What is disaster recovery plan (DRP) and what are the different types of DRP testing?
Disaster recovery planning (DRP) refers to the processes, procedures and information necessary to recover critical IT functions in an organization. Furthermore, it helps the organization to prepare and recovery from any event or incident that may have the potential of interrupting operations or affect service delivery. It works within the timeframes that the organization determines in its Recovery Point Objective (RPO), Recovery Time Objective (RTO) and Business Impact Assessment (BIA).
Disaster recovery plan (DRP) is established to reduce risks and business impacts related to the onset of disasters, incidents and sometimes events. Moreover, it is a documented plan that organizations establish to deal with disasters or contingency operations. As opposed to business continuity plan (BCP), DRP focuses mainly on restoring IT functions to make sure that critical IT and other information systems are available to support critical business functions of an organization. However, DRP is closely related to BCP and more specifically DRP is subset of BCP. Moreover, DRP is the technical complement to the business-focused BCP document. It includes the technical controls that prevent disruptions and facilitate the restoration of service as quickly as possible after a disruption occurs
DRP is focused on restoring failed business functions as quickly as possible when critical business operations are disrupted. When disaster is declared, two important concepts determine the success or failure of the recovery procedures. Besides, disasters can be manmade or natural phenomenon. The following recovery objectives should be taken into consideration when dealing with disasters.
- Recovery point objective (RPO): refers to the amount of time for which recent data will be lost in the disastrous situation. It defines the point in time before the disaster where the organization should be able to recover data from a critical business process. RPO ensures that the data recovery and backup capabilities are established to minimize the amount of data that could be lost during disastrous event.
- Recovery time objective (RTO): refers to the amount of time to recover the business. RTO is the maximum tolerable length of time that a business function can be down after a disaster strikes
- Maximum tolerable downtime (MTD): the maximum length of time a business function can tolerate a disruption before suffering irreparable damage.
The DRP document contains the team members that respond to a disaster including the roles and responsibilities each plays. The DRP involves the following teams when responding to disastrous situations.
- First responders
- Escalation procedures
- Emergency management
- Communications
- Crisis management
- Salvage team
- Security
- Support
- Transportation
- Systems operation
- Engineering team