Recovery Plan Checklist

8 Things to add to your Cyber Disaster Recovery Plan Checklist

Recovery Plan ChecklistDo you know what you would do if a fire were to engulf your building? Would you be able to survive it with little to no struggle or would you be running helter-skelter, wondering what you should be doing? Whether you are dealing with a physical disaster or a cyber disaster, having a simple disaster recovery plan checklist that covers just about any scenario imaginable is a must!

Why Disaster Recovery is so important

According to this year’s Fire-Eye’s M-Trends 2020 report, threat dwell times are falling but still have a median time of 30 days in 2019. That means that on an average, attackers dwell inside the system without being detected for an entire month!

However, to combat this, the 2019 Crowdstrike Global Threat Report talks about a ‘1-10-60’ rule to combat these advanced cyber threats. You must be able to detect an incident in one minute, investigate and scope that incident in ten minutes (or less), and respond and remediate the incident within 60 minutes. Without a reputable disaster recovery plan, you will fail every time.

What should be on your disaster recovery plan checklist

1.    Check the business impact and assess risk

It is essential to first identify the threat/ risk before creating any type of disaster recovery plan (DRP). It is easy to identify the most likely threats and to calculate risk by performing a risk assessment and business impact analysis.

2.    Set recovery objectives

To reduce downtime and the cost of data loss, it important that this step is a part of your DRP checklist. Set key objectives with RTO (Recovery Time Objective) and RPO (Recovery Point Objective), so that you can build an optimal data recovery plan.

3.    Get the team involved – assign roles and responsibilities

Identify all necessary members of a successful DRP. This may include both internal and external members. Create a list of who should be contacted first in the various threat scenarios. Keep the assigned member informed and trained on how to deal with the incident, should it arise.

4.    Take extra precaution with critical documents

Every disaster recovery plan checklist should account for this step to ensure document security. These days, even the smallest businesses deal with the transfer and storage of data. It the face of an incident, it is possible that the company might face an expected loss of critical data. Recovery of such data is challenging (not to mention expensive) to do so. By storing all critical documents in a remote location, you inadvertently save your business from business disruption.

5.    Recognize equipment must-haves

Create a list of tools that you will need in the face of an incident. With the list, ensure that you have a pre-approved budget for resources (recovery tools and services) to help ease flow and build a successful disaster recovery plan.

6.    Keep all stakeholders informed

There have been many cases where organizations have faced incidents and not kept stakeholders informed. Such cases have led to high payouts and reputational damage, some even making headlines (not for the right reasons). Avoid the ruckus and keep all stakeholders informed at all times.

7.    Regularly update the disaster recovery plan

A disaster recovery plan is crucial for every business, irrespective of a small or big enterprise. It enables you to contain the breach and ensure that the business operations are not affected. While there are many risks to not having a DRP, the foremost benefit of having a disaster recovery plan is that you will gain the support and trust of your clients, stakeholders, and law enforcement.

8.    Test the disaster recovery plan to ensure totality

As technology advances, so do hacking methodologies and compliance policies. To create a sound DRP, regularly test it to ensure that the latest recommended strategies are implemented in line with the latest in the industry and the constant changes within the organization.


What is a Disaster Recovery Plan?
A disaster recovery plan (DRP) is a well-documented approach focused on business continuity at the time of natural or human-interfered security incidents. A DRP includes a set of policies, tools, and procedures that ensures the recovery of lost data and the continuation of daily operations of a business.

Read more: 8 Steps to a successful disaster recovery plan

What happens if I don’t have a disaster recovery plan?
Here are four things that can happen when you don’t have a disaster recovery plan:

  1. Data loss
  2. Effect of business operations
  3. Expensive recovery
  4. Loss of clients

Read more: 4 Things that can happen in the absence of a disaster recovery plan

What are the essential steps to creating a disaster recovery plan?

Follow these steps to create a strong and sound disaster recovery plan.

Step 1: Understand what is important

Step 2: Choose a technique and document the plan/ Create a guide

Step 3: Constantly update your recovery plan

Read more: 3 Essential steps to a sound disaster recovery plan

get certified from ec-council
Write for Us