Elevity Services


Gain a deeper understanding of how Elevity’s approach to technology management will impact your organization.

About Elevity

Elevity is one of the largest and most capable technology management providers in the Midwest. Our team of technology experts can help you reach a truly elevated level of IT strategy, security, solutions and support.

A division of



How to Insure Yourself Against a Cyberattack

Learn more →



2675 Research Park Drive
Madison, WI 53711

A division of


7 Steps to Developing an IT Disaster Recovery Plan

Mark Flesch
Facebook LinkedIn Twitter Email

Whether it’s hurricanes hitting coastal regions, wildfires scorching the West or ice storms gripping the south, those in the path of these devastating events may not be able to escape damage. In some cases, they lose everything.

Natural disasters happen anywhere, creating a devastating human toll. Although less destructive physically, there are other events that can significantly disrupt our lives, including downed power lines, software failures, security breaches, ransomware attacks, data loss and more. No matter the cause, the impact and costs of downtime on businesses can be significant.

Would you be able to keep your systems up and running in the event of a major disruption, data loss or prolonged power outage? If not, you’re not alone.

Several studies show that as many as three in four small businesses don’t have a written backup and disaster recovery plan or business continuity plan in place. These types of documents should be a critical part of any company’s strategic plan.

What is an IT Disaster Recovery Plan (DRP)?

A disaster recovery plan is a proactive, formal document containing clear, step-by-step instructions on how to respond in the event an organization is unable to operate or access mission-critical data due to unplanned disruption caused by a natural disaster, security breach, power outage or other incident.

Included in the plan will be protocols, processes and strategies to minimize the effects of disruption and to allow the organization to continue operating or resume business operations quickly.

Creating a business disaster recovery plan and business continuity plan can protect your company and the livelihood of your employees. What is included in an IT disaster recovery plan? It should include the following key steps.

  1. Identify Potential Threats
  2. Determine Potential Outcomes
  3. Outline Goals and Procedure
  4. Complete a Comprehensive Inventory
  5. Assign Clear Responsibilities
  6. Develop a Communication Plan
  7. Conduct Regular Reviews and Testing

RELATED: Backups vs. Disaster Recovery: What's the Difference?

1. Identify Potential Threats

What possible scenarios could interrupt your essential functions? Does your area get tornados, floods or heavy snowstorms? Are there gaps in your cybersecurity protocols that are opening the door to cybercriminals? What about internal threats like a disgruntled employee?

Your disaster recovery plan should apply to all the situations that could disrupt your operations. Identifying and understanding potential threats can only help you to better prepare for every possible contingency.

2. Determine Potential Outcomes

In addition to knowing the threats that could derail your operations, it’s important to walk through what will happen in the wake of such catastrophes. For example, what happens when your company becomes the victim of ransomware?

If you’re unprepared for this possibility, chances are you’ll end up paying the ransom in order to regain control of your network and access to your files. The other potential outcome is that you refuse to pay, and you have to start over from scratch.

3. Outline Goals and Procedures

Another option, of course, is setting goals and developing a plan that includes the appropriate technical support. This might involve a cost-effective managed services provider that hosts off-site system backups you can implement in just such an emergency to keep your business up and running.

You’ll need to identify Recovery Time Object (RTO) — each system’s maximum allowed downtime — and the maximum amount of data loss you’re willing to accept, also known as Recovery Point Object (RPO). Another goal is to identify specific backup procedures, including where critical data will be backed up and how to recover it.

Ideally, there is a secondary data center recovery site in a remote location containing replicated data that is frequently backed up so that it can be restored or switched to a backup hot site if other critical systems go down. In the event of a cyberattack, you’ll need emergency response procedures to mitigate the damage as quickly as possible. Work with a qualified Managed IT provider to help you outline appropriate procedures.

RELATED: Stay Up & Running: Minimizing Downtime with BDR

4. Complete a Comprehensive Inventory

Conduct a complete inventory of any hardware, software and applications in use. Then, prioritize them in the order in which they should be restored if they go down. Include information about each piece of equipment including any serial numbers, technical support information and contact information. Also be sure to develop a list of any passwords to access cloud storage, cloud-based programs, CRM systems, other data storage and backups.

5. Assign Clear Responsibilities

In the event of a natural disaster, everyone should immediately know any actions they need to take. That can only happen when those responsible for deploying the disaster recovery plan are identified by name and are familiar with your recovery process.

Who will be in charge of getting systems back up and running? Who will make the phone calls or send emails? Who will speak with the media or law enforcement if necessary?

Include people like upper-level IT managers and other experts on your IT team, department heads, C-level executives, and human resources or public relations managers. List these individuals by name, however, not title, so that there isn’t any ambiguity about key roles and responsibilities. Be sure to routinely update their current email addresses and phone numbers. Also list a backup person in the event someone is unavailable.

6. Develop a Communication Plan

Now that everyone knows their responsibilities, they’ll need a clear understanding of how to communicate with one another. During a disaster, regular modes of communication are sometimes unreliable. If that happens, how will you communicate with employees, vendors and customers? You’ll need to outline procedures and business processes for contacting them, along with backup plans in the event email, cell coverage or phone lines are down.

As part of your written process, include plans for updating your website and any online portals to keep others informed about next steps. Some businesses even set up private social media groups for select individuals who need to be part of disaster recovery efforts. Communication is key for your entire workforce, so make sure no one is left in the dark.

Check your service level agreements (SLAs) to understand any vendor or service provider assistance that is available. If you work with a Managed IT or ECM provider, for example, make sure they’ll be there for you when you need them. They should work diligently alongside you to resolve any problems as quickly as possible as part of your recovery strategy.

7. Conduct Regular Reviews and Testing

Once you’ve developed a disaster recovery plan, conduct periodic reviews and updates. Answer the following questions:

  • Is someone who’s listed as being responsible for a critical task no longer with your company or have they changed roles?
  • Have passwords to access or recover certain programs been changed?
  • Have you contracted with a new Managed IT provider or installed new software?

Technology changes at a rapid pace and, if current information isn’t listed, your plan could be rendered ineffective.

Just as important as making sure information is accurate is making sure people know what to do with it. Schedule regular practice drills, similar to how you might schedule routine fire drills. If not regularly reviewed and practiced, people can easily forget their roles and the steps they need to take.

There’s much more involved, so be sure to download our guide to How to Develop an Effective Business Continuity Plan to get started.

Having a plan helps provide uptime assurance and protection against any form of system failure.

Enlisting a Managed IT provider can help you assess your needs. They’ll come alongside you to develop a robust and effective IT disaster recovery plan and can possibly even provide you with a basic disaster recovery plan template. Reach out to the experts at Elevity today and we’ll be happy to talk.

GFC - How to Develop an Effective Business Continuity Plan

Subscribe by Email