What a DRP is
A Disaster Recovery Plan (DRP) is a document on how to restore IT infrastructure, systems and data after an outage, disaster or cyberattack. The DRP answers "how to bring back the technology and data," whereas a BCP answers "how to keep the whole business going."
DRP vs BCP: the difference
| BCP | DRP | |
|---|---|---|
| What it restores | Whole business processes | IT systems and data |
| Who owns it | Business + management | IT / InfoSec |
| Example | How to replace a missing supplier | How to bring servers back from backup |
The DRP is usually part of the BCP as its technical component. More on the levels — in "BCM, BCP, DRP: the difference".
What a DRP includes
- A list of critical systems and their recovery priorities.
- RTO and RPO for each system.
- Backups: what, where, how often, isolated (offline) copies against ransomware.
- Backup infrastructure: spare capacity, cloud, sites.
- Step-by-step recovery procedures and owners.
- Recovery testing from backups — regularly, not "when it hits".
See how resilient your business really is
13 questions, 5 minutes, free — results on screen and by email.
FAQ
Are a DRP and a BCP the same thing?
No. A DRP is about restoring IT systems and data; a BCP is about whole-business continuity (processes, people, suppliers, communications). A DRP is usually the IT part of a BCP.
How often should a DRP be tested?
At least once a year, and more often for critical systems. The test must include an actual restore from backup, not just confirming the backup exists.
How do I protect backups from ransomware?
Keep isolated (offline or immutable) copies separated from the main network, and verify their recovery regularly.
