week 8
K1.8 How a disaster recovery plan (DRP) works:
A Disaster Recovery Plan (DRP) is a documented process that outlines how an organisation will recover its IT services and data following a disruption such as a cyber attack, fire, flood, hardware failure or power outage.
The goal of a DRP is to:
-
Recover services
-
Maintain business continuity
-
Protect digital security
-
Minimise downtime and data loss
How a Disaster Recovery Plan Works
A DRP is built step-by-step to ensure it’s thorough, effective, and ready to be used when needed. Below is the full process:
Define the Scope of the Plan
Before writing a DRP, the organisation must define what areas the plan will cover.
| Scope Level | Description |
|---|---|
| Data Centre Premises | Covers the infrastructure: servers, storage, backups, physical environment |
| Organisational | Ensures continuity across the entire business operation |
| Departmental | Focuses on individual teams like HR, Finance, IT – each may need tailored recovery steps |
| Individual | Covers recovery at the user level – for example, ensuring employee laptops are replaced and access is restored |
This step ensures nothing important is missed in the recovery plan.
Gather Relevant Information
To create a useful DRP, the organisation needs to collect essential data about its systems and past issues.
| Type of Information | Description |
|---|---|
| Historic Outage Details | Helps identify what went wrong in the past and how recovery can be improved |
| Hardware, Software & Network Inventories | Lists all critical IT assets that would need recovery, including licenses and configurations |
| Contact Information | Includes IT staff, emergency response teams, suppliers, third-party service providers |
Having the right people and tools listed makes the response much faster and more accurate.
Risk Assessment
A DRP must be based on a proper risk assessment to understand what needs to be protected and how.
| Assessment Area | Description |
|---|---|
| Assets | Identify important systems, devices, and data that must be recovered |
| Threats | Fire, cyber-attacks, power loss, data corruption, etc. |
| Vulnerabilities | Weaknesses in current systems or controls that increase the risk |
| Probability of Occurrence | How likely the threat is to happen (e.g. flooding in low-lying areas) |
| Impact | The damage that would be caused to the business if the threat occurred |
This step helps prioritise what should be restored first in the event of a disaster.
Creating the DRP
With the scope, information, and risks identified, the actual plan is developed.
Key Elements to Include:
-
Objectives: Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)
-
Roles & Responsibilities: Who does what during recovery
-
Resources Required:
-
Systems (e.g. backup servers, cloud platforms)
-
Equipment (e.g. replacement PCs, mobile devices, routers)
-
The plan should be written clearly so anyone on the IT team can follow it in an emergency.
Plan Approval
Once the plan is created, it must be formally approved.
| Stage | Description |
|---|---|
| Sign-Off | The DRP should be signed off by senior management, IT leadership, or compliance officers to make it official and enforceable. |
Approval ensures that the plan is trusted, understood, and adopted by the wider organisation.
Testing the DRP
The plan must be tested regularly to ensure it works in practice.
Testing Steps:
-
Identify the scope of the test – will it simulate a total server failure or just user access loss?
-
Identify the resources needed – people, hardware, test environment.
-
Determine testing frequency – e.g. every 6 months, annually.
-
Implement the test – simulate an incident and follow the DRP steps.
-
Review and document the outcome – identify what went well and what didn’t.
-
Amend the plan – update procedures based on test results.
Testing ensures the plan remains current and effective as systems, staff, and threats change.
Continuous Improvement
After testing, the plan should continue to evolve through ongoing reviews.
| Method | Description |
|---|---|
| Internal Audits | Regular checks by internal teams to make sure the DRP still meets security and compliance standards |
| External Audits | Independent reviews by third-party experts to validate the plan’s effectiveness |
Continuous improvement ensures the plan is always ready when needed – not just written and forgotten.
"Part 2 - Those that fail to plan, plan to fail"
Scenario:
Your College/school’s network has gone down due to a power failure. You’ve been asked to help create a DRP.
Your Task:
1. Define the scope of the DRP (e.g. whole school? just IT services?)
2. Identify key assets and risks (e.g. school server, student logins)
3. List resources needed for recovery (e.g. backup server, laptops)
4. Create a step-by-step plan for restoring systems
5.Explain how you would test the plan and improve it over time
Extension: Create a checklist or flowchart based on the seven stages above.
Class discussion: Tutor led discussion exploring types of impacts that can occur within an organisation as a result of threats and vulnerabilities, including:
Danger to life.
Privacy.
Property and resources.
Economic.
Reputation.
Legal.
Last Updated
2025-07-11 14:58:44
English and Maths
English
Maths
Stretch and Challenge
Stretch and Challenge
- Fast to implement
- Accessible by default
- No dependencies
Homework
Homework
Equality and Diversity Calendar
How to's
How 2's Coverage
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|
Files that support this week
Week 7←
PrevWeek 8←
PrevWeek 9←
Prev→
Next