Emergency Preparedness Essentials


Information Technology Disaster Recovery Plan

Information technology is one of the most effective and timely resources businesses have for processing their information. Voice Over Internet Protocol (VOIP) telephone systems and electronic mail are other sources for communication that employees turn to. Electronic data interchange (EDI) is used in transmitting data which includes payments and orders from one company to a different company. Servers are required for storing data and processing information. Laptops, desktop computers, and wireless devices are used by the employees in order to manage, process, create, and communicate information. Employees might be lost if their technology were to stop working.

It is imperative that you include an information technology disaster recovery plan (IT DRP) with your business continuity plan. Your business impact analysis should include your recovery time objects for information technology. The business recovery will need to include technology recovery strategies for hardware, data, and applications.

Regardless of the size, each company needs to develop and keep track of a lot of electronic data and information. A lot of that is important data. In fact, some of the data is critical to both the survival of and the continued operation of the business. Losing data or having it corrupted from hacking, malware, human error, or hardware failure can have huge impacts. It is critical to keep a data backup plan and know how to restore electronic information.

IT Recovery Strategies

It will be important to create recovery strategies for information technology (IT) systems, data, and applications. This would include connectivity, data, wireless devices, laptops, desktops, servers, and networks. Prioritize the aspects of IT recovery and make that priority list consistent with that of the business function recovery. Don’t forget the IT resources needed for the time-sensitive business functions. It’s also important that the IT resource recovery time needs to match the recovery time objective applied to the business process or function (this depends on the IT resource.)

Information technology systems can’t run without connectivity, data, software, and hardware. If just one of these components were to be lost, the entire system probably wouldn’t run. Because of this, recovery strategies are needed for the anticipated loss of at least one of these components:
  • Software applications (office productivity, enterprise resource management, electronic mail, electronic data interchange, etc.)
  • Connectivity to service providers (wireless, cable, fiber, etc.)
  • Hardware (peripherals, wireless devices, laptop and desktop computers, servers, and networks.)
  • Computer room environment (a secured computer space with included climate control, backup and conditioned power supply, etc.)
  • Data and restoration
Some business applications won’t be able to handle any downtime. These business applications use dual centers. These centers handle data processing (the same data is mirrored between both centers.) Only larger companies would be able to afford this expensive solution. For those who can’t afford this solution, other solutions are available.

Internal Recovery Strategies

Some businesses have two or more facilities with which they can work. One facility can have similar hardware and software applications that were configured from another site. Production can keep going as long as the data is backed up and mirrored at an alternate site.

Recovery Strategies that are Vendor Supported

“Hot sites” for IT disaster recovery are available from certain vendors. These are sites that are equipped with software and hardware. Subscribers can provide unique software or equipment at the hot site stored for later use or at the time of the disaster. Vendors can host and manage data security applications and services as well as data streams. The information is accessible either at the primary business site or if you use a web browser it is available at an alternative site. If a vendor discovers an outage at the client site, until the client’s system has recovered the vendor will automatically hold the data. The vendors could also provide data detection of malware threats and data filtering. Both enhance cyber security.

Developing an IT Disaster Recovery Plan

Each business needs to develop its own IT disaster recovery plan. Begin by compiling an inventory of your hardware (wireless devices, laptops, desktops, servers, etc.), data, and software applications. The critical information needs to have a backup included in the plan.

Critical software applications, as well as the hardware which will run them, need to be identified. Standardized hardware is used for replicating and/or reimaging new hardware. When reinstalling replacement equipment you will need to have available copies of program software. Do the software and hardware restoration on a most-needed-first basis.

The business continuity plan needs to include the IT disaster recovery plan. To make sure it works, test it periodically.

Data Backup

Businesses produce a lot of data. That data changes as the workday progresses. Data can get compromised or stolen, lost, corrupted, etc. through human error, hardware failure, hacking, and malware. Businesses will suffer substantial disruption if data is lost or corrupted.

Both your technology disaster recovery plan and your business continuity plan need to include data backup and recovery. In order to develop a data backup strategy, you need to identify which data to backup, decide on and execute both software and hardware backup procedures, schedule and carry out backups, and you should every so often confirm that the data is backed up correctly.

Developing a Data Backup Plan

Recognize the data on desktop computers, network servers, wireless devices, and laptop computers that need to be backed up (in conjunction with other information, hard copy records, etc.) Backup the desktop and laptop computers along with the wireless devices to a network server. Make sure this is done often. This allows data on the server to get backed up. Digitally scan hard copy vital records and back them up.

Options for Data Backup

Effective ways for businesses to back up data include cartridges, tapes, and large capacity USB drives that have integrated data backup software. The plan should address the security of the backups, frequency of the backups, and secure off-site storing. The backups need to be preserved with as much security as the originals.

The “cloud” is available backup data storage from some vendors. For a business with an internet connection, this is a cost-effective solution. Backups are done automatically for the software that is installed on the client computer or server.

To avoid unacceptable loss, backup the data as much as possible. The “recovery point objective” should be defined for the evaluation of the potential for lost data. IT and business process recovery time objectives should be compared with data restoration times.

Are You Prepared?
Be informed about disasters
Make an emergency survival plan
Build a survival kit
Community and state resources
Emergency Resources by State
Be Informed

Disaster Preparedness
Accidental Hazards
Terrorist Hazards
Disaster Protection
Disaster Recovery
Make A Plan

Plan for Risks
Plan for Family
Develop a Custom Plan
Indian Country
Location Plans
School Emergency Plan
Workplace Plan
Build A Kit

Disaster Supplies Kit
Maintain Your kit
Kit Locations
Water Supply
Food Supply
Supplies Checklist


Plan Escape Routes
Utility Shut-off
Vital Records
Test Safety Skills
Home Storage

Program Management
Business Planning
Testing and Exercises
Program Improvement