Disaster Recovery Plan

A step-by-step guide to creating a small business disaster recovery plan.

Disaster Recovery Plan

November 19th, 2020

According to FEMA, almost 40% of small businesses don't recover from a disaster. Statistics also suggest that the longer it takes a business to get back to business as usual, the smaller the chance that the businesses will recover. This is where a well-constructed disaster recovery plan can make all the difference.

A disaster can be any incident that has the potential to severely inhibit or interrupt business operations. This could be a natural disaster, such as a hurricane, supplier outage, building fire, data security breach, or a pandemic, such as the current COVID-19 (Coronavirus) situation.

Business disaster recovery plans will vary depending on the type of business and the likely type of disasters. A business should cover a variety of possible disaster scenarios and emergencies to able to handle the situation decisively and without delay, ensuring a quick recovery.

How is a disaster recovery plan different from a business continuity plan?

A business continuity plan outlines the overall strategic approach for dealing with major incidents and disasters before, during, and after they occur. It includes measures for preventing and mitigating risks, emergency response plans, and recovery strategies.

A disaster recovery plan is a component of the business continuity plan that is specifically concerned with the procedures required to get each part of the business up and running again after a disaster. The steps and procedures a business must take to resume normal business operations will differ depending on the type of disaster (think flood damage vs. supplier outage), which is why every disaster scenario requires its own plan.

Disaster Recovery Plan Template:

Use our disaster recovery plan template in Word format to help stay on task.

Download Now Instant download. No email required.
Key Elements of a Disaster Recovery Plan
Key Elements of a Disaster Recovery Plan:
  • Purpose, scope, and objectives.
  • Roles and responsibilities.
  • Critical assets and resources.
  • Insurance policies.
  • Document and data backup.
  • Communication plan.
  • Action plan: define recovery procedures.

How to Create a Disaster Recovery Plan:

Before getting started on a disaster recovery plan, you will have to identify the various types of disasters that could affect your business. Each scenario requires its own recovery plan.

1. Define the purpose, scope, goals, and objectives.

Think about what the worst-case scenario would look like. This will help you identify precisely how the disaster may impact your business, which assets and processes will be compromised, and what a reasonable timeframe for recovery would be. Also, specify objectives, such as the minimum operational levels to which the business must be restored as well as the time and effort that should be committed to the recovery process.

2. Define employee roles and responsibilities.

Determine who is responsible for overseeing the execution of the plan and then list the roles and responsibilities of other individuals involved in the implementation process.

Include disaster recovery plans in employee onboarding and training exercises. Your employees should have a good understanding of the plan and the role they will play, including specific tasks and responsibilities. It is always good to do a regular refresher on this topic, especially after a review or update of disaster recovery plans.

3. List assets and resources.

Take stock of all your assets and resources and identify which are critical for restoring operations in the immediate aftermath of a disaster. For each business function that will be impacted by the disaster, identify what their critical resources are and what may be needed as a temporary workaround. Depending on the type of disaster and potential impact, outsourcing certain functions may be a consideration.

Examples of assets and resources:
  • Employees.
  • Workspace.
  • Office equipment and paper records.
  • Technology and IT infrastructure.
  • Production and warehouse facilities.
  • Machinery and equipment.
  • Inventory.
  • Third-party services.

Don't forget to include the cost of the assets and resources. Depending on the type of disaster, you may need to consider whether some resources, such as raw materials and equipment, are likely to be available in the immediate aftermath of the disaster.

Financial preparedness:

Identifying the necessary resources and assets required will give you an idea of the budget required to get back to normal operating levels as quickly as possible. While a comprehensive insurance policy may be in place, always plan for unexpected costs. Inform yourself about loans, grants, and other resources that may be accessible to you so you can react swiftly, should you need to.

In times of crisis, there are often specialized resources made available to help businesses recover. For example, during the current COVID-19 (Coronavirus) pandemic both private and government players have been making different types of support and relief programs available.

See our resource guides for more information:

4. Review insurance policies.

Review your current insurance policies with the resources and assets you listed in the previous step in mind and update them, if necessary. Comprehensive insurance coverage should include both direct and indirect costs related to the disaster.

Small business insurance resources:

To support a quick recovery, try to find out how long it is likely to take for you to receive payouts or replacements in the case of a disaster and what the process is.

5. Review document and data backup.

Identify what documents and data are essential and regularly back these up in a storage system that is not located at or solely dependent on the physical infrastructure at your business premises.

This should be an ongoing process. You will want to make sure that none of your data and essential documents are lost if, for example, a natural disaster destroys filings cabinets and technological equipment or in the case of a server failure or cyberattack.

Depending on your document and data storage needs, you may consider enlisting the services of an information and records management company, such as Access or Crown Records Management. If your business only keeps digital records, you may want to look at using a cloud service, which is a cost-effective and efficient way to keep your data secure.

6. Create a communication plan.

It is important to keep your employees, suppliers, business partners, investors, and customers informed of what you are doing in response to the disaster. To do so efficiently and avoid confusion or miscommunication, you will need to create a communication plan.

Assign roles.

If you have a small business you will likely appoint only one person, often the business owner, to be in charge of all communication. In this case, you should, however, appoint at least one more person as a backup. If you have a larger company, it is best to assemble a team to be in charge of communication.

Collect and maintain essential information.

Collect all information needed for contacting stakeholders as well as to access and manage your company's communication platforms. Stakeholders include employees, investors, lenders, suppliers, customers, etc. Try to have at least two ways of contacting everyone.

Create a task list (who, what, when).

List the various audiences that will have to be contacted, such as employees, suppliers, customers, the surrounding community, investors, etc., along with the key messages for each group and the channels you will use. Include who will be responsible for contacting each group of stakeholders along with a timeframe for different messages to be sent.

Prepare templates.

To ensure that your communication plan is implemented without delay, you can prepare templates for the different types of messages and communication channels. This may include a press release, website notifications, emails, voicemail messages, and social media posts.

7. Create an action plan.

The action plan should contain the specific procedures that must be followed to get all business functions back to the minimum acceptable operating levels. The employees responsible for the recovery process (as listed in step 2) must have a list of clearly defined steps to follow.

Example of general steps:

  • Document losses and damages.
  • Identify what can be salvaged and where there are crucial gaps that take priority.
  • File insurance claims.
  • Execute communication strategy (e.g. communicate with employees, contact suppliers regarding the way forward, inform customers).
  • Implement temporary workarounds (e.g. transition employees to work remotely).
  • Track recovery and report progress.
  • Note what can be improved for future plans.

8. Review and update.

Regularly review and update your disaster recovery plan, especially when there are changes at your company, such as new suppliers and employees, changes to processes or product lines, or a change of location. Ensure that essential information and contact details are always up-to-date.


What are the key elements of a disaster recovery plan?

  • Goals and objectives.
  • Roles and responsibilities.
  • Critical assets and resources.
  • Insurance policies.
  • Document and data backup.
  • Communication plan.
  • Action plan: define recovery procedures.

What is disaster recovery in information technology?

A disaster recovery plan in information technology is concerned with restoring a company's IT infrastructure following a disaster, such as a cyber attack or serv failure.