Trials and demos
How to buy

What Is Disaster Recovery?

Disaster recovery (DR) is the process an organization implements to recover from a security event that disrupts its technology operations. Developing an IT disaster recovery plan (DRP) allows organizations to resume operations quickly after a security event.

Cisco Talos cybersecurity response Cisco Crisis Response

    Why is disaster recovery important?

    Unexpected disasters can result in outages that impact networked IT systems. Cyberattacks, tech and equipment failures, natural disasters, and power outages are examples of disasters. The most important part of disaster recovery is having a safety plan in place that will help minimize disruption of business operations, customer frustration, data loss, and expensive recovery costs. Developing a plan beforehand reduces chaos during an event, when response time is critical.

    Cisco Crisis Response global relief response teams respond in the event of an emergency such as a natural disaster or humanitarian relief crisis. 

    Cisco Talos cybersecurity response teams are professionals who can assist in the event of a security breach such as a cyberattack. This emergency task force assists with active incidents and provides proactive services to strengthen cybersecurity resilience. 

    What are potential impacts of a disaster or attack?

    Cyberattacks are disasters. Just like any disaster, some of the impacts due to downtime from a disaster include:

    • Impact to your organization and your customers' organization due to system downtime
    • Loss of customer confidence from systems outages Impact on brand integrity
    • Loss of employee confidence
    • Diversion of resources from business-critical projects Financial loss such as reduction in stock price
    • Subject to legal action, due to reliability issues in your service level agreement (SLA)
    • Revocation of security accreditations
    • Other unforeseeable impacts to the business

    What is an IT disaster recovery plan?

    We encourage organizations to develop a disaster-response and recovery plan, a set of well-documented policies and processes to follow in response to security incidents and other disruptive events. The purpose of a disaster-recovery plan is to help you mitigate the impact of events and resume operations as quickly as possible. Make sure it is up to date and tested. The following are detailed points to consider when generating your plan.

    What is included in a DRP?

    An plan often includes:

    • Recovery time objective (RTO)
    • Recovery point objective (RPO)
    • Personnel involved and their roles
    • Inventories of equipment, hardware, software, networks, and systems
    • Data backup and recovery procedures
    • Steps to restore and recover systems

    What is the difference between BCP and DRP?

    Though sometimes used interchangeably, business continuity planning (BCP) is different from disaster recovery planning (DRP). BCP focuses on keeping all aspects of a business running after a disaster, while DRP is an essential technology component of a BCP for recovering IT systems after a disaster.

    What is the 3-2-1 rule for data backup?

    The 3-2-1 rule is a data backup and disaster recovery strategy for maintaining three complete copies of your data on two different types of storage, with one physical copy stored offsite. A backup and restore strategy is an important element of an emergency preparedness checklist.

    Example of disaster recovery plan

    Disaster recovery procedures

    A disaster recovery plan describes procedures to follow in response to three main elements of
    disaster recovery:

    • Physical damage to data, systems, or equipment
    • Data backup, including last-minute backups
    • Recovery of data assets from backups

    Disaster-recovery goals

    An IT disaster-recovery policy typically includes timeline goals for recovery, such as recovery point objectives (RPO) and recovery time objectives (RTO). RPO indicates how often a backup should be performed and the maximum acceptable age of a backup file, while RTO is the maximum amount of system downtime that doesn't cause significant business damage. 

    Personnel and responsibilities

    The DRP defines the disaster recovery team members' roles, responsibilities, and contact information. The plan gives every member an understanding of what to do in an emergency, when to implement specific actions, and whom to contact.

    IT inventory

    A thorough inventory of the organization's IT assets is an essential element of an IT DR plan. The organization's IT provider can conduct an assessment and risk analysis to prepare documentation for the DRP and help ensure compliance to regulations.

    Backup procedures

    In addition to the RPO and RTO, disaster backup procedures and recovery strategy describes how each data resource is backed up, the locations of these backups, the time required to back up resources (backup window) and how to recover resources from backup.

    Disaster recovery sites

    A hot site, or alternative site, is included in a disaster recovery plan. In an IT disaster, operations can switch to the alternative, remote data center that contains all critical systems and frequently backed-up data until the local systems are restored.

    Steps to restore

    The final step of the IT disaster recovery process is to restore systems and operations. An IT disaster plan includes a step-by-step procedure for restoring the entire system after a complete system loss. If the systems can actually be restored properly, it doesn't matter how fast backup windows are if backups are not tested in full-scale recovery scenarios. The RTO determines how much time teams have to recover systems to normal operations. 

    How to write a disaster recovery plan

    Analyze assets

    Identify your business's most critical IT assets. Keep an inventory of assets, including applications, hardware, software, networks, and servers. Rank their priority based on business value, stakeholder impact, financial impact, and legal compliance, among other factors. 

    Analyze risk

    One of the most important disaster preparedness steps is to perform a risk-management assessment to identify your business's security vulnerabilities and threats. A risk assessment and analysis is typically conducted by your IT team.

    Learn about risk management 

    Set objectives and procedures

    Define your disaster recovery objectives. Determine your RTO, or the period of downtime your business can sustain in the event of a disaster, and your RPO, or the maximum age of backup files used in recovery after a disaster.

    Write disaster-recovery procedures

    Use your asset inventory, risk analysis, RTO, and RPO to develop an emergency plan for teams to follow in a disaster. Write procedures for:

    • Data backup: Frequency and location of backups
    • Physical damage: Emergency responses to physical damage to assets
    • Recovery: Actions to restore data assets from backup following a disaster

    Manage backups

    Use the 3-2-1 rule for backup storage in disaster recovery management. Keep one physical copy stored offsite, two digital copies of different types, and keep all three complete copies up to date according to the RTO.

    It's also important to scan backups for malware before you restore.

    Test and optimize

    Train your team and test the recovery procedure to help ensure the plan is relevant and effective for rapid restoration of systems operations. Perform disaster recovery drills by restoring systems from backups and assess how it went to improve and update your plan. Continually reassess and improve the DRP, keeping records of changes made.

    Types of disaster recovery

    Data center disaster recovery

    Data center disaster recovery involves replicating and backing up critical data and applications to a physical offsite location for quick recovery in the event of a disaster. Data centers can be a reliable solution to help ensure business continuity in case of natural disasters or power failures.

    Network disaster recovery

    Network disaster recovery aims to restore and maintain network connectivity during and after a disaster. It involves redundant network infrastructure, failover mechanisms, and alternate network paths. This type of solution helps ensure uninterrupted communication and data transfer, mitigating the impact of a disaster on network operations.

    Disaster recovery as a service (DRaaS)

    Disaster recovery as a service, or DRaaS, is a cloud-based service that outsources the disaster-recovery process to a third-party service provider. DRaaS automatically replicates and stores data offsite in the event of a disaster to help ensure its availability. DRaaS helps minimize downtime, ensure data integrity, and rapidly restore operations.

    Cloud-based disaster recovery

    Cloud-based disaster recovery is a disaster recovery solution that leverages the cloud for data backup, replication, and recovery. With cloud-based disaster recovery, organizations can securely store and quickly recover their data and applications, helping ensure business continuity in the face of disaster.

    Virtualized disaster recovery

    Virtualized disaster recovery uses virtualization tech to create copies of servers, apps, and data. In a disaster, virtual resources are deployed quickly to alternate locations or the cloud. This minimizes downtime, simplifies recovery, and reduces dependency on hardware.

    Resources

    Get started

    XDR self-guided demo Get risk prioritization Cisco security resilience solutions

    Related security topics

    What Is an Incident Response Plan for IT? What Is Business Continuity? What Is Extended Detection and Response (XDR)? What Is Risk Management? What Is Security Resilience?