What is Your IT Disaster Recovery (DR) Plan? How Frequently Do You Perform DR Drill Tests?

Written By Harry Bodd


Without a Disaster Recovery (DR) plan, your organization is at exceptional risk of loss of business, hacking, cyber-attacks, loss of confidential data, and more. Your DR plan can prolong your business continuity potential until the disaster has been appropriately handled. In doing this, you are able to keep your customers satisfied, while at the same time being assured that the disaster is only temporary. But, how do you ensure your DR plan is foolproof and updated? Read on…


Successful enterprises – both large and small – have effective disaster recovery (DR) solutions. And not only do they have their solutions in place at all times, but they also regularly review them to see if any changes need to take place; this involves performing DR drill tests at least once a year simulating a LIVE scenario. It’s during these drills that any security and backup issues can be identified and addressed. So, the question is this: What does your DR plan look like and when was the last time you performed a DR drill test?

What is an IT DR Plan?

An IT DR plan is comprised of many components, with its ultimate goal being to protect an organization from events that can lead to severe negative consequences. While human actions can lead to a high risk of disaster – cyber-attacks, hacking, etc., – there are also natural disasters that must be planned for, as well, including tornadoes, fires, floods, earthquakes, and more.

An effective IT DR plan will involve backing up all business data at regular intervals, using a combination of FULL and incremental backups on pre-defined backup schedule. Backups are scheduled during the periods of low activity on the network and on a BACKUP ONLY network. By doing this, a company can be rest assured that in the wake of a disaster, data will still be accessible, which can greatly reduce disaster downtime. The IT DR plan should include a list of first-level contacts and persons/departments within the company, who can declare a disaster and activate IT DR operations. It should also include an outline and content stating the exact procedures to be followed during a disaster. At least 2-4 potential IT DR sites with hardware/software that meets or exceeds the current production environment should be made available. DR best practices indicate that DR sites should be at least 50 miles away from the existing production site, so that the Recovery Point Objective (RPO)/Restoration Time Objective (RTO) requirements are satisfied.

Although an IT DR plan may not be able to completely eliminate downtime, it should serve to ensure mission-critical functions are maintained, including the protection of sensitive customer information. Most IT DR plans include any or all of the following components:

  • Inventory List of CRITICAL Production Systems that are necessary to conduct business
  • Backup Tape Retention Policy
  • Offsite Backup Tape facility and time to deliver tapes at DR site
  • Steps to restore servers
  • Software repository that contains approved Production OS Images and Application Software, with relevant patches and updates.
  • Restore mainframes along with their backups
  • Re-establish one or more private branch exchanges (PBXs)
  • Making provisions for local area networks (LANs)
  • Quick detection of unauthorized users
  • Secondary resources, including a backup email server, alternate forms of communication, etc.
  • User Testing of the new DR environment
  • Validity of the data restored
  • Employee training for DR practices
  • Secure offsite location

Understanding the Significance of an IT DR Plan

The significance of an IT DR plan cannot be overemphasized. Without one, your organization is at exceptional risk of loss of business, hacking, cyber-attacks, loss of confidential data, and more. Your DR plan can prolong your business continuity potential until the disaster has been appropriately handled. In doing this, you are able to keep your customers satisfied, while at the same time being assured that the disaster is only temporary.

When Hurricane Sandy left its devastating effects in October 2012, it inflicted $65 billion worth of damage. It was at this point that businesses started to assess their IT DR plans thoroughly. Still, there are many businesses that don’t have proper IT maintenance in place, including the creation of an IT DR plan. And with 53% of businesses not being able to tolerate less than 60 minutes of downtime due to enormous losses in revenues, it makes it all the more important that IT DR plans be created by all businesses, both large and small.

Without an IT DR plan, your business will likely endure the following at some point or another:

  • Downtime exceeding one hour
  • Broken communications with customers and employees
  • Loss of confidential data
  • Network hacking
  • Server malfunction


How Often to Update an IT DR Plan

To put it simply, your IT DR plan should be tested at least once a year. If you are a large organization employing more than 150 employees, you might want to consider testing it at least once every quarter. Any time a test is performed and issues are noticed, this means that your IT DR plan needs to be updated. Do keep in mind that DR testing will involve any entity working with your company; so, you may need to contact vendors and suppliers ahead of time.

5 Tips to Ensure Your IT DR Plan is Up-to-date and Foolproof

1. In order to ensure your IT DR plan is operating as it should be, you will need to test it on a regular basis. This includes reading the blueprint of the plan and making adjustments, as need be. You’ll also want to walk your employees through the plan at least once every six months to see if they have any suggestions.

2. You can also create a DR pretend event and test your plan in action. A service provider that offers managed network services can help you with this.

3. A part of your testing should also include testing each app. All programs and apps need to have a password that is at least 16 characters long, including letters, numbers, and symbols; this helps deter the vulnerability of being hacked. And don’t forget that password generators can easily become your worst enemy. Password generators are meant to help you remember various passwords to different applications and programs; however, they can also reveal the passwords to any user with access to your network. Imagine, for instance, that your long-time best friend – who also happens to be into credit card fraud – uses your computer. This could lead him to unintentionally (or intentionally) coming across your VoIP login information; this surely won’t end up in your favor. Because of this, password generators should not be in use.

4. If you can hack into your own system, this a sure-fire sign that other people can, too. Your company or your network service provider should have an IT staff member, who acts as a “pentester.” A pentester will work on your network to see if there are any vulnerabilities. If vulnerabilities are found, the pentester will exploit them and try to prove that the system can be hacked into, thus leading to a possible loss of data. If it is found that your pentester can hack into your system, proper action should be taken to remedy these issues.

5. Also, when checking your IT DR plan, make sure that it includes a section that ensures all cookies have been cleared. A well-known sign that hackers have chipped their way into your network is by taking a look at your cookies. To put it in simple terms, when you conduct activities over the internet, the associated data is stored in the form of virtual “cookies.” If you leave these cookies lying around, the hackers are sure to pick them up. Everyone connected to your network infrastructure should be mandated to clear both their cookies and cache on a regular basis, preferably at least once every two weeks.

6. Log all activity during an IT DR test from start to finish. Analyze the logs and fine-tune problem areas and update your existing IT DR plan to incorporate these changes.

How to Perform DR Drill Tests

To perform a DR drill, make sure it meets the following goals:

  • The DR plan is kept in both paper and digital form. The most recent form will supersede all previous versions.
  • The plan itself is accessible by more than one person during a disaster.
  • The plan is realistic.
  • All network partners, vendors, suppliers, and customers have multiple ways to communicate with you in the event of a disaster: email, phone, text, VoIP, video, etc.
  • The DR plan lists out at least five people who have expertise in DR.

Performing a drill will, of course, be influenced by the exact IT DR plan that you have in place, as well as the outsourced companies that manage your business activities. You must test all apps, creating solutions for ways to access the critical apps and programs in the event that a disaster occurs. If, at any point, you notice any discrepancies during the drill and testing process, they must be remedied as quickly as possible. This may include performing server updates, modernizing your equipment, outsourcing additional network services, and more.

A Close Look at Companies With First-Class IT DR Plans

It was in 2014 that it was found that almost 40% of businesses had endured noteworthy downtime during the previous year due to the loss of access to critical applications. Nearly 60% of these businesses did not have an IT DR plan in place. Had they had such a plan, they, most likely, would not have endured as much downtime as they did.

How ExterNetworks Can Help

A disaster is anything that comes on unexpectedly and causes havoc with your day-to-day operations. Here, at ExterNetworks, we have a fully-equipped team of trained professionals, who can help create and implement IT DR plans. No matter what the industry your business operates within, we have the requisite IT knowledge that it takes to provide you with a secure network that is protected from disasters. We understand the importance of DR, and every service that we provide is aligned with an effective DR agenda. For more information on how we can be of service to your enterprise, download managed services case studies .

The Takeaway

Without a DR plan in place, your IT department can never assure you that your data will be secure at all times. With proper planning, an IT DR plan can serve as the backbone of your business, and when it comes to first-class DR activities, adequate testing and DR drills will ensure you have the protection you deserve.


Is Internet of Things (IoT) Going to Be Another ‘Shadow IT’ Issue for Your Business?


4 Changes to Your IT Policy Critical for SaaS Cloud Adoption | ExterNetworks

Harry is the Director of Technology Services at ExterNetworks responsible for all production technology and customer solutions technology development. Harry has over 18 years of information, communication and technology experience. Harry is a technology visionary with keen interest in building secure and scalable platforms.