[Articles](/articles.html)>[Cybersecurity](/articles.html#cybersecurity-articles)> What is a disaster recovery plan?

# What is a disaster recovery plan?

December 25, 2022 • 6 minutes
Written by[Michael Feder](/blog/authors/michael-feder.html)

Reviewed by [Kathryn Uhles](/about/academic-leadership/dean-kathryn-uhles.html), MIS, MSP, Dean, College of Business and IT

From cyberattacks to crashing servers to extended power outages, technology has vulnerabilities that can have far-reaching effects. This is especially true for businesses. Organizations that rely on technology not only have to work to mitigate risk for such disruptions, but they also need a plan of action for if and when such interruptions occur.

## What is the importance of a disaster recovery plan?

A disaster recovery plan offers step-by-step instructions for protecting and recovering vital systems and data. Unplanned downtime can significantly impact business operations, not to mention an organization’s bottom line. A study by Deloitte, one of the world’s largest accounting firms, revealed that some companies that experienced a cyberattack saw, on average, a[full-level downgrade](https://daily.financialexecutives.org/a-deeper-look-at-the-financial-impact-of-cyber-attacks)in their credit rating.

Getting ahead of disasters like cyberattacks — and recovering quickly when they occur — is the primary goal of a recovery plan. Its importance cannot be understated. With recovery protocols in place, a business can:

- Maintain mission-critical continuity during and after disruptive situations
- Provide superior customer-service experiences
- Prepare cybersecurity professionals to react quickly to hardware, software and network failures
- Minimize the impact of interruptions on operations
- Reduce the economic impact of the interruption on a business’s financial health
- Establish and test alternative ways to conduct business during a crisis
- Train employees on emergency procedures, empowering them to keep calm during tense times
- Create a plan for quick and efficient service restoration

## How does a disaster recovery plan differ from a contingency plan?

Many businesses debate which is more important — a contingency plan or a plan to recover after a disaster. The truth is both are necessary for an overall business continuity plan.

Both involve proactive strategies that reduce negative impact of a disaster before, during and after one happens. Both are crucial for businesses that must survive during inclement weather, pandemics and cybersecurity threats. The differences, however, are key.

While similar, disaster recovery and business continuity plans serve different purposes. In short, the goal of a contingency plan is to keep everything running during a disaster. Disaster recovery, however, works to restore operations to normal after a disaster.

Contingency plans guide overall operations and primarily focus on the functionality of IT systems and reducing downtime. Disaster recovery focuses on IT-related issues, like recovering data and restoring critical systems after[cyberattacks](https://www.phoenix.edu/articles/cybersecurity/how-to-prevent-cyber-security-attacks.html).

## Do I need both a disaster recovery and a contingency plan?

Many companies include disaster recovery within their overall contingency plan. The two plans complement each other. A business needs a contingency plan to remain operational when issues arise _and_ a disaster recovery plan to implement the crucial IT elements of that plan.

## Who needs a disaster recovery plan?

Any company that uses computers or relies on technology needs to plan for disaster recovery. A breakdown in business operations can result in unexpected costs, lost revenue, unhappy customers and a tarnished reputation. The longer it takes to recover, the bigger the impact on operations. With a plan in place a business can bounce back more quickly from a crisis, regardless of where, how or when one occurs. Any company focused on prevention that sees the value in getting ahead of disasters needs to develop a disaster recovery plan.

## What should a disaster recovery plan include?

An effective plan depends on the business’s size, scope and operations. The specific procedures and measures will depend on the business needs and long-term goals, but generally should include:

- Appointing on-site employees to specific roles and responsibilities during a crisis to establish redundancies and reduce errors
- Ensuring contingencies when responsible individuals are unavailable
- Updating IT and application inventory regularly, including hardware, software and cloud-based services
- Creating [network maps](https://www.techopedia.com/definition/4993/network-map), backups and policies for rapid recovery of systems and data loss
- Detailing how, when and where all IT resources are backed up
- Documenting all emergency-response procedures for any situation, such as fire, natural disasters and cyber threats
- Listing step-by-step backup operations procedures to keep essential data processing and IT tasks running
- Outlining recovery actions to initiate rapid systems restoration
- Testing the plan regularly and practicing dry runs with employees to ensure they understand their responsibilities
- Holding debriefings after recovery from a disruption and documenting what was learned

## How to develop an effective disaster recovery plan

Developing an effective plan for disaster recovery begins with analyzing security risks, so impact analysis and risk assessment skills are needed to understand and predict potential hazards. Be sure to look beyond IT. Consider infrastructure and geographical risk factors, as well as the critical technology needs of each department.

From there, following the bullet points listed above will provide a good start developing a plan tailored to an organization.

## Who is responsible for developing a plan for disaster recovery?

There should be responsible primary point of contact who can develop, deploy and manage a plan.

Some companies, especially smaller businesses, hire contractors or consultants to do this. Others have an in-house information manager who is in charge during a crisis. Either way, it takes skilled professionals who have experience in technology and education in [computer information systems](https://www.phoenix.edu/articles/it/what-is-cis-computer-information-systems.html) to lead a company out of whatever storm occurs and into a safe harbor of restored data and operations.

## Learn about disaster recovery plans and other IT essentials

If you’re interested in learning more about disaster recovery plans, seeking to gain a basic understanding of information technology or cybersecurity, or  are a working professional looking to expand your skills, University of Phoenix offers:

- [Bachelor of Science in Information Technology](https://www.phoenix.edu/online-information-technology-degrees/information-technology-bachelors-degree.html)
- [Bachelor of Science in Cybersecurity](https://www.phoenix.edu/online-information-technology-degrees/cybersecurity-bachelors-degree.html)
- [Master of Science in Cybersecurity](https://www.phoenix.edu/online-information-technology-degrees/cybersecurity-masters-degree.html)

Contact a University of Phoenix admissions representative [for more information](https://www.phoenix.edu/request/request-information).

---

Read more articles like this:

- [What Is Data Governance?](/articles/cybersecurity/what-is-data-governance) — Online Degrees | September 22, 2023 • 7 minutes

- [Common Cybersecurity Interview Questions and Answers](/articles/cybersecurity/common-cybersecurity-interview-questions-and-answers) — Online Degrees | March 13, 2026 • 8 minutes

- [Essential cybersecurity skills for professionals](/articles/cybersecurity/essential-cybersecurity-skills-for-professionals) — Online Degrees | April 12, 2023 • 7 minutes

### ABOUT THE AUTHOR

A graduate of Johns Hopkins University and its Writing Seminars program and winner of the Stephen A. Dixon Literary Prize, Michael Feder brings an eye for detail and a passion for research to every article he writes. His academic and professional background includes experience in marketing, content development, script writing and SEO. Today, he works as a multimedia specialist at University of Phoenix where he covers a variety of topics ranging from healthcare to IT.

### ABOUT THE REVIEWER

Currently Dean of the College of Business and Information Technology, Kathryn Uhles has served University of Phoenix in a variety of roles since 2006. Prior to joining University of Phoenix, Kathryn taught fifth grade to underprivileged youth in Phoenix.

This article has been vetted by University of Phoenix's editorial advisory committee.   
[Read more about our editorial process.](/blog/editorial-process.html)