Get Instant Access
to This Blueprint

Infrastructure Operations icon

Create a Right-Sized Disaster Recovery Plan

Close the gap between your DR capabilities and service continuity requirements.

  • Any time a natural disaster or major IT outage occurs, it increases executive awareness and internal pressure to create a disaster recovery plan (DRP).
  • Traditional DRP templates are onerous and result in a lengthy, dense plan that might satisfy auditors but will not be effective in a crisis.
  • The myth that a DRP is only for major disasters leaves organizations vulnerable to more common incidents.
  • The growing use of outsourced infrastructure services has increased reliance on vendors to meet recovery timeline objectives.

Our Advice

Critical Insight

  • At its core, disaster recovery (DR) is about ensuring service continuity. Create a plan that can be leveraged for both isolated and catastrophic events.
  • Remember Murphy’s Law. Failure happens. Focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
  • Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all services require fast failover.

Impact and Result

  • Define appropriate objectives for service downtime and data loss based on business impact.
  • Document an incident response plan that captures all of the steps from event detection to data center recovery.
  • Create a DR roadmap to close gaps between current DR capabilities and recovery objectives.

Create a Right-Sized Disaster Recovery Plan Research & Tools

1. Disaster Recovery Plan (DRP) Research – A step-by-step document that helps streamline your DR planning process and build a plan that's concise, usable, and maintainable.

Any time a major IT outage occurs, it increases executive awareness and internal pressure to create an IT DRP. This blueprint will help you develop an actionable DRP by following our four-phase methodology to define scope, current status, and dependencies; conduct a business impact analysis; identify and address gaps in the recovery workflow; and complete, extend, and maintain your DRP.

2. DRP Case Studies – Examples to help you understand the governance and incident response components of a DRP and to show that your DRP project does not need to be as onerous as imagined.

These examples include a client who leveraged the DRP blueprint to create practical, concise, and easy-to-maintain DRP governance and incident response plans and a case study based on a hospital providing a wide range of healthcare services.

3. DRP Maturity Scorecard – An assessment tool to evaluate the current state of your DRP.

Use this tool to measure your current DRP maturity and identify gaps to address. It includes a comprehensive list of requirements for your DRP program, including core and industry requirements.

4. DRP Project Charter Template – A template to communicate important details on the project purpose, scope, and parameters.

The project charter template includes details on the project overview (description, background, drivers, and objectives); governance and management (project stakeholders/roles, budget, and dependencies); and risks, assumptions, and constraints (known and potential risks and mitigation strategy).

5. DRP Business Impact Analysis Tool – An evaluation tool to estimate the impact of downtime to determine appropriate, acceptable recovery time objectives (RTOs) and recovery point objectives (RPOs) and to review gaps between objectives and actuals.

This tool enables you to identify critical applications/systems; identify dependencies; define objective scoring criteria to evaluate the impact of application/system downtime; determine the impact of downtime and establish criticality tiers; set recovery objectives (RTO/RPO) based on the impact of downtime; record recovery actuals (RTA/RPA) and identify any gaps between objectives and actuals; and identify dependencies that regularly fail (and have a significant impact when they fail) to prioritize efforts to improve resiliency.

6. DRP BIA Scoring Context Example – A tool to record assumptions you made in the DRP Business Impact Analysis Tool to explain the results and drive business engagement and feedback.

Use this tool to specifically record assumptions made about who and what are impacted by system downtime and record assumptions made about impact severity.

7. DRP Recovery Workflow Template – A flowchart template to provide an at-a-glance view of the recovery workflow.

This simple format is ideal during crisis situations, easier to maintain, and often quicker to create. Use this template to document the Notify - Assess - Declare disaster workflow, document current and planned future state recovery workflows, including gaps and risks, and review an example recovery workflow.

8. DRP Roadmap Tool – A visual roadmapping tool that will help you plan, communicate, and track progress for your DRP initiatives.

Improving DR capabilities is a marathon, not a sprint. You likely can't fund and resource all the measures for risk mitigation at once. Instead, use this tool to create a roadmap for actions, tasks, projects, and initiatives to complete in the short, medium, and long term. Prioritize high-benefit, low-cost mitigations.

9. DRP Recap and Results Template – A template to summarize and present key findings from your DR planning exercises and documents.

Use this template to present your results from the DRP Maturity Scorecard, BCP-DRP Fitness Assessment, DRP Business Impact Analysis Tool, tabletop planning exercises, DRP Recovery Workflow Template, and DRP Roadmap Tool.

10. DRP Workbook – A comprehensive tool that enables you to organize information to support DR planning.

Leverage this tool to document information regarding DRP resources (list the documents/information sources that support DR planning and where they are located) and DR teams and contacts (list the DR teams, SMEs critical to DR, and key contacts, including business continuity management team leads that would be involved in declaring a disaster and coordinating response at an organizational level).

11. Appendix

The following tools and templates are also included as part of this blueprint to use as needed to supplement the core steps above:


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.6/10


Overall Impact

$91,942


Average $ Saved

29


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Carver County, MN

Guided Implementation

9/10

$12,999

7

Socan

Workshop

10/10

$100K

10

We found the domain knowledge of the facilitator to be very good which helped us to ask and answer the right questions based on our environment and... Read More

Coachella Valley Water District

Workshop

10/10

$64,999

20

There are no issues or concerns to report. Sumit has proven to be an exceptional consultant, demonstrating a deep familiarity with the specific typ... Read More

First Ontario Credit Union Ltd.

Guided Implementation

10/10

$50,000

20

Darin's wealth of knowledge in the space has been fantastic. It has allowed us to bring in the correct stake holders to understand the needs of the... Read More

Woodbine Entertainment Group

Workshop

8/10

$10,000

20

Very difficult to meet ITRG's back-to-back scheduling requirement for these sessions. Excellent discussions facilitated by Venkat across lines o... Read More

State of Kentucky - Kentucky Transportation Cabinet

Workshop

10/10

$64,999

50

Venkat was a great facilitator and had clearly planned the days well and did preliminary work each night so we would have a very valuable day of wo... Read More

Small Enterprise Finance Agency

Guided Implementation

9/10

$12,999

20

Templates and advise was very useful

MyPath, Inc.

Guided Implementation

10/10

$129K

120

Frank brings excellent experience to the table in relation to our DR and BC Workshops and discussions. We are fortunate to have him facilitating fo... Read More

Lake Simcoe Region Conservation Authority

Guided Implementation

8/10

$5,000

5

Very knowledgeable help and good insights...

Georgia Department of Banking and Finance

Guided Implementation

10/10

$12,999

20

Kansas Public Employees Retirement System

Guided Implementation

10/10

$32,499

20

Best part is being able to ask questions on any parts that I don't understand. No worst part.

County of Montgomery

Guided Implementation

10/10

N/A

20

Andrew is an awesome analyst and advisor. He was able to keep us on track and explain everything in detail as we worked through the program. It was... Read More

Sirtex Medical US Holdings, Inc.

Guided Implementation

10/10

$129K

20

The value provided by Infotech is threefold. Firstly, there's the research; clear, comprehensive and ready to share, making me look like a rock sta... Read More

Santa Fe Community College

Guided Implementation

9/10

$1,039

23

St. Petersburg College

Guided Implementation

10/10

$123K

47

Frank was amazing to work with, collaborate on ideas and create a framework for success.

The National Gas Company of Trinidad and Tobago Limited

Workshop

10/10

N/A

16

Excellent support and assistance by Dave throughout the workshop. Very experienced in the field and was quite knowledgeable when answering our ques... Read More

General Conference of Seventh-day Adventists

Workshop

10/10

$64,999

60

The presenter (Joe) did an outstanding job and I would recommend him to anyone for his commitment, follow thru, and presentation. The tabletop exer... Read More

City of Walla Walla

Guided Implementation

10/10

$12,999

32

Frank knows his stuff, great to work with. Nothing bad, as this is a critical component of our business and a gap.

General Conference of Seventh-day Adventists

Guided Implementation

9/10

N/A

50

The information presented was clear and the Info-Tech team has moved quickly to help us get this workshop lined up. We appreciate the attention to ... Read More

Collège communautaire du Nouveau-Brunswick

Workshop

10/10

N/A

50

Great session with a knowledgeable facilitator! Andrew sharp helped us identify point of improvement and how to properly document a DR Plan. I will... Read More

MyPath, Inc.

Workshop

10/10

$64,999

50

Airgain

Guided Implementation

10/10

$12,999

20

Wiss, Janney, Elstner Associates, Inc.

Guided Implementation

10/10

$129K

50

The best part has been working with Darin Stahl - he is a wealth of information. The worst part is working with disparate spreadsheets - this is a... Read More

University of the Fraser Valley

Guided Implementation

9/10

$20,500

10

The Star Entertainment Group

Guided Implementation

8/10

N/A

N/A

Frank Trovato's review of our existing DR documentation has been invaluable. Frank advised that as an organisation we have a good level of maturity... Read More

Cross Country Mortgage, Inc.

Guided Implementation

10/10

$30,549

8

Opal Packaging

Guided Implementation

10/10

$20,500

10

Our ability to access subject matter expertise throughout the process was fantastic. Frank provided practical advice and kept us on track to work ... Read More

Sirtex Medical US Holdings, Inc.

Guided Implementation

10/10

$259K

50

The ability of InfoTech to help me distill my thoughts into cohesive actions, recommendations and present those in a refined, professional way is i... Read More

Rosemont Pharmaceuticals Ltd

Guided Implementation

10/10

N/A

5

Noble Research Institute, LLC

Guided Implementation

8/10

$12,999

5

Frank was very knowledgeable and easy to work with.


Disaster Recovery Planning

Close the gap between your DR capabilities and service continuity requirements.
This course makes up part of the Security & Risk Certificate.

Now Playing:
Academy: Disaster Recovery Planning | Executive Brief

An active membership is required to access Info-Tech Academy
  • Course Modules: 4
  • Estimated Completion Time: 2-2.5 hours
  • Featured Analysts:
  • Frank Trovato, Research Director, Infrastructure Practice
  • Eric Wright, SVP of Research and Advisory

Workshop: Create a Right-Sized Disaster Recovery Plan

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Define Parameters for Your DRP

The Purpose

Identify key applications and dependencies based on business needs.

Key Benefits Achieved

Understand the entire IT “footprint” that needs to be recovered for key applications. 

Activities

Outputs

1.1

Assess current DR maturity.

  • Current challenges identified through a DRP Maturity Scorecard.
1.2

Determine critical business operations.

1.3

Identify key applications and dependencies.

  • Key applications and dependencies documented in the Business Impact Analysis (BIA) Tool.

Module 2: Determine the Desired Recovery Timeline

The Purpose

Quantify application criticality based on business impact.

Key Benefits Achieved

Appropriate recovery time and recovery point objectives defined (RTOs/RPOs).

Activities

Outputs

2.1

Define an objective scoring scale to indicate different levels of impact.

  • Business impact analysis scoring criteria defined.
2.2

Estimate the impact of downtime.

  • Application criticality validated.
2.3

Determine desired RTO/RPO targets for applications based on business impact.

  • RTOs/RPOs defined for applications and dependencies.

Module 3: Determine the Current Recovery Timeline and DR Gaps

The Purpose

Determine your baseline DR capabilities (your current state).

Key Benefits Achieved

Gaps between current and desired DR capability are quantified.

Activities

Outputs

3.1

Conduct a tabletop exercise to determine current recovery procedures.

  • Current achievable recovery timeline defined (i.e. the current state).
3.2

Identify gaps between current and desired capabilities.

  • RTO/RPO gaps identified.
3.3

Estimate likelihood and impact of failure of individual dependencies.

  • Critical single points of failure identified.

Module 4: Create a Project Roadmap to Close DR Gaps

The Purpose

Identify and prioritize projects to close DR gaps.

Key Benefits Achieved

DRP project roadmap defined that will reduce downtime and data loss to acceptable levels.

Activities

Outputs

4.1

Determine what projects are required to close the gap between current and desired DR capability.

  • Potential DR projects identified.
4.2

Prioritize projects based on cost, effort, and impact on RTO/RPO reduction.

  • DRP project roadmap defined.
4.3

Validate that the suggested projects will achieve the desired DR capability.

  • Desired-state incident response plan defined, and project roadmap validated.

Module 5: Establish a Framework for Documenting Your DRP, and Summarize Next Steps

The Purpose

  • Outline how to create concise, usable DRP documentation.
  • Summarize workshop results. 

Key Benefits Achieved

  • A realistic and practical approach to documenting your DRP.
  • Next steps documented. 

Activities

Outputs

5.1

Outline a strategy for using flowcharts and checklists to create concise, usable documentation.

  • Current-state and desired-state incident response plan flowcharts.
5.2

Review Info-Tech’s DRP templates for creating system recovery procedures and a DRP summary document.

  • Templates to create more detailed documentation where necessary.
5.3

Summarize the workshop results, including current potential downtime and action items to close gaps.

  • Executive communication deck that outlines current DR gaps, how to close those gaps, and recommended next steps.

Create a Right-Sized Disaster Recovery Plan

Close the gap between your DR capabilities and service continuity requirements.

ANALYST PERSPECTIVE

An effective disaster recovery plan (DRP) is not just an insurance policy.

"An effective DRP addresses common outages such as hardware and software failures, as well as regional events, to provide day-to-day service continuity. It’s not just insurance you might never cash in. Customers are also demanding evidence of an effective DRP, so organizations without a DRP risk business impact not only from extended outages but also from lost sales. If you are fortunate enough to have executive buy-in, whether it’s due to customer pressure or concern over potential downtime, you still have the challenge of limited time to dedicate to disaster recovery (DR) planning. Organizations need a practical but structured approach that enables IT leaders to create a DRP without it becoming their full-time job."

Frank Trovato,

Research Director, Infrastructure

Info-Tech Research Group

Is this research for you?

This Research Is Designed For:

  • Senior IT management responsible for executing DR.
  • Organizations seeking to formalize, optimize, or validate an existing DRP.
  • Business continuity management (BCM) professionals leading DRP development.

This Research Will Help You:

  • Create a DRP that is aligned with business requirements.
  • Prioritize technology enhancements based on DR requirements and risk-impact analysis.
  • Identify and address process and technology gaps that impact DR capabilities and day-to-day service continuity.

This Research Will Also Assist:

  • Executives who want to understand the time and resource commitment required for DRP.
  • Members of BCM and crisis management teams who need to understand the key elements of an IT DRP.

This Research Will Help Them:

  • Scope the time and effort required to develop a DRP.
  • Align business continuity, DR, and crisis management plans.

Executive summary

Situation

  • Any time a natural disaster or major IT outage occurs, it increases executive awareness and internal pressure to create a DRP.
  • Industry standards and government regulations are driving external pressure to develop business continuity and IT DR plans.
  • Customers are asking suppliers and partners to provide evidence that they have a workable DRP before agreeing to do business.

Complication

  • Traditional DRP templates are onerous and result in a lengthy, dense plan that might satisfy auditors, but will not be effective in a crisis.
  • The myth that a DRP is only for major disasters leaves organizations vulnerable to more common incidents.
  • The growing use of outsourced infrastructure services has increased reliance on vendors to meet recovery timeline objectives.

Resolution

  • Create an effective DRP by following a structured process to discover current capabilities and define business requirements for continuity:
    • Define appropriate objectives for service downtime and data loss based on business impact.
    • Document an incident response plan that captures all of the steps from event detection to data center recovery.
    • Create a DR roadmap to close gaps between current DR capabilities and recovery objectives.

Info-Tech Insight

  1. At its core, DR is about ensuring service continuity. Create a plan that can be leveraged for both isolated and catastrophic events.
  2. Remember Murphy’s Law. Failure happens. Focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
  3. Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all services require fast failover.

An effective DRP is critical to reducing the cost of downtime

If you don’t have an effective DRP when failure occurs, expect to face extended downtime and exponentially rising costs due to confusion and lack of documented processes.

Image displayed is a graph that shows that delay in recovery causes exponential revenue loss.

Potential Lost Revenue

The impact of downtime tends to increase exponentially as systems remain unavailable (graph at left). A current, tested DRP will significantly improve your ability to execute systems recovery, minimizing downtime and business impact. Without a DRP, IT is gambling on its ability to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks or months – and substantial business impact.

Adapted from: Philip Jan Rothstein, 2007

Cost of Downtime for the Fortune 1000

Cost of unplanned apps downtime per year: $1.25B to $2.5B.

Cost of critical apps failure per hour: $500,000 to $1M.

Cost of infrastructure failure per hour: $100,000.

35% reported to have recovered within 12 hours.

17% of infrastructure failures took more than 24 hours to recover.

13% of application failures took more than 24 hours to recover.

Source: Stephen Elliot, 2015

Info-Tech Insight

The cost of downtime is rising across the board, and not just for organizations that traditionally depend on IT (e.g. e-commerce). Downtime cost increase since 2010:

Hospitality: 129% increase

Transportation: 108% increase

Media organizations: 104% increase

An effective DRP also sets clear recovery objectives that align with system criticality to optimize spend

The image displays a disaster recovery plan example, where different tiers are in place to support recovery in relation to time.

Take a practical approach that creates a more concise and actionable DRP

DR planning is not your full-time job, so it can’t be a resource- and time-intensive process.

The Traditional Approach Info-Tech’s Approach

Start with extensive risk and probability analysis.

Challenge: You can’t predict every event that can occur, and this delays work on your actual recovery procedures.

Focus on how to recover regardless of the incident.

We know failure will happen. Focus on improving your ability to failover to a DR environment so you are protected regardless of what causes primary site failure.

Build a plan for major events such as natural disasters.

Challenge: Major destructive events only account for 12% of incidents while software/hardware issues account for 45%. The vast majority of incidents are isolated local events.

An effective DRP improves day-to-day service continuity, and is not just for major events.

Leverage DR planning to address both common (e.g. power/network outage or hardware failure) as well as major events. It must be documentation you can use, not shelfware.

Create a DRP manual that provides step-by-step instructions that anyone could follow.

Challenge: The result is lengthy, dense manuals that are difficult to maintain and hard to use in a crisis. The usability of DR documents has a direct impact on DR success.

Create concise documentation written for technical experts.

Use flowcharts, checklists, and diagrams. They are more usable in a crisis and easier to maintain. You aren’t going to ask a business user to recover your SQL Server databases, so you can afford to be concise.

DR must be integrated with day-to-day incident management to ensure service continuity

When a tornado takes out your data center, it’s an obvious DR scenario and the escalation towards declaring a disaster is straightforward.

The challenge is to be just as decisive in less-obvious (and more common) DR scenarios such as a critical system hardware/software failure, and knowing when to move from incident management to DR. Don’t get stuck troubleshooting for days when you could have failed over in hours.

Bridge the gap with clearly-defined escalation rules and criteria for when to treat an incident as a disaster.

Image displays two graphs. The graph on the left measures the extent that service management processes account for disasters by the success meeting RTO and RPO. The graph on the right is a double bar graph that shows DRP being integrated and not integrated in the following categories: Incident Classifications, Severity Definitions, Incident Models, Escalation Procedures. These are measured based on the success meeting RTO and RPO.

Source: Info-Tech Research Group; N=92

Myth busted: The DRP is separate from day-to-day ops and incident management.

The most common threats to service continuity are hardware and software failures, network outages, and power outages

The image displayed is a bar graph that shows the common threats to service continuity. There are two areas of interest that have labels. The first is: 45% of service interruptions that went beyond maximum downtime guidelines set by the business were caused by software and hardware issues. The second label is: Only 12% of incidents were caused by major destructive events.

Source: Info-Tech Research Group; N=87

Info-Tech Insight

Does this mean I don’t need to worry about natural disasters? No. It means DR planning needs to focus on overall service continuity, not just major disasters. If you ignore the more common but less dramatic causes of service interruptions, you are diminishing the business value of a DRP.

Myth busted: DRPs are just for destructive events – fires, floods, and natural disasters.

DR isn’t about identifying risks; it’s about ensuring service continuity

The traditional approach to DR starts with an in-depth exercise to identify risks to IT service continuity and the probability that those risks will occur.

Here’s why starting with a risk register is ineffective:

  • Odds are, you won’t think of every incident that might occur. If you think of twenty risks, it’ll be the twenty-first that gets you. If you try to guard against that twenty-first risk, you can quickly get into cartoonish scenarios and much more costly solutions.
  • The ability to failover to another site mitigates the risk of most (if not all) incidents (fire, flood, hardware failure, tornado, etc.). A risk and probability analysis doesn’t change the need for a plan that includes a failover procedure.

Where risk is incorporated in this methodology:

  • Use known risks to further refine your strategy (e.g. if you are prone to hurricanes, plan for greater geographic separation between sites; ensure you have backups, in addition to replication, to mitigate the risk of ransomware).
  • Identify risks to your ability to execute DR (e.g. lack of cross-training, backups that are not tested) and take steps to mitigate those risks.

Myth busted: A risk register is the critical first step to creating an effective DR plan.

You can’t outsource accountability and you can’t assume your vendor’s DR capabilities meet your needs

Outsourcing infrastructure services – to a cloud provider, co-location provider, or managed service provider (MSP) – can improve your DR and service continuity capabilities. For example, a large public cloud provider will generally have:

  • Redundant telecoms service providers, network infrastructure, power feeds, and standby power.
  • Round-the-clock infrastructure and security monitoring.
  • Multiple data centers in a given region, and options to replicate data and services across regions.

Still, failure is inevitable – it’s been demonstrated multiple times1 through high-profile outages. When you surrender direct control of the systems themselves, it’s your responsibility to ensure the vendor can meet your DR requirements, including:

  • A DR site and acceptable recovery times for systems at that site.
  • An acceptable replication/backup schedule.

Sources: Kyle York, 2016; Shaun Nichols, 2017; Stephen Burke, 2017

Myth busted: I outsource infrastructure services so I don’t have to worry about DR. That’s my vendor’s responsibility.

Choose flowcharts over process guides, checklists over procedures, and diagrams over descriptions

IT DR is not an airplane disaster movie. You aren’t going to ask a business user to execute a system recovery, just like you wouldn’t really want a passenger with no flying experience to land a plane.

In reality, you write a DR plan for knowledgeable technical staff, which allows you to summarize key details your staff already know. Concise, visual documentation is:

  • Quicker to create.
  • Easier to use.
  • Simpler to maintain.

"Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow."

– Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management

A graph is displayed. It shows a line graph where the DR success is higher by using flowcharts, checklists, and diagrams.

Source: Info-Tech Research Group; N=95

*DR Success is based on stated ability to meet recovery time objectives (RTOs) and recovery point objectives (RPOs), and reported confidence in ability to consistently meet targets.

Myth busted: A DRP must include every detail so anyone can execute recovery.

A DRP is part of an overall business continuity plan

A DRP is the set of procedures and supporting documentation that enables an organization to restore its core IT services (i.e. applications and infrastructure) as part of an overall business continuity plan (BCP), as described below. Use the templates, tools, and activities in this blueprint to create your DRP.

Overall BCP
IT DRP BCP for Each Business Unit Crisis Management Plan
A plan to restore IT services (e.g. applications and infrastructure) following a disruption. This includes:
  • Identifying critical applications and dependencies.
  • Defining an appropriate (desired) recovery timeline based on a business impact analysis (BIA).
  • Creating a step-by-step incident response plan.
A set of plans to resume business processes for each business unit. Info-Tech’s Develop a Business Continuity Plan blueprint provides a methodology for creating business unit BCPs as part of an overall BCP for the organization. A set of processes to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage. This includes emergency response plans, crisis communication plans, and the steps to invoke BC/DR plans when applicable. Info-Tech’s Implement Crisis Management Best Practices blueprint provides a structured approach to develop a crisis management process.

Note: For DRP, we focus on business-facing IT services (as opposed to the underlying infrastructure), and then identify required infrastructure as dependencies (e.g. servers, databases, network).

Take a practical but structured approach to creating a concise and effective DRP

Image displayed shows the structure of this blueprint. It shows the structure of phases 1-4 and the related tools and templates for each phase.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Info-Tech advisory services deliver measurable value

Info-Tech members save an average of $22,983 and 22 days by working with an Info-Tech analyst on DRP (based on client response data from Info-Tech Research Group’s Measured Value Survey, following analyst advisory on this blueprint).

Why do members report value from analyst engagement?

  1. Expert advice on your specific situation to overcome obstacles and speed bumps.
  2. Structured project and guidance to stay on track.
  3. Project deliverables review to ensure the process is applied properly.

Guided implementation overview

Your trusted advisor is just a call away.

Define DRP scope (Call 1)

Scope requirements, objectives, and your specific challenges. Identify applications/ systems to focus on first.

Define current status and system dependencies (Calls 2-3)

Assess current DRP maturity. Identify system dependencies.

Conduct a BIA (Calls 4-6)

Create an impact scoring scale and conduct a BIA. Identify RTO and RPO for each system.

Recovery workflow (Calls 7-8)

Create a recovery workflow based on tabletop planning. Identify gaps in recovery capabilities.

Projects and action items (Calls 9-10)

Identify and prioritize improvements. Summarize results and plan next steps.

Your guided implementations will pair you with an advisor from our analyst team for the duration of your DRP project.

Workshop overview

Contact your account representative or email Workshops@InfoTech.com for more information.

Image displays the workshop overview for this blueprint. It is a workshop that runs for 4 days and covers various activities and produces many deliverables.

End-user complaints distract from serious IT-based risks to business continuity

Case Study

Industry: Manufacturing
Source: Info-Tech Research Group Client Engagement

A global manufacturer with annual sales over $1B worked with Info-Tech to improve DR capabilities.

DRP BIA

Conversations with the IT team and business units identified the following impact of downtime over 24 hours:

  • Email: Direct Cost: $100k; Goodwill Impact Score: 8.5/16
  • ERP: Direct Cost: $1.35mm; Goodwill Impact Score: 12.5/16

Tabletop Testing and Recovery Capabilities

Reviewing the organization’s current systems recovery workflow identified the following capabilities:

  • Email: RTO: minutes, RPO: minutes
  • ERP: RTO: 14 hours, RPO: 24 hours

Findings

Because of end-user complaints, IT had invested heavily in email resiliency though email downtime had a relatively minimal impact on the business. After working through the methodology, it was clear that the business needed to provide additional support for critical systems.

Insights at each step:

Identify DR Maturity and System Dependencies

Conduct a BIA

Outline Incident Response and Recovery Workflow With Tabletop Exercises

Mitigate Gaps and Risks

Create a Right-Sized Disaster Recovery Plan

Phase 1

Define DRP Scope, Current Status, and Dependencies

Step 1.1: Set Scope, Kick-Off the DRP Project, and Create a Charter

This step will walk you through the following activities:

  • Establish a team for DR planning.
  • Retrieve and review existing, relevant documentation.
  • Create a project charter.

This step involves the following participants:

  • DRP Coordinator
  • DRP Team (Key IT SMEs)
  • IT Managers

Results and Insights

  • Set scope for the first iteration of the DRP methodology.
  • Don’t try to complete your DR and BCPs all at once.
  • Don’t bite off too much at once.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

9.6/10
Overall Impact

$91,942
Average $ Saved

29
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 5-phase advisory process. You'll receive 10 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Define DRP scope
  • Call 1: Scope requirements, objectives, and your specific challenges.
  • Call 2: Identify applications/systems to focus on first.

Guided Implementation 2: Define current status and system dependencies
  • Call 1: Assess current DRP maturity.
  • Call 2: Identify system dependencies.

Guided Implementation 3: Conduct a BIA
  • Call 1: Create an impact scoring scale and conduct a BIA.
  • Call 2: Identify RTO and RPO for each system.

Guided Implementation 4: Recovery workflow
  • Call 1: Create a recovery workflow based on tabletop planning.
  • Call 2: Identify gaps in recovery capabilities.

Guided Implementation 5: Projects and action items
  • Call 1: Identify and prioritize improvements.
  • Call 2: Summarize results and plan next steps.

Author

Frank Trovato

Contributors

  • Alan Byrum, Director of Business Continuity, Intellitech
  • Bernard Jones (MBCI, CBCP, CORP, ITILv3), Owner/Principal, BJones BCP Consulting, LLC
  • Paul Beaudry, Assistant Vice-President, Technical Services, MIS, Richardson International Limited
  • Yogi Schulz, President, Corvelle Consulting
  • Nicole Paredes, IT Manager, State Toll and Road Authority
  • Troy Clayton, Network Administrator, Aux Sable
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019