Select Page

Disaster Recovery and Business Continuity: How to Plan, Maintain and Test

Although many businesses think they’re prepared for a disaster, most actually lack a comprehensive Disaster Recovery (DR) and business continuity plan. In reality, they have a backup-strategy in place. Unfortunately, many organizations do not piece together their DR plan until after disaster strikes.

The most important part of a disaster recovery plan (after actually having a DR plan of course) is to take the time to document and communicate established procedures. Here we review the steps to a successful business continuity and disaster recovery plan.

Document Specific Steps and Assign Roles

Every staff member should comprehend their role and proper procedure in monitoring and testing to validate data restoration processes, identifying-threats, initiating data-backup to secure, alternate locations, and recovering or relocating data, systems and operations.


Staff availability and training should be evaluated, things like policy and vital skills are duplicated and continuity is retained in the event of staff-turnover. At a minimum, identify at least one primary and one backup person to implement policy-practices.


An often neglected role in the disaster recovery plan is the department or persons responsible for conveying system or business status to customers or employees in the event of a disaster.

Remember that a comprehensive disaster recovery plan should include 3 key types of measures: prevention, detection and correction.

Assess threats & consequences.

A good start is to create two lists:

  • A list of potential disasters. Rank each one based on the probability of occurrence. With the list and rankings complete, identify the level-of-impact each one would have on your business and concisely outline the specific consequences to your business. This will provide a framework for what issues you need to include in your plan.

Businesses in areas at risk for floods, prone to outages, or natural disasters should consider a secure Disaster Recovery site for mission critical systems in a different region to limit the risk of these disasters halting business.

  • Make a list of mission critical systems and data. Determine the amount of downtime or data loss your business can tolerate in these systems. This list will allow IT professionals to implement the proper fault-tolerance and availability technologies to get a system back-up and running as soon as required.

 Back up Mission Critical Systems

According to the 3-2-1 Backup Rule, a comprehensive disaster or Business continuity plan includes 3 copies of your data; the primary working copy, an onsite backup on a separate media-volume, and a second backup-copy at an offsite location to keep data safe from theft, fire or natural disasters.


Your vital records should be maintained in electronic and hardcopy because if your system is destroyed you will not be able to access the electronic copy. The hardcopy should be maintained in the facility and you should also have an off-site copy in case there is a fire or other disaster that prevents you from obtaining the hardcopy out of the facility or if something destroys the hardcopy.

 Testing your Disaster Recovery Plan

You should do an exercise at least once per-year and you should remember that for the CISSP examination. You will not have any confidence in your plan until you test it and this is why testing is important.

Simulating a disaster to test all measures in a disaster recovery plan ensures that you address any plan shortcomings or failures before a disaster strikes, rather than during. Test both employee training as well as hardware-and software-based disaster recovery measures.

Testing your plan makes perfect sense to ensure it is the right one for your business. A comprehensive disaster recovery plan involves moving beyond the backup strategy and getting specific with your DR policies and procedures. This is often ignored in medium or small sized organizations as they find they do not have the experience, budget or time in their IT-team to design and implement a disaster recovery plan.

Third party DR Plan

Third party DR Plan and design services, such as StoneFly’s High availability backup and disaster recovery solutions, empower customers to focus on moving their business forward while keeping their data safe.

Recent Posts

DDoS Attacks Decoded: Defending Against Modern Cyber Onslaughts

DDoS Attacks Decoded: Defending Against Modern Cyber Onslaughts

In the vast realm of cybersecurity, few threats are as pervasive and disruptive as Distributed Denial of Service (DDoS) attacks. These orchestrated assaults on digital infrastructure can bring organizations to their knees, disrupting services, tarnishing reputations,...

Veeam-Ready Appliance with Immutable / WORM Storage

Veeam-Ready Appliance with Immutable / WORM Storage

Write Once Read Many (WORM) storage repositories ensure security, simplify compliance and protect mission-critical backup data from threats such as ransomware, virus infection, etc. Veeam introduced WORM...

Botnets Unveiled: Navigating the Underworld of Cyber Threats

Botnets Unveiled: Navigating the Underworld of Cyber Threats

In today's interconnected digital landscape, where data is the lifeblood of businesses and individuals alike, cybersecurity has never been more critical. It's a world where cyber threats loom large, and among them, botnets stand out as a particularly menacing...

Remote Access Trojans (RATs): The Silent Invaders of Cybersecurity

Remote Access Trojans (RATs): The Silent Invaders of Cybersecurity

In the dynamic landscape of cybersecurity, one malicious entity has been silently making its presence felt - Remote Access Trojans, or RATs. These stealthy and malicious software pieces operate in the shadows, infiltrating systems, and granting unauthorized access to...

You May Also Like

Subscribe To Our Newsletter

Join our mailing list to receive the latest news, updates, and promotions from StoneFly.

Please Confirm your subscription from the email