• Skip to Content
  • Skip to Main Navigation
  • Skip to Search

disaster recovery plan template cis

Indiana University Indiana University IU

Open Search

  • Email & phishing scams
  • Identity verification
  • IU passphrases
  • Laptop & mobile device security
  • Malware, scareware, & ransomware
  • Wearable technologies
  • Use of survey software
  • Contesting copyright infringement notices
  • Disabling peer-to-peer file sharing
  • Copyright tutorial
  • Copyright infringement incident resolution
  • Vulnerability Disclosure Guidance
  • Keeping data safe
  • Web privacy
  • Account privileges
  • Remote Desktop
  • Policy Hierarchy
  • Privacy policies & FAQ
  • Acceptable Use Agreement
  • Information & IT Policy Process
  • Cyber Risk Review
  • Federal & international regulations
  • Indiana Data Protection laws FAQ
  • IT-12 Security Standards
  • Goals & Objectives
  • Risk assessment and treatment
  • Policy administration
  • Organization
  • Asset management
  • Human resources
  • Physical & environmental security
  • Communications & operations management
  • Identity & access control
  • Information systems acquisition, development, and maintenance
  • Incident management
  • Business continuity management
  • Privacy matters
  • Sharing institutional data with third parties
  • Information Risk Assessments
  • SecureMyResearch
  • Cloud computing
  • Audits & requirements
  • Data encryption
  • Back up data
  • Information security best practices
  • CIS Secure Suite

Disaster recovery planning

  • Managing employee data
  • Medical device security
  • Transferring data securely
  • Privacy Notice Generator
  • Incident Response Webservice
  • SSL/TLS certificates
  • Glossary of Terms
  • Trustees Resolution
  • Report Privacy Incident or Request Assistance
  • Emergency IT Incidents
  • Managing Incidents
  • Identity Theft
  • Reporting Suspected Sensitive Data Exposures
  • Reporting Suspected HIPAA Data Exposures

Information Security & Policy

  • Report an Incident
  • Resources for IT Staff

Departmental disaster recovery planning

Disaster recovery planning involves the process, policies, and procedures that enable delivery of critical technical services to Indiana University in the event of natural or man-made disaster.

Disaster recovery (DR) is an integral part of the overall business continuity program . While business continuity is concerned with continuation of the business of the university, disaster recovery or information technology business continuity is focused on the continued operation and function of technology to support those business functions.

A disaster recovery program ensures the technology that supports the business of the university will continue to function after an event occurs. Which departments and offices should think about DR? Any that use any form of IT, including email, to conduct business.

The purpose of this document is to help departments form a disaster recovery plan. Many services hosted by university departments are key in conducting daily university business; as such, plans for these services to provide continued functionality in the event of disaster is paramount.

Developing your disaster recovery plan

We have provided a strategy template to use in developing your departmental disaster recovery plan. Prioritizing your services from most critical to least critical is key to developing a useful plan, which should c learly define the steps and equipment needed to bring these critical services back online.

These steps should include who to contact, where backup data is stored and where new equipment should be sourced from if replacement is required.

Storing your disaster recovery plan

Indiana University’s IU Ready service should be used for storing your DR plan and business continuity plan (BCP).

The IU Ready service, found on One.IU , helps university administration understand the resources and dependencies needed to help your department recover from a major disaster, and provides a centralized location for storing these documents in a secure off-site location.

Auditing your disaster recovery plan

Regulary auditing your DR plan to reflect changes in your services is important to ensure that those tasked with bringing these services back up are working with the correct information. Changes to services such as IP address, VLAN, Administrator access and firewall settings should be updated as soon as these changes are made to the system.

It is also important to audit access to the IU Ready plan and its documents to reflect changes in staffing, contact information, and administrative access. Outdated information in your DR plan could result in additional down time.

Information Security & Policy resources

  • Leading in Cybersecurity
  • IU Data Management

How to Write a Disaster Recovery Plan + Template

Table of Contents

What is a disaster recovery plan?

Disaster recovery plan vs business continuity plan, what are the measures included in a disaster recovery plan, how to write a disaster recovery plan, disaster recovery plan template, disaster recovery plan examples, how secureframe can help your disaster recovery planning efforts.

disaster recovery plan template cis

  • July 27, 2023

Anna Fitzgerald

Senior Content Marketing Manager at Secureframe

Cavan Leung

Senior Compliance Manager at Secureframe

A study found that only 54% of organizations have a company-wide disaster recovery plan in place. This percentage is even lower for government IT departments (36%) despite the proliferation of ransomware and other cyber threats. 

Not having a documented disaster recovery plan can seriously hamper an organization’s ability to recover lost data and restore its critical systems. This can result in significantly higher financial losses and reputational damage.

To help ensure your organization can recover from disaster as swiftly and easily as possible, learn what exactly a disaster recovery plan is and how to write one. Plus, find some examples and a template to help get you started.

A disaster recovery plan (DRP) is a document that outlines the procedures an organization will follow to recover and restore its critical systems, operations, and data after a disaster. Examples of disasters that may disrupt the continuity of product or service delivery are natural disasters, cyber attacks, hardware failures, and human errors. 

In planning for disaster recovery, what is the ultimate goal?

The ultimate goal of disaster recovery planning is to minimize the impact of a disaster, and ensure business continuity.

Having a disaster recovery plan in place that is well-designed and regularly maintained can help organizations:

  • minimize downtime
  • reduce financial losses
  • protect critical data
  • resume operations quickly 
  • provide peace of mind for employees

A disaster recovery plan and business continuity plan both take a proactive approach to minimize the impact of a disaster before it occurs and may even be combined into a single document as a result. 

However, the key difference is that a disaster recovery plan focuses on limiting abnormal or inefficient system function by restoring it as quickly as possible after a disaster, whereas a business continuity plan focuses on limiting operational downtime by maintaining operations during a disaster. 

In other words, a disaster recovery strategy helps to ensure an organization returns to full functionality after a disaster occurs whereas a business continuity plan helps an organization to keep operating at some capacity during a disaster. That’s why organizations need to have both documents in place, or need to incorporate disaster recovery strategies as part of their overall business continuity plan. 

Recommended reading

disaster recovery plan template cis

How to Write a Business Continuity Plan & Why It’s Important for a SOC 2 Audit [+ Template]

Just as no two businesses are the same, no two disaster recovery plans are. However, they do typically include some common measures. These are detailed below.

  • Data backup and recovery

A section of a DRP should be dedicated to data backup and recovery. This should list backup methods, frequency of backups, the storage locations, and the procedures for data restoration.

  • Redundant systems and infrastructure

Another section may explain how the organization implements redundant systems and infrastructure to ensure high availability and minimize downtime if a disaster occurs. This may involve duplicating critical servers, network equipment, power supplies, and storage devices using clustering, load balancing, failover mechanisms, virtualization technologies, or other measures. 

Alternate worksite

A DRP may identify alternative worksites or recovery locations where the organization can operate if the primary site becomes inaccessible. This section should also define procedures and infrastructure needed to quickly transition operations to the identified alternate sites.

  • Communication and notification

Another part of DRP may define communication protocols and notification procedures to ensure communication during and after a disaster. Protocols and procedures typically include:

  • notifying employees, customers, vendors, and stakeholders about the disaster
  • providing updates on recovery progress
  • maintaining contact information for key personnel and emergency services

Recovery objectives

A DRP may set acceptable time frames for recovering systems and data in terms of recovery time objectives (RTO) and recovery point objectives (RPO). These objectives should be based on the criticality of systems and shape recovery strategies accordingly. 

  • RTO : The maximum amount of downtime allowed
  • RPO : The maximum loss of data accepted (measured in time)

disaster recovery plan template cis

The 10 Most Important Cybersecurity Metrics & KPIs for CISOs to Track

Writing and maintaining a disaster recovery plan requires collaboration and coordination among key stakeholders across an organization and can seem intimidating. Below we’ll outline the process step by step to help you get started. 

disaster recovery plan template cis

1. Define the plan’s objectives and scope

To start, define the objectives and scope of your disaster recovery plan.

Objectives may include:

  • safeguarding employees’ lives and company assets
  • making a financial and operational assessment
  • securing data
  • quickly recovering operations

Next, identify what and who the plan applies. Typically, assets utilized by employees and contractors acting on behalf of the company or accessing its applications, infrastructure, systems, or data fall within the scope of the disaster recovery plan. In this case, employees and contractors are required to review and accept the plan. 

2. Perform a risk assessment

Identify potential risks and vulnerabilities that could lead to a disaster, both internal and external to the organization. This should involve evaluating your reliance on external vendors and suppliers for critical services or resources and assessing their own disaster recovery capabilities to ensure they align with your organization's requirements.

3. Perform a business impact analysis

Next, determine the business functions, processes, systems, and data that are essential for your organization's operations. For each critical component, establish recovery time objectives and recovery point objectives. 

4. Define recovery measures and procedures

Define the appropriate measures and step-by-step procedures for disaster recovery based on the risks and business impact you identified. This includes identifying the individuals or teams responsible for recovery tasks, the resources required, and the order of recovery tasks.

As stated above, these recovery tasks may fall into the following categories:

  • Alternative worksite

You may also want to outline emergency procedures. These are the actions that should be taken during and immediately after a disaster occurs, and may include evacuation plans and communication protocols and coordination with emergency services.

5. Conduct testing and training regularly

Regularly test the disaster recovery plan to ensure its effectiveness and identify any potential gaps or weaknesses. Conduct training sessions for employees to familiarize them with their roles and responsibilities during a disaster.

6. Review and update the plan regularly

Review and update the disaster recovery plan periodically to incorporate changes in technology, business operations, and potential risks. Ensure that contact information, system configurations, and other relevant details are up to date.

Use this template to kick off your disaster recovery planning and customize it based on your organization's specific risks and objectives.

disaster recovery plan template cis

Below you can find examples of disaster recovery strategies and procedures from disaster recovery plans created and maintained by universities and other organizations. This should help you in brainstorming and documenting your own recovery strategies and plans for different services, environments, and types of disasters. 

1. IT disaster recovery plan

Southern Oregon University has a comprehensive disaster recovery plan specifically for its IT services because they are so heavily relied upon by faculty, staff, and students. There are disaster recovery processes and procedures outlined for various IT services and infrastructure, including its data center, network infrastructure, enterprise systems, desktop hardware, client applications, classrooms, and labs. 

Some of the IT disaster recovery processes and procedures outlined in the plan are:

  • Secure facility as necessary to prevent personnel injury and further damage to IT systems.
  • Coordinate hardware and software replacement with vendors
  • Verify operational ability of all equipment on-site in the affected area (servers, network equipment, ancillary equipment, etc.). If equipment is not operational, initiate actions to repair or replace as needed.
  • If the data center is not operational or recoverable, contact personnel responsible for the alternate data center and take necessary steps to ready the facility.
  • Retrieve most recent on-site or off-site back-up media for previous three back-ups. Prepare back-up media for transfer to primary or secondary datacenter, as determined during the initial assessment.

2. AWS disaster recovery plan

AWS walks through disaster recovery options in the cloud in this whitepaper . It explains four primary approaches to cloud disaster recovery:

  • Backup and restor e: Backup the data, infrastructure, configuration, and application code of your primary Region and redeploy them in the recovery Region. This is the least costly and complex approach. 
  • Pilot light : Replicate your data from one Region to another and provision a copy of your core workload infrastructure so that you can quickly provision a full scale production environment by switching on and scaling out your application servers if a disaster occurs. This simplifies recovery at the time of a disaster and also minimizes the ongoing cost of disaster recovery by “switching off” some resources until they’re needed.
  • Warm standby : Create and maintain a scaled down, but fully functional, copy of your production environment in another Region. This decreases the time to recovery compared to the pilot light approach, but is more costly because it requires more active resources.  
  • Multi-site active/active : Run your workload simultaneously in multiple Regions so users are able to access your workload in any of the Regions in which it is deployed, which reduces your recovery time to near zero for most disasters. This is the most costly and complex approach. 

3. Data center disaster recovery plan

The University of Iowa also has a comprehensive disaster recovery plan , which includes several processes and procedures for recovering from a disaster that affects its data center. Some of these include: 

  • Have large tarps or plastic sheeting available in the data center ready to cover sensitive electronic equipment in case the building is damaged due to natural disasters like tornadoes, floods, and earthquakes.
  • If replacement equipment is required, make every attempt to replicate the current system configuration.
  • If data is lost, then request that the IT department recover it from an off-site backup or cloud deep archive storage.

Secureframe’s automation compliance platform and in-house compliance expertise can help ensure your organization has the policies, controls, and expertise in place to protect systems proactively from business disaster and to recover if they do occur. Request a demo to learn how.

What are the 5 steps of disaster recovery planning?

The five steps of disaster recovery planning are prevention, mitigation, preparedness, response, and recovery. That means when planning, you should identify measures and actions to:

  • avoid or prevent a disaster from occurring
  • reduce the chances of a disaster occurring or the impact of it
  • enhance your ability to respond when a disaster occurs
  • be carried out immediately before, during, and after a disaster
  • restore your business operations as quickly as possible

What are the 4 C's of disaster recovery?

The 4 C's of disaster recovery are communication, coordination, collaboration, and cooperation. Below are brief definitions of each:

  • Communication  - developing and maintaining effective channels for sharing information before, during, and after disasters
  • Coordination  - aligning actions to other parts of an organization or other organization to prepare for and respond to disasters
  • Cooperation  - working with internal or external parties that share the same goal (ie. responding to and recovering from disasters) and strategies for achieving it
  • Collaboration - partnering with internal or external parties to identify challenges and responsibilities to recover from a disaster as quickly as possible

What are the three types of disaster recovery plans?

Disaster recover plans can be tailored to different services, environments, and types of disasters. So types of disaster recovery plans include ones for IT services, data centers, and cloud environments.

How do you create a good disaster recovery plan?

Creating a good disaster recovery plan requires a few key steps such as:

  • Performing a risk assessment and business impact analysis
  • Setting objectives, including recovery time objectives (RTO) and recovery point objectives (RPO)
  • Creating an inventory of critical assets
  • Defining data backup requirements and recovery strategies
  • Establishing alternate communication methods
  • Assigning specific roles and responsibilities

What are the key elements of a disaster recovery plan?

Key elements of a disaster recovery plan are:

  • Objectives and goals
  • Recovery measures and procedures
  • Testing processes
  • A communication plan
  • Defined disaster recovery stages

Diese Elemente sind erforderlich, um grundlegende Website-Funktionen zu aktivieren.

Immer aktiv

Diese Elemente werden verwendet, um Werbung bereitzustellen, die für Sie und Ihre Interessen relevanter ist.

Diese Elemente ermöglichen es der Website, sich an die von Ihnen getroffenen Entscheidungen zu erinnern (z. B. Ihren Benutzernamen, Ihre Sprache oder die Region, in der Sie sich befinden) und erweiterte, persönlichere Funktionen bereitzustellen.

Diese Elemente helfen dem Website-Betreiber zu verstehen, wie seine Website funktioniert, wie Besucher mit der Website interagieren und ob es möglicherweise technische Probleme gibt.

Durch die Nutzung Ihrer Website stimmen Sie unserer Cookie-Richtlinie zu

Apptega Logo

Disaster Recovery Plan Template

Download the Disaster Recovery Plan template to capture all of the information that describes the organization’s ability to withstand a disaster as well as the processes that must be followed to achieve disaster recovery.

  • Prevent the loss of your organization’s resources (hardware, data, and physical assets)
  • Minimize downtime related to IT
  • Keep the business running in the event of a disaster

Get your free

Upon submission, Apptega Inc. will collect the contact information provided and use it for future communications regarding our products and services. You may unsubscribe from these communications at anytime. Access our Privacy Policy to review our commitment to protecting your privacy.

We have received your information. To download your template, click the button below.

Related templates

1230 Peachtree Street NE Suite 2330 Atlanta, GA 30309 Find us

  • Español – América Latina
  • Português – Brasil
  • Cloud Architecture Center

Disaster recovery planning guide

This document is the first part of a series that discusses disaster recovery (DR) in Google Cloud. This part provides an overview of the DR planning process: what you need to know in order to design and implement a DR plan. Subsequent parts discuss specific DR use cases with example implementations on Google Cloud.

The series consists of the following parts:

  • Disaster recovery planning guide (this document)
  • Disaster recovery building blocks
  • Disaster recovery scenarios for data
  • Disaster recovery scenarios for applications
  • Architecting disaster recovery for locality-restricted workloads
  • Disaster recovery use cases: locality-restricted data analytic applications
  • Architecting disaster recovery for cloud infrastructure outages

Introduction

Service-interrupting events can happen at any time. Your network could have an outage, your latest application push might introduce a critical bug, or you might have to contend with a natural disaster. When things go awry, it's important to have a robust, targeted, and well-tested DR plan.

With a well-designed, well-tested DR plan in place, you can make sure that if catastrophe hits, the impact on your business's bottom line will be minimal. No matter what your DR needs look like, Google Cloud has a robust, flexible, and cost-effective selection of products and features that you can use to build or augment the solution that is right for you.

Basics of DR planning

DR is a subset of business continuity planning . DR planning begins with a business impact analysis that defines two key metrics:

  • A recovery time objective (RTO), which is the maximum acceptable length of time that your application can be offline. This value is usually defined as part of a larger service level agreement (SLA) .
  • A recovery point objective (RPO), which is the maximum acceptable length of time during which data might be lost from your application due to a major incident. This metric varies based on the ways that the data is used. For example, user data that's frequently modified could have an RPO of just a few minutes. In contrast, less critical, infrequently modified data could have an RPO of several hours. (This metric describes only the length of time; it doesn't address the amount or quality of the data that's lost.)

Typically, the smaller your RTO and RPO values are (that is, the faster your application must recover from an interruption), the more your application will cost to run. The following graph shows the ratio of cost to RTO/RPO.

Graph showing that small RTO/RPO maps to high cost.

Because smaller RTO and RPO values often mean greater complexity, the associated administrative overhead follows a similar curve. A high-availability application might require you to manage distribution between two physically separated data centers, manage replication, and more.

RTO and RPO values typically roll up into another metric: the service level objective (SLO), which is a key measurable element of an SLA. SLAs and SLOs are often conflated. An SLA is the entire agreement that specifies what service is to be provided, how it is supported, times, locations, costs, performance, penalties, and responsibilities of the parties involved. SLOs are specific, measurable characteristics of the SLA, such as availability, throughput, frequency, response time, or quality. An SLA can contain many SLOs. RTOs and RPOs are measurable and should be considered SLOs.

You can read more about SLOs and SLAs in the Google Site Reliability Engineering book.

You might also be planning an architecture for high availability (HA) . HA doesn't entirely overlap with DR, but it's often necessary to take HA into account when you're thinking about RTO and RPO values. HA helps to ensure an agreed level of operational performance, usually uptime , for a higher than normal period. When you run production workloads on Google Cloud, you might use a globally distributed system so that if something goes wrong in one region, the application continues to provide service even if it's less widely available. In essence, that application invokes its DR plan.

Why Google Cloud?

Google Cloud can greatly reduce the costs that are associated with both RTO and RPO when compared to fulfilling RTO and RPO requirements on premises. For example, traditional DR planning requires you to account for a number of requirements, including the following:

  • Capacity: securing enough resources to scale as needed.
  • Security: providing physical security to protect assets.
  • Network infrastructure: including software components such as firewalls and load balancers.
  • Support: making available skilled technicians to perform maintenance and to address issues.
  • Bandwidth: planning suitable bandwidth for peak load.
  • Facilities: ensuring physical infrastructure, including equipment and power.

By providing a highly managed solution on a world-class production platform, Google Cloud helps you bypass most or all of these complicating factors, removing many business costs in the process. In addition, Google Cloud's focus on administrative simplicity means that the costs of managing a complex application are reduced as well.

Google Cloud offers several features that are relevant to DR planning, including the following:

  • A global network . Google has one of the largest and most advanced computer networks in the world. The Google backbone network uses advanced software-defined networking and edge-caching services to deliver fast, consistent, and scalable performance.
  • Redundancy . Multiple points of presence (PoPs) across the globe mean strong redundancy. Your data is mirrored automatically across storage devices in multiple locations.
  • Scalability . Google Cloud is designed to scale like other Google products (for example, search and Gmail), even when you experience a huge traffic spike. Managed services such as App Engine, Compute Engine autoscalers, and Datastore give you automatic scaling that enables your application to grow and shrink as needed.
  • Security . The Google security model is built on over 15 years of experience with helping to keep customers safe on Google applications like Gmail and Google Workspace. In addition, the site reliability engineering teams at Google help ensure high availability and prevent abuse of platform resources.
  • Compliance . Google undergoes regular independent third-party audits to verify that Google Cloud is in alignment with security, privacy, and compliance regulations and best practices. Google Cloud complies with certifications such as ISO 27001, SOC 2/3, and PCI DSS 3.0.

DR patterns

DR patterns are considered to be cold, warm, or hot. These patterns indicate how readily the system can recover when something goes wrong. An analogy might be what you would do if you were driving and punctured a car tire.

3 photos of car flat-tire scenarios: no spare; a spare with tools; a run-flat tire.

How you deal with a flat tire depends on how prepared you are:

  • Cold: You have no spare tire, so you must call someone to come to you with a new tire and replace it. Your trip stops until help arrives to make the repair.
  • Warm: You have a spare tire and a replacement kit, so you can get back on the road using what you have in your car. However, you must stop your journey to repair the problem.
  • Hot: You have run-flat tires. You might need to slow down a little, but there is no immediate impact on your journey. Your tires run well enough that you can continue (although you must eventually address the issue).

Creating a detailed DR plan

This section provides recommendations for how to create your DR plan.

Design according to your recovery goals

When you design your DR plan, you need to combine your application and data recovery techniques and look at the bigger picture. The typical way to do this is to look at your RTO and RPO values and which DR pattern you can adopt to meet those values. For example, in the case of historical compliance-oriented data, you probably don't need speedy access to the data, so a large RTO value and cold DR pattern is appropriate. However, if your online service experiences an interruption, you'll want to be able to recover both the data and the customer-facing part of the application as quickly as possible. In that case, a hot pattern would be more appropriate. Your email notification system, which typically isn't business critical, is probably a candidate for a warm pattern.

For guidance on using Google Cloud to address common DR scenarios, review the application recovery scenarios. These scenarios provide targeted DR strategies for a variety of use cases and offer example implementations on Google Cloud for each.

Design for end-to-end recovery

It isn't enough just to have a plan for backing up or archiving your data. Make sure your DR plan addresses the full recovery process, from backup to restore to cleanup. We discuss this in the related documents about DR data and recovery.

Make your tasks specific

When it's time to run your DR plan, you don't want to be stuck guessing what each step means. Make each task in your DR plan consist of one or more concrete, unambiguous commands or actions. For example, "Run the restore script" is too general. In contrast, "Open Bash and run /home/example/restore.sh " is precise and concrete.

Implementing control measures

Add controls to prevent disasters from occurring and to detect issues before they occur. For example, add a monitor that sends an alert when a data-destructive flow, such as a deletion pipeline, exhibits unexpected spikes or other unusual activity. This monitor could also terminate the pipeline processes if a certain deletion threshold is reached, preventing a catastrophic situation.

Preparing your software

Part of your DR planning is to make sure that the software you rely on is ready for a recovery event.

Verify that you can install your software

Make sure that your application software can be installed from source or from a preconfigured image. Make sure that you are appropriately licensed for any software that you will be deploying on Google Cloud—check with the supplier of the software for guidance.

Make sure that needed Compute Engine resources are available in the recovery environment. This might require preallocating instances or reserving them.

Design continuous deployment for recovery

Your continuous deployment (CD) toolset is an integral component when you are deploying your applications. As part of your recovery plan, you must consider where in your recovered environment you will deploy artifacts. Plan where you want to host your CD environment and artifacts—they need to be available and operational in the event of a disaster.

Implementing security and compliance controls

When you design a DR plan, security is important. The same controls that you have in your production environment must apply to your recovered environment. Compliance regulations will also apply to your recovered environment.

Configure security the same for the DR and production environments

Make sure that your network controls provide the same separation and blocking that the source production environment uses. Learn how to configure Shared VPC and firewalls to let you establish centralized networking and security control of your deployment, to configure subnets, to control inbound and outbound traffic, and so on. Understand how to use service accounts to implement least privilege for applications that access Google Cloud APIs. Make sure to use service accounts as part of the firewall rules.

Make sure that you grant users the same access to the DR environment that they have in the source production environment. The following list outlines ways to synchronize permissions between environments:

If your production environment is Google Cloud, replicating IAM policies in the DR environment is straightforward. You can use infrastructure as code (IaC) tools like Terraform to deploy your IAM policies to production. You then use the same tools to bind the policies to corresponding resources in the DR environment as part of the process of standing up your DR environment.

If your production environment is on-premises, you map the functional roles, such as your network administrator and auditor roles, to IAM policies that have the appropriate IAM roles. The IAM documentation has some example functional role configurations—for example, see the documentation for creating networking and audit logging functional roles.

You have to configure IAM policies to grant appropriate permissions to products. For example, you might want to restrict access to specific Cloud Storage buckets .

If your production environment is another cloud provider, map the permissions in the other provider's IAM policies to Google Cloud IAM policies.

Verify your DR security

After you've configured permissions for the DR environment, make sure that you test everything. Create a test environment. Use IaC tools like Terraform to deploy your Google Cloud policies to the test environment. Verify that the permissions that you grant to users match the permissions that the users are granted on-premises.

Make sure users can access the DR environment

Don't wait for a disaster to occur before checking that your users can access the DR environment. Make sure that you have granted appropriate access rights to users, developers, operators, data scientists, security administrators, network administrators, and any other roles in your organization. If you are using an alternative identity system, make sure that accounts have been synced with your Cloud Identity account. Because the DR environment will be your production environment for a while, get your users who will need access to the DR environment to log in, and resolve any authentication issues. Incorporate users who are logging in to the DR environment as part of the regular DR tests that you implement.

To centrally manage who has SSH access to virtual machines (VMs) that are launched, enable the OS login feature on the Google Cloud projects that constitute your DR environment.

Train users

Users need to understand how to undertake the actions in Google Cloud that they're used to accomplishing in the production environment, like logging in, accessing VMs, and so on. Using the test environment, train your users how to perform these tasks in ways that safeguard your system's security.

Make sure that the DR environment meets compliance requirements

Verify that access to your DR environment is restricted to only those who need access. Make sure that PII data is redacted and encrypted. If you perform regular penetration tests on your production environment, you should include your DR environment as part of that scope and carry out regular tests by standing up a DR environment.

Make sure that while your DR environment is in service, any logs that you collect are backfilled into the log archive of your production environment. Similarly, make sure that as part of your DR environment, you can export audit logs that are collected through Cloud Logging to your main log sink archive. Use the export sink facilities. For application logs, create a mirror of your on-premises logging and monitoring environment. If your production environment is another cloud provider, map that provider's logging and monitoring to the equivalent Google Cloud services. Have a process in place to format input into your production environment.

Use Cloud Storage as part of your daily backup routines

Use Cloud Storage to store backups. Make sure that the buckets that contain your backups have appropriate permissions applied to them.

Manage secrets properly

Manage application-level secrets and keys by using Google Cloud to host the key/secret management service (KMS). You can use Cloud KMS or a third-party solution like HashiCorp Vault with a Google Cloud backend such as Spanner or Cloud Storage .

Treat recovered data like production data

Make sure that the security controls that you apply to your production data also apply to your recovered data: the same permissions, encryption, and audit requirements should all apply.

Know where your backups are located and who is authorized to restore data. Make sure your recovery process is auditable—after a disaster recovery, make sure you can show who had access to the backup data and who performed the recovery.

Making sure your DR plan works

Make sure that if a disaster does occur, your DR plan works as intended.

Maintain more than one data recovery path

In the event of a disaster, your connection method to Google Cloud might become unavailable. Implement an alternative means of access to Google Cloud to help ensure that you can transfer data to Google Cloud. Regularly test that the backup path is operational.

Test your plan regularly

After you create a DR plan, test it regularly, noting any issues that come up and adjusting your plan accordingly. Using Google Cloud, you can test recovery scenarios at minimal cost. We recommend that you implement the following to help with your testing:

  • Automate infrastructure provisioning . You can use IaC tools like Terraform to automate the provisioning of VM instances and other Google Cloud infrastructure. If you're running your production environment on premises, make sure that you have a monitoring process that can start the DR process when it detects a failure and can trigger the appropriate recovery actions.
  • Monitor and debug your tests with Cloud Logging and Cloud Monitoring . Google Cloud has excellent logging and monitoring tools that you can access through API calls, allowing you to automate the deployment of recovery scenarios by reacting to metrics. When you're designing tests, make sure that you have appropriate monitoring and alerting in place that can trigger appropriate recovery actions.

Perform the testing noted earlier:

  • Test that permissions and user access work in the DR environment like they do in the production environment.
  • Perform penetration testing on your DR environment.
  • Perform a test in which your usual access path to Google Cloud doesn't work.

What's next?

  • Read about Google Cloud geography and regions .
  • Explore reference architectures, diagrams, and best practices about Google Cloud. Take a look at our Cloud Architecture Center .

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2023-11-22 UTC.

U.S. flag

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber Services #protect2024 Secure Our World Shields Up Report A Cyber Issue

Hexagon shapes over dark gradient

Planning: Response & Recovery

Discover resources to prepare for and respond to cyberattacks

  • The First 48: What to Expect When a Cyber Incident Occurs (.pdf, 336.4 KB) (SAFECOM)  This document, developed in partnership with public safety officials who have firsthand experience with cyberattacks, will inform expectations, and provide recommendations on how to proceed after experiencing a cyber incident.
  • Essential Elements: Your Crisis Response (.pdf, 339.6 KB) (CISA)  This Toolkit focuses on responding to and recovering from a cyberattack. Topic areas include developing an incident response plan and disaster recovery plan, using business impact assessments to prioritize resources and identify systems to be recovered, knowing who to call for help in the event of a cyber incident, and developing an internal reporting structure to communicate to stakeholder.
  • Federal Government Cybersecurity Incident and Vulnerability Response Playbooks (.pdf, 1.09 MB) (CISA)  This document presents two playbooks: one for incident response and one for vulnerability response. These playbooks provide Federal Civilian Executive Branch (FCEB) agencies with a standard set of procedures to identify, coordinate, remediate, recover, and track successful mitigations from incidents and vulnerabilities affecting FCEB systems, data, and networks.
  • The National Cyber Incident Response Plan (NCIRP) (CISA) The NCIRP describes a national approach to dealing with cyber incidents and addresses the important role that the private sector, state and local governments, and multiple federal agencies play in responding to incidents and how the actions of all fit together for an integrated response.

Additional Cybersecurity Resources for ECCs

Homepage icon on dark blue background

911 Cybersecurity Resource Hub

Headset icon on a light blue background

Reporting a Cyber Incident

Clipboard with check marks icon.

Real World Use Cases

Cyber eye icon on a light blue background

Cybersecurity Awareness & Training

Shield with gear icon on a light blue background

Protecting Networks from Cyberattacks

Pen with transformation guides icon on a light blue background

Design & Implementation

Computer monitor with warning sign icon on a light blue background

Risk Assessments

SAFECOM and NCSWIC logos

For more information and resources visit  Transition to NG911  and  SAFECOM Resources .

Have a resource to add to the 911 Cyber Hub?  Submit Resource request

Disaster Recovery Plan Templates

By Andy Marker | November 26, 2018

  • Share on Facebook
  • Share on LinkedIn

Link copied

In this article, you’ll find the most useful disaster plan templates, available for download in Microsoft Word, Excel, PowerPoint, and PDF formats. Customize the free templates to fit your business needs so you can maintain productivity and operations in the event of a disaster.

Disaster Recovery Plan Template

Disaster Recovery Plan Template

Use this template to document and track all critical operations, personnel contact information, and key procedures to perform in the event of a disaster or business disruption. Use the designated space to record critical information, like the backup process, recovery sites, and restoration steps. This template is available for download in Microsoft Word, PowerPoint, and PDF formats.

Download Disaster Recovery Plan Template

Word | PowerPoint | PDF  | Smartsheet

See how Smartsheet can help you be more effective

disaster recovery plan template cis

Watch the demo to see how you can more effectively manage your team, projects, and processes with real-time work management in Smartsheet.

Watch a free demo

Disaster Risk Reduction Management Plan Template

Disaster Risk reduction Management Plan Template

Use this template to record the most essential information your organization needs in order to effectively gauge risks. Within the disaster risk reduction management plan, you’ll find space to detail risk severity and likelihood and outline it on a visual chart. Use this template to stay on top of risks and detail how to handle any disaster or disruption, no matter the severity.

Download Disaster Risk Reduction Management Plan Template

Excel  | PDF  | Smartsheet

IT Disaster Plan Template

IT Disaster Recovery Plan Template

This template outlines the specific steps for continuing business operations and recovery in the IT field. Space is included to document IT objectives, key IT personnel and all necessary contact information, recovery plan overview, and emergency response teams. Available in Microsoft Word, PowerPoint, and PDF formats, this template serves as a blueprint for recovering from all IT disruptions. .

Download IT Disaster Plan Template

Word | PowerPoint | PDF

Data Disaster Recovery Plan Template

Data Disaster Recovery Plan Template

Use this template to document the process for recovering key data after a disaster or disruption in business operations. With space to list a statement of intent, emergency response processes, financial and legal information, and recovery plan practice and implementation, this template will aid in the restoration of all critical business data.

Download Data Disaster Recovery Plan Template

Disaster Recovery Communication Plan Template

Disaster Recovery Communication Plan Template

This disaster recovery communication plan template will help you identify the core communications across team members in the event of a disaster. This template provides space to assign responsibilities, identify stakeholders, and set up a proper response plan. This template is available in both Microsoft Word and PDF formats.

Download Disaster Recovery Communication Plan Template

Payroll Disaster Recovery Plan Template

Payroll Disaster Recovery Plan Template

Plan, track, and manage a disaster that affects the payroll process of your organization and hinders normal HR operations. You can use this template to detail key contact information, disaster recovery teams, and emergency alert and activation measures dealing with a disaster that affects typical payroll operations. This customizable template is available in Microsoft Word, PowerPoint, and PDF formats.

Download Payroll Disaster Recovery Plan Template

School Disaster Management Plan Template

School Disaster Management Plan Template

In the event of a disaster or emergency situation at a school, use this template to plan the exact details involved in the response, mitigation, and recovery plan. Manage all risks that could potentially plague schools, such as site security or power outages. With space to document a full risk assessment, a preparedness plan, and response actions, your school will be fully prepared.

Download School Disaster Management Plan Template

Disaster Management Plan Template

Disaster Management Plan Template

Use this comprehensive template to detail the response and management plan of your organization after a disaster strikes. With space to include an outline of your overall disaster recovery plan, key contact information, disaster recovery procedures, and alternate recovery sites, this template enables you to manage any catastrophe that may affect your organization.

Download Disaster Management Plan Template

Simple Disaster Recovery Plan for Small Businesses

Simple Disaster Recovery Plan for Small Business Template

This template offers a simple yet comprehensive recovery plan for small businesses when a disaster or emergency situation interrupts typical activity. You’ll find space to outline everything from recovery plans to backup procedures, and even disaster site rebuilding and relocation plans. This template is available for download in Microsoft Word, PowerPoint, and PDF formats.

Download Simple Disaster Recovery Plan for Small Businesses

SaaS Disaster Recovery Plan Template

SAAS Disaster Recovery Plan Template

This template is specifically designed for SaaS organizations to plan, manage, and assess the damage after a disaster occurs. Outline key objectives, provide a detailed overview, and assign responsibilities across emergency and disaster response teams with this comprehensive template available in Microsoft Word, PowerPoint, and PDF formats.

Download SaaS Disaster Recovery Plan Template

Disaster Drill Evaluation Template

Disaster Drill Evaluation Template

Use this template during and after a disaster drill to evaluate the effectiveness of your organization’s plan. Record the type of disaster the drill is for, drill initiation and complete times, emergency response team accuracy, and lessons learned. Download and customize for your business needs, available in both Microsoft Word and PDF formats.

Download Disaster Drill Evaluation Template

Excel | Word | PDF

Disaster Call Tree Template

Disaster Call Tree Template

Streamline the process of phone communication when an emergency occurs. Use this template to detail the person responsible for starting the call tree, as well as all of the people who then contact others to effectively and quickly alert all team members of the disaster.

Download Disaster Call Tree Template

Excel | Word | PowerPoint | PDF

Manufacturing Disaster Recovery Plan Template

Manufacturing Disaster Recovery Plan Template

In the event of a disaster that affects the normal manufacturing operations, use this template to outline the critical details needed to restore manufacturing. With space to document critical personnel responsibilities, contingency operations, backup locations, and more, manufacturing teams can continue or relocate operations to maintain normal functions as quickly as possible.

Download Manufacturing Disaster Recovery Plan Template

Disaster Recovery Runbook

Disaster Recovery Runbook Template

Use this template to document the steps to recovery from a disaster. You can apply this template across a multitude of business functions or teams. Easily document key details like communication strategies, disaster declaration and response procedures, infrastructure overviews, and restoration details in one place. This template is available for download in Microsoft Word, PowerPoint, and PDF formats.

Download Disaster Recovery Runbook

Application Disaster Recovery Plan Template

Application Disaster Recovery Response Template

Use this template to document specific steps for recovering from a disaster or business disruption. There is space to include policy statements, contact information, and disaster and emergency response teams and procedures. This template is available to customize and download in Microsoft Word, PowerPoint, and PDF formats.

Download Application Disaster Recovery Plan Template

Law Firm Disaster Recovery Plan Template

Law Firm Disaster Recovery Plan Template

This template offers specific recovery procedures and processes associated specifically with law firms. Document disaster response steps, personnel losses, new employee training, and office space information to effectively tackle the aftermath of a disaster that plagues a law company. This template is available for download in Microsoft Word, PowerPoint, and PDF formats.

Download Law Firm Disaster Recovery Plan Template

What Is a Disaster Recovery Plan?

A disaster recovery plan (DRP) is a step-by-step procedure that outlines how a business or organization will recover from disrupted systems, operations, processes, or networks. The aim of a DRP is to identify critical systems or procedures, prioritize recovery time objectives (RTOs), document key personnel contact information, and outline any necessary policies to follow in the event of a disaster.

What Is the Purpose of a Disaster Recovery Plan?

A DRP is an essential document for any business or organization, as it ensures that all normal business processes, infrastructure, and applications continue to operate when a major disaster strikes. Usually, a disaster recovery plan is included as part of the overall business impact analysis .

Additionally, the plan provides details for responding to unplanned incidents, which can include cyber attacks, environmental or natural disasters (flood, earthquake, landslide, volcano, tornado, etc.), power disruptions, fires, employee errors, hardware or software failures, terrorism or sabotage, bomb or shooter threats, and more.

A DRP can also minimize the negative impacts of disasters by helping to ensure that all business locations are kept safe. In addition to all of these positive effects of having a DRP, it also helps with the following:

  • Ensure employees and team members can react rapidly and restore activity effectively, in light of an emergency or disaster.
  • Capture, summarize, and organize critical information needed to restore business operations.
  • Develop, test, and document a detailed, easy-to-understand plan.
  • Secure contingency plans, and ensure they are cost effective.
  • Build resilience within the business.
  • Identify responsibilities of each team member, and outline disaster practices to ensure effectiveness.
  • Prepare and respond to emergencies most likely to plague certain business, teams, or roles.
  • Ensure the overall prosperity and survival of the business.

Most businesses cannot afford to be non-profitable and lose critical operations for an extended period of time. DRPs help to ensure that all operations can be restored in a quick, responsive manner.

Steps For Creating a Disaster Recovery Plan

When you are writing your disaster recovery plan, start by conducting a thorough business impact analysis to identify your organization’s most essential parts or critical services and how a disaster might affect them. Assess the risk and impact associated with losing business functions in a disaster.

Look at historical or company background information to determine if any disasters have affected the organization in the past, and how they were consequently handled. Perform a gap analysis to compare what is currently being done to prevent or handle a disaster against what should be done, and see if there are missing components. Next, identify any existing preventive controls to mitigate disasters.

From there, you can start creating a disaster recovery plan by following these steps:

  • Develop recovery strategies.
  • Obtain management commitment and authorization to proceed with DRP creation.
  • Classify and prioritize business operations.
  • Set the scope of the DRP, either in covering a whole business, specific teams, or individual people.
  • Develop the cost estimate and scheduling of the plan to share with key stakeholders.
  • Determine supplies, equipment, and other infrastructure that must be maintained during a disaster.
  • Establish an emergency communication system, usually through a call tree, and include support services and assistance information.
  • Document emergency response actions and internal recovery strategies, and designate specific teams to carry them out, as well as dependent processes that must be handled in a particular order.
  • Determine data and records backup and data restoration times to ensure timely IT recovery.
  • Designate specific phases of your DRP, such as a response phase, resumption phase, and restoration phase.
  • Identify “hot” and “cold” sites, when necessary.
  • Plan an evacuation route.
  • Include detailed instructions and contact information in the case of a medical emergency.
  • Determine a comprehensive plan to rebuild a disaster site.
  • Determine a hazard assessment to minimize exposure to risks and dangers.
  • Create an emergency checklist to have on-hand when a disaster strikes.
  • Conduct tests and trainings of the DRP.
  • Perform an annual review of your DRP and document any necessary changes in the plan.

Who Are the Resources Involved in a Disaster Recovery Plan?

A DRP is comprised of many different human resources who are leveraged when a disaster or emergency strikes. These participants are usually grouped into teams to cover a variety of important responsibilities included in a DRP.

The plan development team helps craft the plan and assigns responsibilities to the other resources. The IT and application teams deal with disaster strategies that disrupt that portion of the business, and the emergency response team focuses on the overall emergency response process of the entire organization.

Within the emergency response team is a primary crisis manager and a company spokesperson who both focus on communicating and acting on emergency response procedures. An emergency contact helps in altering the rest of the business of the disaster, specifically to vendors or suppliers who may work remotely.

Tips For Creating a Disaster Recovery Plan

Because a DRP is an important document for any business or organization to have, creating the most accurate, clear, and actionable plan can be daunting. The following tips can help:

  • Establish clearly defined roles for each team member.
  • Get support and buy-in from senior management.
  • Keep the wording and process description simple.
  • Review results with business units.
  • Be flexible and accept suggestions regarding all parts of the DRP.
  • Plan for emergencies most likely to happen where you live, or according to your business.
  • Detail what to do in the event of lost communication, evacuation, and safety threats.
  • Make sure you have a strong communication plan across your organization.
  • Always plan and prepare for the worst case scenario.
  • Conduct extensive risk assessments to ensure you are covering all your bases.
  • Consider the specific needs or accommodations of all employees.
  • Organize your team and perform practice plans before a disaster actually strikes.

Once you have completed the plan, ask the following questions to ensure that your DRP is coherent, comprehensive, and easy to implement:

  • Are all employees able to execute the plan, and is everyone aware of their role?
  • Are backup procedures detailed, and are they accessible within a desired timeline?
  • Are there specific contingency operations in place if one of the primary procedures fails?
  • Is the recovery time objective and recovery point objective (RPO) practical for your business and all of your team members?
  • Can systems be restored before an excessive amount of revenue or data is lost?

Examples of Effective Disaster Recovery Plans and Additional Resources

For more direction in creating the most appropriate and actionable DRP for your business, refer to these recovery plan examples to gain familiarity and understanding of how to write and what to include in a DRP.

  • MIT Disaster Recovery Plan : MIT outlines all critical components of a DRP, including purpose of plan, disaster response, disaster detection, and business continuity teams.
  • IBM Disaster Recovery Plan : IBM clearly documents key details of their business to minimize the effect of a disaster, including recovery procedures, recovery sites, major goals, and plan testing.

To gain an even better idea of how to create the best disaster recovery plan, and detail why every business should have one, refer to these helpful resources and reports:

  • NIST Special Publication 800-34
  • EMC IT Downtime Report
  • Computer Security Resource Center
  • Guide to Test, Training, and Exercise Programs for IT Plans & Capabilities
  • Building an Information Technology Security Awareness & Training Program
  • FEMA: “Emergency Management Guide for Business and Industry”

Deploy Your Disaster Recovery Plan with Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

  • +1 (800) 826-0777
  • VIRTUAL TOUR
  • Mass Notification
  • Threat Intelligence
  • Employee Safety Monitoring
  • Travel Risk Management
  • Emergency Preparedness
  • Remote Workforce
  • Location and Asset Protection
  • Business Continuity
  • Why AlertMedia
  • Who We Serve
  • Customer Spotlights
  • Resource Library
  • Downloads & Guides

Minimizing Downtime With a Comprehensive Disaster Recovery Plan Checklist

Minimizing Downtime With a Comprehensive Disaster Recovery Plan Checklist

Preparing for recovery starts long before a disaster occurs. Use this checklist to help plan ahead to minimize disruptions and downtime from any business disaster.

Blog-CTA-Sidebar-Graphic-BusinessContinuity-Checklist

  • Checklist Infographic

13-Step Disaster Recovery Plan Checklist

When a disaster strikes—whether it’s a crippling ransomware event or a destructive natural disaster—a smooth recovery process is critical to getting back on your feet. But that recovery doesn’t simply unfold as soon as the storm recedes. Rapid operational recovery starts with planning long before the disaster even occurs.

Before Hurricane Michael hit Panama City in 2018, Coca-Cola Bottling Company UNITED, Inc., thought they were thoroughly prepared for the storm and recovery. “We have a really extensive hurricane preparedness plan across all of our coastal locations,” explains Gianetta Jones, Vice President & Chief People Officer. But the Category 5 storm caused severe damage to cell phone infrastructure that the Coca-Cola team was not ready for. Gianetta told us on The Employee Safety Podcast , “We had to pivot and purchased several very expensive satellite phones for our operators that were local to be able to communicate with us at the corporate office.”

Flexibility is necessary in disaster recovery, as disasters hardly follow a predictable plan. But the right preparation can make it possible to adapt and maximize your time and resources through recovery. A comprehensive disaster recovery plan is not just a “good-to-have” safety net; it serves as a roadmap for resuming operations efficiently and effectively, minimizing the impact on your business and clients. And a great way to get started on your disaster recovery planning process (or to review and reassess your standing plan) is with a disaster recovery plan checklist.

Whether you’re facing natural calamities, cyberattacks, or technological failures, this checklist will guide you through establishing robust protocols to protect your assets, data, and your operational continuity.

Download Our Business Continuity Checklist

disaster recovery plan template cis

1. Assess the risks and impacts

Conduct a thorough risk assessment to identify potential disasters and emergencies and look for vulnerabilities. Then, perform a detailed business impact analysis to understand the potential impact of disasters on your business operations. These assessments will help you determine what disasters you must prepare for and what recovery might be necessary.

2. Coordinate with departments and identify stakeholders

Engage all internal departments to gather input and ensure comprehensive coverage. In particular, you’ll want to work with teams involved in emergency preparedness, IT, business continuity, security, and any other function that may be impacted by the event. Additionally, determine any stakeholders, internal and external, crucial to the recovery processes.

3. Review past emergencies

Analyze any previous incidents your organization has been through to learn from past emergencies and refine your current planning efforts. You can also look at organizations similar in size and industry to understand how they have experienced disasters.

4. Assemble the leadership team

The disaster recovery team members will be dedicated to managing the disaster recovery process, though not necessarily executing the entire disaster recovery plan themselves. They will serve as important leaders and decision-makers throughout the process.

5. Document systems and processes

Thoroughly record all critical business systems and processes. This might include software applications, physical items in your facility, digital systems, on-site and off-site resources, or processes vital to your operations. If it is something that a disaster might impact, it should be considered in this step.

Once you have your list, do the following for each item:

For example, when building an IT disaster recovery plan, you’ll want to document all your IT systems, identify the most critical pieces of IT infrastructure, and arrange for data backups, secondary data centers, and other data protection for any critical data that may be impacted.

6. Analyze your recovery needs

Perform a detailed recovery analysis for each type of disaster that could impact the business. Include the following steps in this analysis:

7. Set up your recovery plan templates

If you are using a disaster recovery plan template, you’ll want to make copies of the template pages to fill out. You want a tailored recovery plan for each type of disaster, so multiple versions of the template are a must.

8. Assign personnel

Identify and document all personnel who will be involved in each recovery and response plan. Write down their roles and responsibilities within the recovery efforts and contact information.

9. Establish the activation criteria

Set clear criteria for when to activate the disaster recovery plan. Clarify the turning point between disaster response procedures and disaster recovery, so you don’t hesitate in the event of a disaster.

10. Write the recovery plan

The previous disaster recovery checklist stages prepare you to document your plan. Detail the specific steps and strategies to recover from each disaster you may face.

11. List resources and related documents

Document all the resources required for the recovery plan and their locations. Include links or references to any related plans and supportive documentation. This might include your business continuity plan , risk assessments from earlier in the process, or documentation for a specific recovery strategy.

12. Develop a communication plan

Communication is critical to recovery, so ensure your plan includes a clear process for reaching your employees, stakeholders, and external resources. Design a comprehensive emergency communication plan detailing:

13. Evaluate your response

Don’t make the mistake of building out your disaster recovery plan and assuming it can stay the same year after year. Not only are the disaster scenarios you face likely to change, but your organization will also grow and change; what worked for recovery at one point won’t necessarily work weeks, months, or years later. Regularly test, evaluate, and update the disaster recovery plan to ensure it still meets your business needs over time.

Planning for Resilience Through Operational Failback

With the right plan in place, recovery doesn’t have to feel like a disaster in and of itself. Develop a comprehensive disaster recovery plan with this checklist to keep your whole team on the same page and align their efforts.

Unlike an IT system failback, to recover your business operations, you often need to build them back up one by one. Following all 13 steps, you can ensure you don’t miss a critical system in your DR plan, and you minimize the effort it takes to quickly and confidently return to normal operations.

More Articles You May Be Interested In

Guide to ISO 22301 for Business Continuity Management

Business Continuity Checklist

Please complete the form below to receive this resource.

Check Your Inbox!

The document you requested has been sent to your provided email address.

Cookies are required to play this video.

Click the blue shield icon on the bottom left of your screen to edit your cookie preferences.

Cookie Notice

This is a potential security issue, you are being redirected to https://csrc.nist.gov .

You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock Locked padlock icon ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  • Drafts for Public Comment
  • All Public Drafts
  • NIST Special Publications (SPs)
  • NIST interagency/internal reports (NISTIRs)
  • ITL Bulletins
  • White Papers
  • Journal Articles
  • Conference Papers
  • Security & Privacy
  • Applications
  • Technologies
  • Laws & Regulations
  • Activities & Products
  • News & Updates
  • Cryptographic Technology
  • Secure Systems and Applications
  • Security Components and Mechanisms
  • Security Engineering and Risk Management
  • Security Testing, Validation, and Measurement
  • Cybersecurity and Privacy Applications
  • National Cybersecurity Center of Excellence (NCCoE)
  • National Initiative for Cybersecurity Education (NICE)

disaster recovery plan (DRP)

DRP show sources hide sources CNSSI 4009-2015 , NIST SP 800-12 Rev. 1 , NIST SP 800-82r3

   2. A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities. Sources: CNSSI 4009-2015 from NIST SP 800-34 Rev. 1    1. Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days. See continuity of operations plan (COOP) and contingency plan. Sources: CNSSI 4009-2015    A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities. Sources: NIST SP 800-34 Rev. 1 under Disaster Recovery Plan (DRP)    A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities. Sources: NIST SP 800-82r3 under Disaster Recovery Plan from NIST SP 800-34 Rev. 1 - adapted

Glossary Comments

Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.

Comments about the glossary's presentation and functionality should be sent to [email protected] .

See NISTIR 7298 Rev. 3 for additional details.

IMAGES

  1. 52 Effective Disaster Recovery Plan Templates [DRP] ᐅ TemplateLab

    disaster recovery plan template cis

  2. Disaster recovery plan template in Word and Pdf formats

    disaster recovery plan template cis

  3. Disaster Recovery Policy Template

    disaster recovery plan template cis

  4. Your complete disaster recovery plan template

    disaster recovery plan template cis

  5. 52 Effective Disaster Recovery Plan Templates [DRP] ᐅ TemplateLab

    disaster recovery plan template cis

  6. 52 Effective Disaster Recovery Plan Templates [DRP] ᐅ TemplateLab

    disaster recovery plan template cis

COMMENTS

  1. PDF NIST Cybersecurity Framework SANS Policy Templates

    Recover - Recovery Planning (RC.RP) RC.RP-1 Recovery plan is executed during or after a cybersecurity incident. SANS Policy Template: Disaster Recovery Plan Policy Recover - Improvements (RC.IM) RC.IM-1 Recovery plans incorporate lessons learned. SANS Policy Template: Disaster Recovery Plan Policy RC.IM-2 Recovery strategies are updated.

  2. Disaster recovery planning

    We have provided a strategy template to use in developing your departmental disaster recovery plan. Prioritizing your services from most critical to least critical is key to developing a useful plan, which should c learly define the steps and equipment needed to bring these critical services back online.. These steps should include who to contact, where backup data is stored and where new ...

  3. Developing an Effective NIST Disaster Recovery Policy and Template

    A Disaster Recovery Plan (DRP), as defined within the framework of the National Institute of Standards and Technology (NIST), is your organization's strategic document outlining the process for recovering data and critical functions following a disruptive event. Disasters can range from cybersecurity incidents like data breaches or ransomware ...

  4. How to Write a Disaster Recovery Plan + Template

    Writing and maintaining a disaster recovery plan requires collaboration and coordination among key stakeholders across an organization and can seem intimidating. Below we'll outline the process step by step to help you get started. 1. Define the plan's objectives and scope.

  5. PDF Guide for Cybersecurity Event Recovery

    improving recovery planning by learning lessons from past events, including those of other organizations, helps to ensure the continuity of important mission functions. This publication provides tactical and strategic guidance regarding the planning, playbook developing, testing, and improvement of recovery planning.

  6. Disaster Recovery Plan Template: 8 Key Steps for Businesses

    Disaster recovery plan template. 1. Asset management. At the beginning of drafting your DRP, you need to take stock and document all of your critical hardware and software for the business. This ...

  7. The Disaster Recovery Plan

    The Disaster Recovery Plan. The terrorist attacks on the United States on September 11, 2001 are focusing the attention of organization decision makers on the urgent need to prepare for disaster recovery. The Business Continuity Plan (BCP) describes the steps an organization takes when it cannot operate normally because of a...

  8. disaster recovery plan (DRP)

    A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume operations after an unplanned incident. A DRP is an essential part of a business continuity plan ( BCP ). It's applied to the aspects of an organization that depend on a functioning IT infrastructure.

  9. PDF IT Disaster Recovery Planning: A Template

    An IT disaster recovery plan is the lynchpin of an overall business continuity strategy. And the purpose of business continuity is to maintain a minimum level of service while restoring the organization to business as usual. If a business fails to put a disaster recovery plan in place then, when disaster strikes, the company risks losing customers

  10. Disaster Recovery Plan Template

    Disaster Recovery Plan Template. Download now. Plan. Penetration Testing Methodology Template. Download now. Apptega. 1230 Peachtree Street NE Suite 2330 Atlanta, GA 30309 Find us. Email: ... NIST 800-171 NIST 800-53 CMMC 2.0 CIS PCI DSS GLBA NIST CSF ISO 42001. Customer Stories. All Customer Stories Guernsey Case Study (MSSP) Evolve Case Study ...

  11. CISSP: Disaster recovery processes and plans

    As a part of the BRP, the disaster recovery plan (DRP) is a specific recovery plan that is concerned particularly with damaged or lost software, data, and/or hardware on one hand, and on overcoming the consequences of that on the other hand. It aims to minimize, as much as possible, potential functional damages caused by a disaster.

  12. Disaster recovery planning guide

    Disaster recovery planning guide. This document is the first part of a series that discusses disaster recovery (DR) in Google Cloud. This part provides an overview of the DR planning process: what you need to know in order to design and implement a DR plan. Subsequent parts discuss specific DR use cases with example implementations on Google Cloud.

  13. Planning: Response & Recovery

    Essential Elements: Your Crisis Response (.pdf, 339.6 KB) (CISA) This Toolkit focuses on responding to and recovering from a cyberattack. Topic areas include developing an incident response plan and disaster recovery plan, using business impact assessments to prioritize resources and identify systems to be recovered, knowing who to call for ...

  14. Free Disaster Recovery Plan Templates

    Disaster Recovery Plan Template. Use this template to document and track all critical operations, personnel contact information, and key procedures to perform in the event of a disaster or business disruption. Use the designated space to record critical information, like the backup process, recovery sites, and restoration steps.

  15. Disaster Recovery Plan Template

    Our disaster recovery plan template will help you create an effective disaster recovery plan for your organization. 1. Disaster Recovery Plan Goal. The goal of this disaster recovery plan is: To protect [Sender.Company] 's core operations. To ensure that critical business functions continue in the event of a disruption.

  16. Incident Response Policy Template for CIS Control 17

    Incident Response Policy Template for CIS Control 17. A comprehensive cybersecurity program includes protections, detections, response, and recovery capabilities. Often, the final two get overlooked in immature enterprises, or the response technique to compromised systems is just to re-image them to original state and move on. The primary goal ...

  17. Disaster Recovery Plan Checklist & Free Template

    13-Step Disaster Recovery Plan Checklist. 1. Assess the risks and impacts. Conduct a thorough risk assessment to identify potential disasters and emergencies and look for vulnerabilities. Then, perform a detailed business impact analysis to understand the potential impact of disasters on your business operations.

  18. 52 Effective Disaster Recovery Plan Templates [DRP]

    Table of Contents [ Show] A disaster recovery plan is a set process or a documented set of procedures which are created in order to retrieve the IT infrastructure of a business in the event of a disaster, which is why is can also be referred to as an IT disaster recovery plan. A disaster recovery plan example would be a written document with ...

  19. PDF CIS Disaster Recovery Kit

    CIS Disaster Recovery Kit Continuity of Operations Not Started In Progress Completed N/A Notes Continuity of Operation Plans (COOP) in place. See Risk Resource Library for template and directions for State's COOP Software-as-a-Service. ☐ ☐ ☐ ☐ Management succession plan developed. ☐ ☐ ☐ ☐ Internal emergency response team ...

  20. disaster recovery plan (DRP)

    DRP. show sources. Definitions: 2. A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities. Sources: CNSSI 4009-2015 from NIST SP 800-34 Rev. 1. 1. Management policy and procedures used to guide an enterprise response to a major loss ...