It is a proactive contingency approach, whereby the organization plans its emergency and recovery responses to a catastrophic event.
Disaster recovery planning (DRP) is a subsidiary discipline of business continuity planning which specifically focuses on the advance planning and preparations necessary to recover the essential operations, sites, functions, systems and resources of the organisation, in the event of catastrophic failure or disruption such as fire, flood, strategic supplier failure, major product recall or IT systems failure.
Where business continuity planning focuses on ‘keeping the business running’, disaster recovery planning focuses on ‘getting it up and running again’. A corporate business continuity plan may incorporate a range of specific DRPs for particular types of disaster and/or for particular sites, operations or systems of the business. Much of what we have said about the process of BCP (Table) also applies to DRP: particular emphasis will be placed on the testing of recovery plans (evacuation drills, communication test! stress tests of new systems and so on.)
Contents of the DRP
Some basic generic elements of a disaster recovery plan include
• Role and Responsibilities- Your disaster recovery plan should detail who is responsible for what tasks in the event of a disaster. Identifying the key roles and responsibilities to ensure everyone knows who is responding to which issue. This also helps to improve communication and minimize stress for everyone involved in the recovery process.
• Incident checklists for key staff- action checklists are easy to follow in emergency conditions.
• First stage –there should be clear, direct instructions for the current first hour following an incident identified as an emergency response and clear priorities
• Follow up stage- there should be a separate checklist of measures that can wait until after the first hour, this ensures a focused emergency response and clear priorities.
• Document review- agree how often, when and how you will check the plan to ensure that it is current, update plan to reflect changes in the organization risks.
The benefits of effective DRP
• The benefits of effective disaster recovery planning can be summarised as follows.
• Identification of business-critical systems, processes, resources and related vulnerabilities, to support risk management (and the prioritisation of recovery resources)
• Identification and definition of roles and responsibilities for response action, providing ownership, focal points for communication and clarity in an emergency situation
• Support for a swift, co-ordinated response in an emergency situation (where time and clarity may not be available to start formulating responses)
• Determination of the resources and timescales required to restore: minimum acceptable levels of operation and service (i.e. critical business deliverables and success factors)
• Reduction of the consequential or secondary risks arising from unplanned action and panic response
• Reduction of reputational and commercial risks from disrupted service to customers (and/or lack of at transparent and responsible response to the crisis)
• Opportunities for proactive input from suppliers and other key stakeholders to the recovery process (contingency planning, pre-commitment of recovery resources and support)
• Time to develop ‘resources and skills for recovery which are currently lacking (e.g. lead time for supplier development information assurance protocols, or the building of reputational strength)
• Imposing rigour on system, product and process, and relationship design and development, with a view to building in resilience (the ability to survive shocks)
• Increasing organisational risk awareness.
Implementation of DRP in disaster or crisis scenario in supply chain management
A disaster recovery plan for supplier failure (as part of a supply continuity plan) might include elements such as the following.
• Advance planning for contract termination and transition (exit strategy)
• Contract, performance and relationship management to minimise risk (and/or give early warning) of; supplier financial or operational problems
• “Supply chain mapping and environmental (STEEPLE) monitoring for early warning of supply vulnerabilities
• Pre identified and pre-qualified hack-up sources of supply
• Pre-negotiated framework contracts, with emergency (‘hot start’) call- off facilities
• Establishment of direct contacts with lower-tier suppliers (in case of first-tier failure)
• Pre-authorised procurement card or cash payment facilities to enable the payment of emergency suppliers (while credit arranged)
• Use of telephone cascade, Intranet or email to inform all relevant staff of the need to trigger the emergency response plan, on notification of supplier failure or supply disruption
• Trigger supplier transition arrangements and termination clauses: smooth handover guarantees; protection of intellectual property and confidential data; sharing of transition costs; ownership of assets involved in the contract etc.
• Notify business contacts and other stakeholders as appropriate
Computer system failure
A disaster recovery plan for computer systems failure might include elements such as the following
• Designated and testing of systems to minimise risks and maximise resilience
• Use of a telephone cascade (a call list, via which each member notified of an event is responsible for calling others) to inform all relevant staff as fast as possible of the need to trigger emergency recovery measures
• Restore equipment to working order, via emergency repair or replacement (e.g. triggering a high priority call-off on a pre-prepared supply contract), or drawing on back-up disaster recovery services (e.g. an off-site IT service with duplicate systems and data)
• Retrieve back-up devices from (pre-planned) off-sire storage — or access back-up data from virtual storage servers
• Re-install software and data
• Re-enter data from the period since the last back-up
• Notify business contacts and other stakeholders, as appropriate, if there are likely to be data gaps or systems glitches
Fire/flood emergency and damage to premises
A disaster recovery plan for fire, flood, earthquake, terrorist threat, explosion or other emergencies might include elements such as the following.
• Fire, emergency and evacuation procedures, equipment, alarms and practice drills
• Trained emergency officers (e.g. fire wardens) to co-ordinate emergency procedures
• Pre-planning of staff welfare provision: medical treatment, crisis counselling, briefings
• The use of remote-access ICT systems (laptops, mobile phones, text messaging) to co-ordinate activity
• The proactive use of off-site data hack-up and storage facilities and/or IT services
• The preparation of ‘alternative accommodation and work site arrangements
• Contracts in place to enable the call-off of stand-by services to cover disruption (e.g. IT services bureau, call centre)
• The triggering of fast-track emergency procurements or existing order expediting (if stock has been damaged)
• Notification of insurance providers
• Notification of business contacts and other stakeholders as appropriate
• Implement crisis management plan for corporate communications