BCP and DRP Development

Disaster recovery plans (DRP) seek to fast redirect available resources into restoring data and information systems following a disaster. A disaster can be classified as a sudden event, including an accident or natural disaster, that creates wide scoping, detrimental damage. In information management, DRPs are considered a critical subset of an entity’s larger business continuity plan (BCP), which seeks to prepare for, prevent, and recover from potential threats affecting an organization. While BCPs address all facets of an organization, DRPs specifically focus on technology. DRPs provide instructions to follow when responding to various disasters, including both cyber and environment-related events. DRPs differ from incident response plans that focus on information gathering and coordinated decision making to understand and address a specific event.

When DRPs are properly designed and executed they enable the efficient recovery of critical systems and help an organization avoid further damage to mission-critical operations. Benefits include minimizing recovery time and possible delays, preventing potential legal liability, improving security, and avoiding potentially damaging last minute decision making during a disaster.

Apart from their specific focus on technology, DRPs and the process for developing them are no different than the range of emergency response protocols and backup plans that election officials have already developed to address potential issues or disruptions. The lessons learned from those exercises are often valuable to DRP development. Election officials develop these plans due to the potential risk impacts during key operational periods, such as the last day for voter registration or candidate filing, and election day. For example, if all voting machines were damaged during a flood while in storage just before an election, having an effective DRP could minimize the impact and reduce recovery time.