6 Steps That Might Be Missing from Your Disaster Recovery Plan

Drawing up a disaster recovery plan for a small- to mid-size business can be a challenging prospect. You may have looked online for a generic guide on how to write a disaster recovery plan. While this can be a good start, there are also steps you should include that you may not consider after looking at a blank template.

Let’s take a closer look at six steps that might be missing from your disaster recovery plan, why you should include them, and how to implement them into your plan.

1. Disaster recovery is not “one size fits all”

The first thing to consider when adapting a previously existing plan template for your company is that disaster recovery is not a “one size fits all” approach. Every business is different, and while a template may have useful tips on how to start your plan, it shouldn’t be an exact replica of what you want to offer.

You might not consider this a formal “step” as part of your business continuity or disaster recovery plan, but it’s an important consideration. Ensure your plan is customized to your specific industry and line of work. There are going to be components of a disaster recovery plan in one industry that won’t be applied in other sectors.

2. Cybersecurity is just as important as physical security

Your disaster recovery plan likely covers how you manage your team and company’s physical security. But is your team’s cybersecurity covered as part of your plan? What happens if there’s a data breach or some other type of catastrophic cyber event?

Most businesses include an online component. Whether you sell your product or service through e-commerce or have an email list with customer contact information, a data breach could prove severely impact your team’s ability to do business. A cyber attack combined with some other type of disaster or event could exponentially harm your ability to operate effectively.

Cybersecurity should be built into your disaster recovery plans. It may not play a role in every disaster you face, but it has the potential to. Faulty cybersecurity practices also have the ability to lead to disasters of their own.

3. Is your IT staff represented within your important points of contact?

Your disaster recovery plan should include the contact information for every point of contact within your organization responsible for a different component of the recovery efforts. That includes someone within the IT department.

If your IT systems are impacted in a way that will significantly impact business, you’ll need to know that. You’ll also need to have an IT expert on hand to advise how to move forward and repair those issues.

If your IT systems aren’t impacted by a disaster, you’ll still need to have your IT team at the ready to assist. Your IT systems will be a major part of your response and communication efforts. You’ll need them to be functioning at 100% capacity. If there are any disruptions, it could prove costly to your team’s ability to engage with each other effectively.

4. Do you have a backup plan for your data?

In a disaster where your data may be compromised, it’s important to understand A) if you have a backup plan in place to store your data and B) where your data is stored.

Do you have cloud software? Are your backup files stored on physical servers? Do you not have a reliable backup system for your data, and if so what steps are you taking to remedy the situation? Is your data secure and accessible?

Confirming that your data is backed up and unaffected by the disaster is an important step in the recovery process. It allows for better continuity once the recovery is over and you’re ready to resume normal business operations.

5. Do you have 24/7 assistance?

You may have an IT team in place to help assist you with your disaster recovery. But what are their hours? Do you have a plan in place to account for surge support? When can they be available, and for how long?

Unfortunately, disasters don’t always wait for the workday to begin. They can happen at literally any moment, including outside of your core business hours. That’s why having 24/7 assistance – and including steps on how to contact them within your disaster recovery plan – is integral. This helps you have sustained, consistent support throughout the duration of a disaster.

Depending on the type of event you’re facing, the recovery could go on for hours, days, or weeks. You’ll need to be prepared to have a team in place available to help at any time of day or night.

6. Your plan should have training exercises built in to test it

Documenting your plans is a necessary step in the disaster recovery process. The only issue is that writing your plan is one thing and executing it is a totally different matter altogether.

To iron out any issues with your disaster recovery plan, make sure to include a step within it that allows you to hold a training exercise testing the plan during non-disaster periods of time. This will help you and your organization understand what type of information they should share when a disaster does hit. Everyone on your team will understand their roles and expected responsibilities. The goal is that with some training and testing, they’ll have the preparation they need to flawlessly execute the plan when the real thing occurs.


Ultimately, the specific steps included in your disaster recovery plan will depend on the size and makeup of your organization. For a small- to mid-size business, you’ll need buy-in from everyone in the organization. When you include all of the steps outlined above into the plan, be sure to socialize the plan with everyone in your company. By familiarizing your team with the plan, there will be no surprises when it comes time to put it into action.

Looking for more information on how to manage your disaster recovery efforts? Reach out to the BWS team. We’re disaster recovery experts who are ready to help. Contact us today!