Ultimate Guide to Backup Disater Recovery - Probrand Marketplace

Contact centre

Contact Centre

Call Us

Speak to Sector & Technical Experts

0800 015 7299
Customer IT Support
0121 248 7932
Live Chat

Want to talk to an advisor?
Click the chat button below

Ultimate Guide to Backup & Disaster Recovery

The IT department has traditionally been accountable for business continuity and disaster recovery (BCDR) planning. This has resulted in recovery strategies that don’t necessarily tie up with the needs of the business. Disaster recovery planning is not solely an IT issue.  

IT downtime can have disastrous consequences on a business, thus plans should involve input from stakeholders across the business in human resources, finance, legal, communications, operations, and facilities to be effective. 

The purpose of this disaster recovery plan template is to provide practical steps to help you create your own strategy. Be sure to conduct thorough research on disaster recovery before beginning a plan, as it can be a time-consuming process. Your ultimate aim is to create a disaster recovery plan that is integrated, uncomplicated, dependable and fast. 

Plan Scope 

Before starting, it's crucial to understand that developing a DR program is a significant undertaking. 

The goal of your disaster recovery plan should be to ensure a quick and seamless response to a disaster, while minimising risk and costs to your information systems and business operations. The following five steps will help you achieve that: 

  • Evaluate business-critical data, systems, and applications  

  • Create a schedule of deliverables  

  • Test the effectiveness of your plan  

  • Manage and maintain to stay up to date 

  • Activate when necessary 


Rather than focusing on reducing the impact of a disaster after it has occurred, it is preferable to concentrate on activities that prevent it from happening. Regardless, the DR planning process should begin with an assessment of your mission-critical data and where your company is vulnerable. 

Collaborative Strategic Planning Sessions: Host planning sessions that involve the appropriate teams, including team members from all departments, with a range of job titles and responsibilities. These individuals will be responsible for ensuring adequate training and communication going forward. 

Establish Goals: No two businesses will have the same goals. You need to prepare your own unique set of goals which relate to your business needs, but some examples may include: 

  • Minimise interruptions to the normal operations 

  • Limit the extent of disruption and damage 

  • Minimise the economic impact of the interruption 

  • Establish alternative means of operation in advance 

  • Train personnel with emergency procedures 

  • Provide for smooth and rapid restoration of service 

Know your critical resources and functions: It’s important to put together a comprehensive list of mission-critical data locations and resources required to recover in the event of an outage. 

  • Define software application and hardware inventory profiles – data and voice communications, remote and personal devices, public networks 

  • Know volume restrictions 

  • Identify critical records – i.e., HR, Legal, Finance, IT 

  • Outline server and system interdependencies with business requirements 

Once you’ve established a comprehensive list, you can tier your applications based on criticality. To help with this, you should also talk to your lines of business owners about their tolerance for downtime. Here are some considerations to make at this stage: 

  • SaaS applications 

  • Private or public cloud 

  • Third party providers 

  • Servers 

  • Workstations 

  • Mobile devices 

  • Departmental requirements may vary 

  • Number of tools 

  • Levels of granularity 

Define RTO/RPO 

From both technical and business perspectives, determine the duration your business can operate without its data and resources based on their level of criticality. This will help establish: 

  • Recovery Time Objective (RTO) - the length of time the business or department can function without its services. 

  • Recovery Point Objective (RPO) - the extent to which they need to be restored. What amount of data can the business or department tolerate losing? 

Ensure that you prioritise these considerations to effectively manage your resources during a potential recovery situation. 

Sample list of services to include in the plan: 

Define RTO/RPO

It is important to identify the vulnerabilities and potential scenarios that could affect your critical data. You should then plan accordingly to address these scenarios. For instance, restoring a single employee's lost email is different from restoring all data following a cyber attack. 

To accomplish this, you should: 

  • Document current backup procedures 

  • Assess vulnerability 

  • Plan for various disaster types, including natural disasters, accidental file deletion, hardware or software failure, cyberattacks, and loss or compromise of remote devices. 

Determining the total cost of disaster recovery solutions can be challenging when many factors are involved. To ensure effective disaster recovery, costs need to be evaluated against the risk of not recovering. These costs may include: 

  • Replacement costs for cold storage, applications, and servers 

  • Penalties for non-compliance with regulations 

  • Loss of stock value or ecommerce transactions 

  • Supply chain disruptions 

  • Indirect costs such as damage to brand reputation and employee satisfaction 


The design approach to your DR plan is founded on what you’ve learned and documented in your assessment phase. To design an effective DR plan, you should: 

  • Document the necessary resources and deliverables 

  • Keep the plan simple and easy to understand 

  • Automate processes as much as possible 

Sample scenarios: 

Sample scenarios

In order to enable the systematic activation of your DR plan when necessary, your design must include the following strategies and procedures: 


To define specific disaster conditions, including their type, severity, impact, and duration that will trigger the activation of your plan. 


To assess whether the activation criteria have been met in the event of potential disaster events. 


To ensure that appropriate approvals are obtained for plan activation, involving IT, business leaders, and company executives. 


To provide facility and system support for all plan activation activities, including the establishment of a "Command Centre" location where most, if not all, recovery activities can be carried out. 


To inform all employees, customers, vendors, and the public (when necessary) about all activation-related decisions and activities. 

By incorporating these related strategies and procedures into your DR plan, you can ensure that it will be effectively activated when needed. 



It is crucial to thoroughly test your DR plan before implementing it. Test the plan in a non-production environment and simulate scenarios for all types of disasters and lines of business. If any issues arise during testing, modify the plan accordingly. 

The testing phase includes the following activities: 

  • Defining the purpose and approach of the test 

  • Identifying the test teams 

  • Structuring the test with different outage scenarios 

  • Conducting the test virtually, table-top, or at full-scale 

  • Analysing the test results 

  • Modifying the plans as necessary 

The testing method should align with the defined recovery strategies for meeting the business's recovery requirements. Specific testing procedures must be developed to ensure the written plans are comprehensive and accurate. 

It is crucial to emphasise the importance of testing and exercising your DR plan frequently to ensure its effectiveness. 

Manage and Maintain 

Your disaster recovery plan must be kept up to date. While annual testing is considered best practice, regular plan maintenance is even better. Anytime new hardware, software, systems are added, or there are changes in network access or stakeholders, it is necessary to update the plan. Otherwise, it may not work when needed. 

Regular plan maintenance should include: 

Alerts and monitoring 

  • Emergency response procedures 

  • Backup operations procedures 

  • Recovery operations procedures 

Key personnel 

  • New hires 

  • Executive briefings 

Data management and DR review sessions 

  • Updated policies and exercise cadence 

  • Regulatory compliance changes 

  • SLA review 

  • Maintenance procedures 

  • Updated access and permissions 

  • Change management 

  • New scenarios 

By keeping your DR plan current, you can ensure that it remains effective and can provide the necessary protection in the event of a disaster. 


Knowing how to activate your DR plan in the event of a disaster is also important. In the midst of a disaster, there may not be enough time to react or decide what to do first. Instead, focus on the actions outlined in your plan. Your DR plan should be activated in four organised steps: 

React: Specific disaster conditions have been met 

Respond: DR plan goes into action 

Recover: Restore operations to the extent possible mid-event and fully once the disaster is resolved 

Review: Improve response capabilities based on recovery experience 


The success of your disaster recovery plan is contingent on dedicating the necessary resources and effort. While some businesses invest significant time and money into developing recovery plans, they may fail to maintain their recovery capability. This requires a commitment to regularly testing recovery capabilities and keeping plans up-to-date. 

To ensure the success of your DR program, your management team must be dedicated to overseeing and maintaining it, and ensuring that the necessary resources are available throughout its development, implementation, maintenance cycles, and ongoing support.