How Disaster Recovery Plans Work

Companies should plan for disasters that can destroy their office. See more pictures of natural disasters.
Peter Ginter/Science Faction/Getty Images

A good disaster recovery plan is like an information insurance policy for a small or large business. Also called a business continuity plan or an information availability strategy, a disaster recovery plan is a detailed, step-by-step course of action for getting a business back on its feet -- and quickly -- after a natural or manmade disaster.

When Hurricane Katrina slammed the Gulf Coast of the United States in 2005, it claimed more than 1,800 lives, wreaked $200 billion in damage and wiped out the communications infrastructure of a whole region. It uprooted 1,000 wireless towers and knocked down 11,000 utility poles.

The telecommunications sector tallied $400 to $600 million in damages alone and critical businesses were forced to shut down entirely, including 25 hospitals and 100 TV and radio broadcast stations.

In a disaster of Katrina's magnitude, there's only so much that can be done to salvage a business and keep essential services online. But as you'll see in this article, the right disaster recovery plan with the right contingency plans in place can help keep the core services of a company up and running in even the worst conditions.

For example, the disaster recovery company SunGard was able to keep its Gulf Coast clients in business by relocating many of them to SunGard hotsites, off-site facilities equipped with the computing power and backed-up data to keep systems and services online. Sungard's clients occupied these hotsites for an average of 22 days after the storm. Others relied on mobile hotsites -- 18-wheelers with servers and office equipment inside -- for an average of 18 days.

Besides the obvious threat of natural disasters, there are plenty of reasons why disaster recovery plans have become a requirement for doing business:

  • Increased reliance on computer networks, databases and online services means increased vulnerability in the case of a network outage, whatever the cause: employee sabotage, cyber attacks, viruses, sudden loss of Internet service, malfunctioning equipment, etc.
  • The SQL Slammer worm of 2003 shut down the ATMs of major banks like Bank of America and Washington Mutual for days and caused the cancellation of several Continental Airlines flights.
  • According to the 2006 CSI/FBI Computer Crime and Security Survey, 52 percent of the 616 large corporations surveyed said they'd experienced unauthorized use of computer systems within the past 12 months. The same survey says companies lost $16 million in virus contamination alone.
  • Several recent U.S. government regulations including the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach Bliley Act, Sarbanes-Oxley Act require that the health and financial industries have detailed contingency plans in place to safeguard confidential client information.
  • Customers expect essential online services like banking and e-mail to be accessible 24/7. These companies need to consider a lengthy list of potential disasters, both small and large, that could interrupt service to their clients and take steps to address all of them.

In this article, we'll go through each step of the disaster recovery planning process from the first proposal to regularly scheduled testing of the plan. Keep reading to learn how a company gets started on the road to disaster recovery.