Answer
Disaster Recovery Plan (DRP) is to restore the operability of systems that support mission-critical
and critical business processes. The objective is for the organization to return to normal operations as soon as possible. Since many mission-critical and critical business processes depend on a technology infrastructure consisting of applications, data, and IT hardware, the DRP should be an IT focused plan. Every organization should develop a Disaster Recovery Plan for all applications. Restoration of systems does not necessarily imply technology redundancy. The DRP may call for some procedures to be completed manually. The decision to revert to manual procedures, rather than to build and maintain an IT infrastructure is a cost-driven decision made by the organization. Having a DRP in place reduces the risk that the length of time that a disruption in a business process does not go beyond what has been determined to be acceptable by management in the organization. During the recovery phase, the focus is on establishing controls over occurring events to limit the risk of any additional loses.
Developing a technical disaster recovery strategy is just one step in the overall Disaster Recovery Planning process. This process is common to all systems and utilizes the following steps:
• Develop the Business Contingency Planning Policy and Business Process
• Conduct a Risk Assessment
• Conduct the Business Impact Analysis (BIA)
• Develop Business Continuity and Recovery Strategies
• Develop Business Continuity Plans
• Conduct awareness, testing, and training of the DRP
• Conduct Disaster Recovery Plan maintenance and exercise