Disaster Recovery

Disaster Recovery (DR) is the technical side of crisis preparedness: how do you restore data and systems after a catastrophic event (fire, flood, massive cyberattack)? Business Continuity (BC) is the strategic layer: how do you keep operations running during the outage?

This is about the survival of the business. An IT organisation without a functional and tested DR plan is an irresponsible business risk.

Anti-Patterns: The Fatal Hope

Many companies believe that "having a backup" is sufficient. But when it matters, it often turns out that recovery takes days, critical data is missing, or the hardware needed to restore simply isn't available. Without defined time targets (RTO) and data-loss tolerances (RPO), IT is rudderless in a crisis.

Defined Safety

1. RPO (Recovery Point Objective): How much data loss can you absorb? (e.g. "A maximum of one hour's work is lost").
2. RTO (Recovery Time Objective): How quickly do your systems need to be back up? (e.g. "Core operations are back online within 4 hours").
3. 3-2-1 Backup Rule: 3 copies of the data, on 2 different media, with 1 copy stored at an external, physically separate location (Off-site).
4. Immutable Backups: Backups that cannot be modified or deleted after the fact (protection against Ransomware).
5. Regular Recovery Audits: A backup that has never been successfully restored effectively does not exist. You test the real scenario quarterly.

The Focus: Critical Processes

Not everything needs to be back online immediately. You prioritise recovery by business impact: sales and logistics first, internal administrative systems second.

FAQ

What is the difference between backup and Disaster Recovery?

A backup is a copy of the data. Disaster Recovery is the plan and infrastructure to turn that data back into a functioning overall system. Without a plan, data is just useless bytes.

Can't you just set RTO and RPO to zero?

That is technically possible (High Availability across multiple regions), but it is extremely expensive. You need to find an economic balance: what does one hour of downtime cost you, versus what does it cost to prevent that downtime?

Reference Guide

• NIST Guide to Contingency Planning: Official guide for IT contingency planning. nist.gov
• The 3-2-1 Backup Rule: The fundamentals of data protection. Veeam Blog
• ISO 22301: The international standard for Business Continuity Management. iso.org

---

Related Topics

• Technology
• Neuland Index

Open Items

• Add a template for a "Business Impact Analysis (BIA)".
• Link a checklist for the "Disaster Recovery Testing Protocol".