8: Backup: Backup strategies vary, and options include on-premises, direct-to-cloud and cloud-to-cloud. Some organizations choose backup only, and others subscribe to managed backup.  

9: Recovery Point Objective (RPO): This is the maximum amount of data you can afford to lose before causing your business serious harm. This number is essential as it dictates how often you need to back up. Know your RPO! 

10: Recovery Time Objective (RTO): This is the maximum amount of downtime your business can afford. Your RTO takes into account how much time you can lose and the potential impact on your bottom line.  


11: Cyber Insurance: With more frequent ransomware attacks and their costly payouts, businesses must have cybersecurity insurance and that means investing in cybersecurity. Learn more about current criteria and why your Microsoft Security Score matters.

The average cost of a data breach in Canada is now $6.75 million. -IBM

12: Emergency Response Team (ERT): An ERT plans for and responds to business disruptions like natural disasters and security threats. Do you have a team ready to handle worst-case scenarios like these?   

13: Disaster Recovery Team: Your DRT is responsible for coordinating and implementing your disaster recovery plan in the event of a crisis.  

14: Communication & Roles: Is every member of your staff informed on your disaster recovery plan and their individual role? How will your organization communicate an incident, even to those outside your organization. Consider the impact an incident could have on customers, the media, or even law enforcement.  

15: Testing: Regular testing can uncover hidden gaps and keep your disaster recovery plan up to date. How often is your plan is tested, exercised, reviewed and simulated?  

We understand that many small businesses may not know where to start. Each one of these elements contains even more steps and that’s where we can help. Need help creating this plan? Our team of vCIOs can provide Business Continuity & Disaster Recovery Strategy Services to formalize this customized plan for your business. Connect with us to learn more. 

We are local!