week 7
K1.7 The role and implementation of a disaster recovery plan in protecting the digital security of an organisation:
A Disaster Recovery Plan (DRP) is a formal set of procedures and controls used by an organisation to recover and restore IT services after a disaster such as:
-
Cyber attacks (e.g. ransomware)
-
Natural disasters (e.g. fire or flood)
-
Technical failures (e.g. server breakdown)
-
Power outages or building evacuations
The main role of a DRP is to:
-
Recover critical systems and services
-
Maintain service availability to users
-
Protect data integrity
-
Ensure that business operations continue with minimal interruption
It is usually supported by a broader Business Continuity Plan (BCP), which outlines how the whole organisation continues to function during and after a crisis.
🛠︠Components of a Disaster Recovery Plan
DRP controls can be both physical and administrative in nature.
Physical Components
These refer to infrastructure and hardware-based protections to help restore operations.
| Control Type | Description |
|---|---|
| Back-ups | Regular copies of data stored securely so they can be restored after loss or corruption. |
| Off-site Server Storage | Servers or data centres located at a different geographical location to protect against local disasters (e.g. flooding or fire). |
These ensure that even if the main system is destroyed or damaged, data and services can be restored from another location.
Administrative Components (Policies and Procedures)
These are organisational strategies and tasks that ensure services are restored efficiently and securely.
| Control Type | Description |
|---|---|
| Ensuring System Functionality | Making sure replacement hardware is arranged and operational (e.g. setting up new servers or laptops). |
| Remote Access Provision | Allowing employees to access systems remotely if the main office is inaccessible. |
| Deploying Back-Ups | Using stored back-up data to restore system functionality and prevent data loss. |
| Adapting to Business Needs | Ensuring that the restored systems and services continue to meet organisational objectives. |
| Asset Management and Logging | Keeping track of devices such as laptops by tagging them and logging movement across the network. |
| Reporting Infrastructure Changes | IT teams must report all changes (e.g. new hardware, recovery actions) to management for oversight. |
These policies ensure a coordinated response and help maintain control over resources during recovery.
Build a Disaster Recovery Plan for a Small Business
Scenario:
A small business has just suffered a fire that destroyed its main server room. As the IT support consultant, you must help create a Disaster Recovery Plan.
Task:
Choose two physical and three administrative DRP components.
For each:
Explain what it is
How it helps restore or maintain service
Why it’s important for digital security
Extension Task:
Create a checklist of actions IT staff should take in the first 24 hours following a disaster, including who to contact, what systems to prioritise, and how to document actions.
"Part 1 - Those that fail to plan, plan to fail"
Scenario: The college/school have realised that they do not have DRP (disaster recovery plan)
Tasks:
Determine the scope of the plan (for example, the computing department or the whole college).
Gather relevant information (for example, historic outage, equipment).
Identify risk (threats, vulnerabilities, impact and probability).
Last Updated
2025-07-11 14:43:06
English and Maths
English
Maths
Stretch and Challenge
Stretch and Challenge
- Fast to implement
- Accessible by default
- No dependencies
Homework
Homework
Equality and Diversity Calendar
How to's
How 2's Coverage
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|
Files that support this week
Week 6←
PrevWeek 7←
PrevWeek 8←
Prev→
Next