The disaster recovery plan: a complete guide

A disaster recovery plan (DRP) is the documented — and above all tested — set of resources and procedures that bring the information system back into service after a major incident: outage, cyberattack, fire, cyclone. This guide covers its components, the steps to build one, how to test it, and the mistakes that turn a reassuring binder into fiction.
What exactly is a disaster recovery plan?
The DRP organises the reconstruction of the information system after a major interruption: in what order to restart, from which copies, on which infrastructure, by whom. It differs from the business continuity plan (BCP), whose goal is to keep the business running during the incident, including through degraded, non-IT means. Backups, finally, are neither one nor the other: they are raw material. Owning backups without a reconstruction procedure is owning bricks without the house plans.
Two quantified objectives govern everything else: the RTO, the maximum acceptable outage duration, and the RPO, the maximum admissible data loss. They are defined with the business, application by application — our RTO/RPO guide details the method. All DRP sizing follows from them: aiming for two hours of recovery or two days requires neither the same architecture nor the same budget.
The components of a disaster recovery plan
- The business impact analysis (BIA): which processes are vital, which applications carry them, which dependencies connect them, what their downtime costs.
- RTO and RPO targets per application, grouped into criticality tiers and signed off by management.
- The technical map: inventory of servers, networks, flows and inter-system dependencies — the restart order is derived from it.
- The recovery strategy: secondary site, replication, off-site backups including an immutable copy, able to survive a ransomware attack that also encrypts online backups.
- Failover and failback procedures, written to be executed under stress by someone other than their author.
- Roles and crisis communication: who decides to trigger, who executes, who informs clients and partners — and through which channel if email itself is down.
- Return-to-normal criteria: when and how to move back to the primary site without causing a second incident.
Building your DRP step by step
- Analyse business impact. List the critical processes and quantify what their interruption costs: this is the foundation that will justify every subsequent expense.
- Set the targets. Translate that analysis into RTO and RPO per criticality tier, decided and signed at management level — not in the server room.
- Choose the technical strategy. Restore from backup (economical, RTO in days), replication to a standby site (RTO in hours), or a duplicated active infrastructure (RTO in minutes). Most companies combine: each application gets the strategy of its tier, no more.
- Write the procedures. Not an architecture document: execution checklists — restart order, commands, checkpoints, contacts, decision thresholds.
- Deploy the means. Replication, standby site, off-site backups, and as much automation as possible: in a crisis, manual steps are the first to fail.
- Test, fix, test again. That is the subject of the next section — and what separates a DRP from a document.
An untested DRP does not exist
This is the most important rule in this guide. A plan that has never been executed is not a plan: it is an optimistic hypothesis. Every test reveals something — a forgotten dependency, an expired password, a backup that will not restore, a procedure made obsolete by the last migration. Better to find out on a scheduled Tuesday morning than during a real disaster at night.
Three levels of testing complement each other:
- The tabletop review: walking through the scenario in a room with all the players. Inexpensive, repeatable several times a year, it catches organisational inconsistencies and vacant roles.
- The partial test: actually restoring an application, failing over one service, timing it. It validates the technology, scope by scope, without stopping production.
- The full failover: running the business from the standby site, at least once a year — ideally before high-risk periods, such as before cyclone season in Mauritius.
Every test ends with a report: measured RTO and RPO against targets, observed gaps, a dated action plan. At SOVALYX, a DRP is only considered delivered after its first successful, timed failover: the test is the deliverable, not the document.
Classic mistakes, upkeep and checklist
The mistakes that come up most often:
- The paper DRP: a handsome binder never tested, obsolete six months after being written, shown to auditors and useless in a crisis.
- Backups stored with production — destroyed by the same fire, encrypted by the same ransomware.
- Forgotten external dependencies: directory services, DNS, carrier links, SaaS applications, and the provider itself — what is your DRP worth if theirs does not exist?
- The plan stored inside the failed server: procedures must live outside the system they are meant to rebuild, in a form accessible without it.
- The key person: a plan only one person knows how to execute fails with that person.
- The forgotten failback: failing over takes preparation; returning to normal production does too, and that second journey is often the trickier one.
A DRP is maintained the way it is built: reviewed at every significant architecture change, at every arrival or departure in the team, and at least once a year. Regular testing remains the best maintenance mechanism, because it forces whatever has drifted to be brought up to date.
The final checklist:
- Business impact analysis completed and validated by management.
- RTO and RPO defined per application, with the business, and signed off.
- Recovery strategy sized per criticality tier.
- Off-site backups, including an immutable, offline copy.
- Procedures executable by someone other than their author, stored outside the IT system.
- Roles, deputies and crisis communication plan defined.
- Recent partial test; full failover less than a year old.
- Test report with measured RTO/RPO, a tracked action plan — and an identified contact for the next deadline.
How SOVALYX can help
SOVALYX designs, hosts and operates disaster recovery end to end: replication to its private cloud in Mauritius, automated failover procedures, scheduled tests measuring actual RTO and RPO, all under SLA. The plan then evolves with your information system, updated at every significant architecture change.
Talk disaster recovery with an engineer🧰 The companion tool: What does one hour of downtime cost you? — free · 2 minutes.
Reviewed and optimised by AI.