Regardless of whether a disaster is natural or manmade, it can destroy a company completely. Of those companies that are impacted by a disaster, 43% never open their doors again, 51% close within two years of the disaster and only 6% manage to remain open for the long term. Having a well written business continuity plan (BCP) which includes a disaster recovery plan as well should be one of the top priorities of the company. Writing one is not something that you do over lunch one day, however and there are several steps that have to be followed to have an adequate DRP. The more prepared that you are, the better your company may survive any potential disasters.

Most of the larger companies focus between two and four percent of their IT budget on their DRP. The focus on the plan should be on the resumption of applications, data, hardware and communications as soon as possible after a disaster has struck. The beginning step of writing this plan is research followed by writing the plan and finally its implementation.

Step One: What will the plan cover?

The scope of the actual business continuity plan will have to be identified as the first step. A full audit of the total assets of the company should be made as well as a risk analysis for those assets. Every aspect of the business will be covered by the BCP, however in most cases the DRP will focus on IT services and their recovery.

Step Two: How will disaster impact the business?

The next step in research will be a full analysis of the financial losses that could result from any destructive event or disaster whether it is natural or manmade.

Step Three: Take the plan to upper management

Nothing will get done without the say so of the upper management team, and they have to be on board with your DRP from the start or you are only wasting your time. Get them with the numbers and then sell your plan while they are still trying to digest the fact that the majority of businesses hit by disaster fail within two years if not immediately. Make sure that they are fully aware of every single risk that you can think of.

Step Four: Assign roles to each department

Each department within the company should have a role to play in the event of a disaster- and everyone should be aware of what that role entails fully and clearly.

There are many companies that help others write their disaster recovery plans. In addition, the National Institute of Standards and Technology has tools that can help companies create their own plans as well. Each plan should take into account the three types of measures: preventative, detective and corrective. Like their names imply, these measure seek to stop events from happening, detect or discover unwanted events, or restore and correct following an event, respectively.