Skip to content

Complete Guide to IT Disaster Recovery Planning


January 25, 2022

The pandemic has taught us a multitude of things, from how to work from our kitchen tables to how to unmute ourselves during a virtual meeting. But when it comes to IT, the pandemic has also taught us that disasters can happen anytime, anywhere and always when you least expect it. 

Cybersecurity threats are on the rise and businesses have had to address the challenging task of shifting their data to cloud platforms in order to allow their employees access. It’s a lot to manage, especially when you don’t know what’s coming next. But there are actions you can take to guard against disaster fallout. 

Managing HR And Finance Security

In this article, we do a deep dive on disaster recovery planning, including:

  •  what you need to know about disaster recovery plans (DRPs), 
  • why they’re important, 
  • what your options are and 
  • how you can create one for your company. 

Whether you take on this task internally or get the help of a partner who offers disaster recovery-as-a-service, planning for the worst is crucial for managing risk.

What is an IT disaster recovery plan?

A lot of businesses are working towards a post-pandemic disaster recovery plan, and for good reason. But what is a disaster recovery plan?

An IT disaster recovery plan (DRP) is a recorded policy or set of procedures that is designed to assist a company or organization in the recovery process of critical business operations in the event of a disaster. A disaster recovery plan is also sometimes called a business continuity plan

An effective DRP will be comprehensive and outline the actions that must be taken and by whom, in order to meet the threshold of recovery needs in order to put a company back to baseline. A DRP should help in mitigating any downtime that might occur during a disaster, and hopefully, that downtime will be reduced to zero. 

A disaster recovery plan should take into consideration a variety of disaster scenarios, including man-made such as cyberterrorism, and natural disasters such as fire or flooding. 

Why should you create an IT disaster recovery plan?

Not creating a disaster recovery plan can be, well, disastrous. Not creating a DRP can lead to phenomenal loss in the event of a disaster. Anything (and everything) from equipment to data can be wiped out, and if businesses don’t have a DRP, there is little to no chance of recovering what was lost. 

An IT disaster recovery plan can also help insurance adjusters determine the extent of the loss incurred by your business because of a disaster. If you don’t have meticulous records of all your assets, you may be hard pressed to recover any of that loss. 

Creating a DRP is like creating your own insurance plan. A company is required to have emergency personnel drills in the event of a disaster like fire or flooding. The same should go for your business. 

Individuals holding puzzle pieces in a circle

A DRP can help with:

Minimizing loss during a disaster

Providing a standard set of procedures during a disaster

Ensuring the reliability of all backup systems

Gives a sense of security

There are a few factors that should be considered, if not included, in a disaster recovery plan. These are:

This is a statement of goals, similar to a business policy document, that outlines what the business wants to achieve in the wake of a disaster. This will include:

  • Recovery time objective (RTO): The amount of downtime during an outage that is acceptable before business operations and IT should be restored to normal. This can be in the range of minutes to hours to days, depending on the business.
  • Recovery point objective (RPO): This refers to the baseline data of which a business is willing and not willing to lose after a disaster occurs. This is usually measured in hours of data. For example, an RPO for a business can be one hour of data lost, beyond which is unacceptable. 

These objectives help create the architecture of what a disaster recovery plan will be. 

Personnel responsible in disaster recovery planning and execution

This is a fairly self-explanatory goal, in that it outlines the personnel who will be responsible for not just the data recovery plan, but the execution of that plan in the wake of a disaster. This should also include contingency personnel in the event that primary personnel are not available.

For many businesses, the primary personnel involved will be their IT department, however, there are third-party outsourcing options, such as Disaster Recovery-as-a-Service. These services free up a company’s IT personnel to work on other aspects of business growth.

Disaster recovery procedures

Just like any business policies, a disaster recovery plan should include the procedures for execution of that plan in the wake of a disaster. These procedures should take into consideration emergency responses, last-minute backups, mitigation procedures and limiting damages, and how to handle cybersecurity threats.

Updated IT inventory

Creating and updating a comprehensive list of a business’s IT inventory, including details about hardware and software, and cloud services. It should also include the ownership status of most hardware, software and cloud software, whether that be subscriptions, leases, rentals, ownerships, and so forth.

Most importantly, this inventory list should itemize each by how critical they are to business operations.

Disaster recovery sites

A disaster recovery plan should include a hot disaster recovery site, located remotely or better yet, located in the cloud, where all data can be frequently backed up or replicated. This way, if there is a disaster, business operations can be switched over quickly, mitigating time and data loss.

With DRaaS third party providers, these recovery sites will be built into the disaster recovery plan structure and automatically engaged should disaster strike.


A disaster recovery plan should outline how all data is backed-up, including where, on which devices or folders, and how the DRP team is to access them. These backup procedures should also include all third party service providers.

Restoration of operations procedures

This is by far the most complex of what goes into the disaster recovery plan. When approaching this, consider your final goal: to get your business back online as quickly as possible and with as little disruption and data loss as possible.

Your restoration procedures should be a step-by-step guide to how your business will achieve that goal, from personnel notifications and activity to recovery of backup data. These procedures should be detailed and comprehensive.

Disaster recovery plan steps

Now that you have an idea of what a disaster recovery plan is, how do you go about creating a DRP for your business (or your client’s business)? Here are the disaster recovery plan steps you can take, keeping in mind that every business is different. 

1. Assess the risk

Perform a risk assessment and business impact analysis (BIA). These will help you address potential risks should a disaster occur. When approaching this, think about medium-level disaster to worst case disaster. This should include contingency plans in the event of total building loss. 

When considering risk, take into account on-site data storage and servers as well as cloud. This can help you identify unnecessary risks that you can address right away, not just in the aftermath of a disaster. This might be the time to evaluate your options between SaaS, PaaS and IaaS. Can you employees access data remotely? Is your IT department fully trained in potential disaster scenarios? 

These are all factors to consider when addressing your risk. 

2. What are your critical needs?

Critical needs are the baseline functions in order to keep your business running in the event of a disaster. Think of it like the bar you need to set that will become the foundation of your disaster recovery planning. 

These critical needs should include your RTO and RPO. These will help you gauge what is the minimal acceptable loss and your litmus test from which you can operate your business in the event of a disaster. 

3. Set your disaster recovery plan objectives

When you identify your critical needs, you can create objectives to meet those critical needs in order to keep your business continuing. From these objectives, you can identify which data, equipment, applications and user access are necessary to meet those objectives. 

Your disaster recovery plan objectives will also meet your RTO as well. Remember, time is revenue and the longer your company is inoperable, the greater the disaster fallout. 

Once you’ve identified these needs, now you can create your recovery plan objectives (RPO), which should also include your RTO. Your RPO is a document that lists the following:

  • Employee and critical personnel contact information and positions, master vendor list, and notification checklist
  • Comprehensive inventory of all equipment owned, leased or rented by the company, including all insurance policies
  • Temporary disaster recovery locations
  • Software backup schedules
  • Procedures for system recovery
  • Any other items that are unique to your business

4. Test, revise and repeat

Now you need to test that plan. To do so, create criteria and procedures necessary in order to gauge a successful test, and make revisions where necessary. Always keep in mind your RPO and RTO. 

Once you’re satisfied with that testing outcome, schedule regular testing as your business grows and changes. This testing schedule should be part of your testing criteria and procedures.

Tests should happen ideally outside of business hours and should include a dry run or structured walkthrough. An emergency drill can also come in handy when trying to dig out any flaws in your plan.  

If you’ve outsourced disaster recovery services to a third party that offers DRaaS, your IT department and personnel on your DRP team should be included in that drill and any feedback. 

Strategies for disaster recovery

Once you set about creating a DRP, there are some tips and strategies to accomplishing this task:

  • Keep your document well organized and meticulous. This includes a Table of Contents, topic sentences, and headings and subheadings. The easier the DRP document is to read and understand, the more effective your DRP will be.
  • Always set out the purpose of the DRP in clear and concise language, and in a place where it is easy to access. In a disaster, knowing immediately what your team is supposed to achieve can help set the plan into motion.
  • Separate your traditional on-premise recovery strategies from your cloud-based strategies. 
  • Consider outsourcing a third party to assist with the creation and execution of your DRP. This also includes Disaster Recovery-as-a-Service (DRaaS).

What is Disaster Recovery-as-a-Service (DRaaS)? 

The steps to creating a DRP, running drills and creating a backup of all your data can be overwhelming, to say the least. It’s a massive undertaking that your IT department may not be equipped to handle on top of their daily operations. This can cost your company time and money in not just training your IT department, but pulling them away from other tasks they need to accomplish.  Disaster Recovery-as-a-Service (DRaaS) can be the solution to that. A DRaaS provider will start by replicating your on-premise servers and/or public clouds into a secure environment where replicas can be made immediately accessible in the event of a disaster.  A DRaaS provider will also continually maintain your DRP, providing ongoing protection from disasters and outages. If a disaster does occur, a DRaaS provider will be immediately alerted and will coordinate the process to bring your systems back online, quickly and easily.  With WatServ’s DRaaS, we will work with you to eliminate your need to manage complex, on-premise recovery infrastructure, freeing up your internal IT resources so they can focus on achieving your business goals. Our DRaaS team leverages the Azure cloud to create a fully comprehensive disaster recovery environment, so in the event of a disaster, your business will be kept safe.  Learn more by downloading WatServ’s DRaaS Solution Brief [PDF] or by visiting our DRaaS solution page.

We're Here to Help


WatServ is an IT solutions provider that helps organizations digitally transform through cloud technologies and managed services.

Serving clients as a trusted advisor since 2006, WatServ provides experience-tested, strategic solutions across all stages of the digital transformation journey. Clients choose WatServ to migrate infrastructure and applications to the cloud, secure critical data, implement disaster recovery, deploy virtual desktop, enable data-readiness for productivity solutions and manage IT environments.

Our clients span a broad range of industries, and we’re a global supplier of IT services for many Brookfield Portfolio Companies. To help our mid-size clients, we provide scalable offerings that simplify cloud adoption and drive business optimization. For enterprise clients, we co-create cloud solutions that enable stability and efficiency for complex IT tools and processes.

With more than 15 years of experience, WatServ has a track record of delivering quantifiable business results and a superior client experience. Ranked as one of Canada’s Top 100 Solution Providers for the last three years in a row, WatServ is always on.

Skip to content