Disaster recovery checklist: What you need in your DR budget

With our disaster recovery budget checklist, learn what you need to include in your budget and what budget line items should be included.

By Paul Kirvan, CISA, CISSP, FBCI, CBCP

When developing a disaster recovery (DR) and business continuity (BC) budget, the following assumptions and considerations need to be addressed:

  1. No disaster recovery and business continuity activities exist.
  2. Disaster recovery plans are in place for IT functions only.
  3. Disaster recovery plans are in place for business functions only.
  4. Some departments/divisions have business continuity plans.
  5. Management support for BC/DR activities does/doesn't exist.
  6. The department is currently conducting business impact analyses (BIAs) and/or risk assessments.
  7. The department is currently developing and implementing BC/DR plans that meet the needs of the organization.
  8. An emergency operations center does/doesn't exist.
  9. BC/DR policies and procedures are in place and approved by senior management
  10. A crisis management process and plan does/doesn't exist.
  11. An enterprise risk assessment for the board and/or senior management has been/has not been completed.

Budget line items checklist

Controlling IT disaster recovery costs: A DR budget guide
An introduction to IT disaster recovery costs

Funding your IT disaster recovery and business continuity program

Disaster recovery checklist: What you need in your DR budget 

A disaster recovery template: A free downloadable budget plan 

 

The following disaster recovery checklist provides a selection of typical disaster recovery and business continuity budget line items. Clearly some of the items on the table will not apply to every organization. Smaller organizations may not have the same types of budget line items in their organization as a larger enterprise. Still, this disaster recovery checklist will give you a good idea of typical budget line items to include in your disaster recovery budget regardless of the size of your company.

In addition, it may be useful to group various items under specific headings, such as disaster recovery/business continuity program office or program management.

Budget Item

Jan.

Feb.

March

April

Salaries -- Full-Time

 

 

 

 

Salaries -- Part-Time

 

 

 

 

Consultants/Contractors (Business Focus)

 

 

 

 

Consultants/Contractors (IT Focus)

 

 

 

 

Program Office

 

 

 

 

Hot Site/Cold Site

 

 

 

 

Alternate Office Space

 

 

 

 

Internal Recovery Site(s)

 

 

 

 

Data Backup and Recovery

 

 

 

 

Risk Analyses

 

 

 

 

Business Impact Assessments

 

 

 

 

Plan Development/Updating

 

 

 

 

Plan Exercising

 

 

 

 

Training/Awareness

 

 

 

 

Notification/Alerting Systems

 

 

 

 

Emergency Communications

 

 

 

 

Mobile Recovery

 

 

 

 

DR Technology

 

 

 

 

Emergency Response

 

 

 

 

Emergency Operations Center

 

 

 

 

Emergency Supplies (disaster kits)

 

 

 

 

Incident Management

 

 

 

 

Auditing/Compliance/Maintenance

 

 

 

 

Records Management

 

 

 

 

Staff Training and Education

 

 

 

 

Staff Attendance at Conferences

 

 

 

 

Publications/Subscriptions

 

 

 

 

Professional Memberships

 

 

 

 

Professional Certifications

 

 

 

 

Webinars/Podcasts

 

 

 

 

BC/DR Software

 

 

 

 

Emergency Disaster Funds

 

 

 

 

Office Space

 

 

 

 

Remember that the disaster recovery budget process, as well as the entire disaster recovery and business continuity organization in your firm, exists to accomplish several key activities.

Make sure you factor in the following key activities in the disaster recovery checklist below:

  • Develop and implement DR/BC plans that facilitate the timely recovery of critical business functions and IT facilities following a major disruption or disaster.
  • Develop policies, procedures and compliance activities to address all BC/DR and security requirements.
  • Develop, document, exercise and maintain plans to ensure survival of the business and minimize the negative impact of business and technology disruptions.
  • Identify and assess potential risks to the enterprise and its operations, technology infrastructure, business processes and people.
  • Identify and assess potential vulnerabilities to the enterprise and its operations, technology infrastructure, business processes and people.
  • Design and deploy cost-effective emergency mechanisms that can quickly recover business and technology operations.
  • Develop and deploy training and awareness programs so that all employees are fully aware of their responsibilities and commitments.
  • Establish and maintain liaison with external parties such as customers, vendors, insurers, emergency first responders, regulators, financial institutions, etc.
  • If external recovery facilities (e.g., hot sites) are used, ensure they are secure and that systems are prepared for emergency activation.
  • Develop a capability to optimize media relations so as to minimize adverse publicity and negative business implications.

Click here to go to the next part of our guide and download our free IT disaster recovery planning budget template.

This was first published in March 2010

Dig deeper on Disaster Recovery Planning-Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSolidStateStorage

SearchVirtualStorage

SearchCloudStorage

SearchDataBackup

SearchStorage

Close