Disaster recovery is the process, policies and procedures related to prepare recovery or restart infrastructure critical to an organization after a natural or human-induced disaster. Despite of all precaution to protect the system and data, the system may be un-operational or data is lost. In that situation, the main objective of a organization is to return to normal operations as soon as possible. Therefore some plan and procedure is required to ensure restoration of the system very soon after the disruption. Disaster Recovery Plan (DRP) focuses on primarily on the technical issues involved
in keeping systems up and running, such as which files to back up and the maintenance of back up computer systems or disaster recovery services.
Disaster can be classified in two broad categories:
1) Natural disasters—Preventing a natural disaster is very difficult, but it is possible to take precautions to avoid losses. These disasters include flood, fire, earthquake, hurricane, etc.,
2) Man-made disasters are major reasons for failure. Human error and intervention may be intentional or unintentional which can cause massive failures such as loss of communication and utility. These include accidents, walkouts, sabotage, burglary, virus, intrusion, etc.
For example, credit card companies maintain a duplicate computer center in a different geographical area, far from the main centre to serve as an emergency backup to its primary computer center. Rather than build their own back up facilities, many firms contract with disaster recovery firms. These disaster recovery firms provide hot-sites housing spare computers at different locations where subscribing firms can run their critical applications in an emergency.
Every organization should develop a Disaster Recovery Plan for all applications. Restoration of systems does not necessarily imply technology redundancy. The DRP may require some procedures to be completed manually. The decision to revert to manual procedures, rather than to build and maintain an IT infrastructure is a cost-driven decision made by the organization. Having a DRP in place reduces the risk that the length of time that a disruption in a business process does not go beyond what has been determined to be acceptable by management in the organization. During the recovery phase, the focus is on establishing controls over unwanted events to limit the risk of any additional loses.