What is a disaster recovery plan?
Develop a disaster recovery plan that boosts your cyber resilience and recovery capability
A disaster recovery plan (DR or DRP) is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events. The plan contains strategies to minimize the effects of a disaster, so an organization can continue to operate or quickly resume key operations.
Disruptions can lead to lost revenue, brand damage and dissatisfied customers — and the longer the recovery time, the greater the adverse business impact. Therefore, a good disaster recovery plan should enable rapid recovery from disruptions, regardless of the source of the disruption.
A disaster recovery plan is more focused than a business continuity plan and does not necessarily cover all contingencies for business processes, assets, human resources and business partners.
A successful disaster recovery solution typically addresses all types of operation disruption and not just the major natural or man-made disasters that make a location unavailable. Disruptions can include power outages, telephone system outages, temporary loss of access to a facility due to bomb threats, a "possible fire" or a low-impact non-destructive fire, flood or other event. A disaster recovery plan should be organized by type of disaster and location. It must contain scripts (instructions) that can be implemented by anyone.
Before the 1970s, most organizations only had to concern themselves with making copies of their paper-based records. Disaster recovery planning gained prominence during the 1970s as businesses began to rely more heavily on computer-based operations. At that time, most systems were batch-oriented mainframes. Another offsite mainframe could be loaded from backup tapes, pending recovery of the primary site.
In 1983 the U.S. government mandated that national banks must have a testable backup plan. Many other industries followed as they understood the significant financial losses associated with long-term outages.
By the 2000s, businesses had become even more dependent on digital online services. With the introduction of big data, cloud, mobile and social media, companies had to cope with capturing and storing massive amounts of data at an exponential rate. Disaster recovery plans had to become much more complex to account for much larger amounts of data storage from a myriad of devices. The advent of cloud computing in the 2010s helped to alleviate this disaster recovery complexity by allowing organizations to outsource their disaster recovery plans and solutions.
Another current trend that emphasizes the importance of a detailed disaster recovery plan is the increasing sophistication of cyber attacks. Industry statistics show that many attacks stay undetected for well over 200 days. With so much time to hide in a network, attackers can plant malware that finds its way into the backup sets –infecting even recovery data. Attacks may stay dormant for weeks or months, allowing malware to propagate throughout the system. Even after an attack is detected, it can be extremely difficult to remove malware that is so prevalent throughout an organization.
Business disruption due to a cyber attack can have a devastating impact on an organization. For instance, cyber outage at a package delivery company can disrupt operations across its supply chain, leading to financial and reputational loss. In today’s digitally dependent world, every second of that disruption counts.
The compelling need to drive superior customer experience and business outcome is fueling the growing trend of hybrid multicloud adoption by enterprises. Hybrid multicloud, however, creates infrastructure complexity and potential risks that require specialized skills and tools to manage. As a result of the complexity, organizations are suffering frequent outages and system breakdown, coupled with cyber-attacks, lack of skills, and supplier failure. The business impact of outages or unplanned downtime is extremely high, more so in a hybrid multicloud environment. Delivering resiliency in a hybrid multicloud requires a disaster recovery plan that includes specialized skills, an integrated strategy and advanced technologies, including orchestration for data protection and recovery. Organizations must have comprehensive enterprise resiliency with orchestration technology to help mitigate business continuity risks in hybrid multicloud, enabling businesses to achieve their digital transformation goals.
Other key reasons why a business would want a detailed and tested disaster recovery plan include:
To meet today's expectation of continuous business operations, organizations must be able to restore critical systems within minutes, if not seconds of a disruption.
Many organizations struggle to evolve their DR plan strategies quickly enough to address today’s hybrid-IT environments and complex business operations. In an always-on, 24/7-world, an organization can gain a competitive advantage –or lose market share –depending on how quickly it can recover from a disaster and recover core business services.
Some organizations use external disaster recovery and business continuity consulting services to address a company’s needs for assessments, planning and design, implementation, testing and full resiliency program management.
There are proactive services to help businesses overcome disruptions with flexible, cost-effective IT DR solutions.
With the growth of cyber attacks, companies are moving from a traditional/manual recovery approach to an automated and software-defined resiliency approach. Other companies turn to cloud-based backup services provide continuous replication of critical applications, infrastructure, data and systems for rapid recovery after an IT outage. There are also virtual server options to protect critical servers in real-time. This enables rapid recovery of your applications to keep businesses operational during periods of maintenance or unexpected downtime.
For a growing number of organizations, the solution is with resiliency orchestration, a cloud-based approach that uses disaster recovery automation and a suite of continuity-management tools designed specifically for hybrid-IT environments and protecting business process dependencies across applications, data and infrastructure components. The solution increases the availability of business applications so that companies can access necessary high-level or in-depth intelligence regarding Recovery Point Objective (RPO), Recovery Time Objective (RTO) and the overall health of IT continuity from a centralized dashboard.
In today’s always-on world, your business can’t afford downtime, which can result in revenue loss, reputational damage, and regulatory penalties. Learn how Kyndryl can help transform your IT recovery management through automation to simplify disaster recovery process, increase workflow efficiency, and reduce risk, cost, and system testing time.
Hyundai Heavy Industries (HHI) was faced with that harsh reality when a 5.8 magnitude earthquake struck in 2016. Since the company’s backup center was located near headquarters in Ulsan City, Korea, the earthquake served as a wake-up call for HHI to examine its disaster recovery systems and determine preparedness for a full range of potential disruption. In 2016 an earthquake showed just how close a natural disaster could come to damaging Hyundai's mission critical IT infrastructure. The IT leadership responded quickly, working with Kyndryl Business Resiliency Services to implement a robust disaster recovery solution with a remote data center.
The objective of a DR plan is to ensure that an organization can respond to a disaster or other emergency that affects information systems –and minimize the effect on business operations. Kyndryl has a template for producing a basic DR plan. The following are the suggested steps as found in the DR template. Once you have prepared the information, it is recommended that you store the document in a safe, accessible location off site.