Skip to content
Back to glossary
Business Continuity

What is DRP (Disaster Recovery Plan)?

The DRP is the documented plan to restore infrastructure and services after a major disaster. A mandatory pillar for regulated organisations in Switzerland.

What a DRP does

The Disaster Recovery Plan (DRP) is the documented set of procedures, fallback infrastructures and responsibilities that enables an organisation to resume IT operations after a major disaster: loss of a datacenter, ransomware attack paralysing the infrastructure, massive data corruption, prolonged unavailability of a cloud provider. The DRP does not cover ordinary incidents (a crashed server, a failing service); it activates only when normal production is inoperable beyond a predefined threshold.

A successful DRP answers four concrete questions: who decides to activate the plan, which fallback infrastructures are available, how to restore each critical application in order, and how to communicate to customers and staff during the crisis.

The components of a solid DRP

Business Impact Analysis (BIA). Mapping of critical applications, business value per hour of outage, target RTO and RPO per scope. This is the foundation: without a BIA, the DRP aligns on intuitions rather than business priorities.

Standby site. Depending on the target RTO, the secondary site is cold (dormant infrastructure to activate manually), warm (pre-installed infrastructure without recent data) or hot (real-time replication, automatic failover). Cost typically varies from 1 (cold site) to 5 (active-active hot site) as a multiple of the primary infrastructure cost.

Restoration procedures. Detailed runbooks per application: service start order, inter-component dependencies, functional validations before declaring service restored. Runbooks must be readable under stress, by someone who did not necessarily design the system.

Communication plan. Who notifies customers, through which channels, in what timeframe. GDPR mandates a notification within 72 hours of a data breach. FINMA requires immediate notification for financial institutions.

Regular drills. An untested DRP is fiction. Recommended minimum cadence: one full failover drill annually, a partial drill quarterly, a theoretical review monthly.

DRP and Swiss compliance

Several regulatory frameworks mandate a DRP in Switzerland:

  • FINMA Circular 2018/3 (operational risk management): documented DRP tested annually for banks and investment firms.
  • nFADP (Swiss data protection act): adequate security measures including availability, hence a DRP proportional to data sensitivity.
  • ISO 27001 Annex A.17: formalised information-security continuity policy, with tested and reviewed plans.
  • Healthcare: RA-ASA, eHealth Suisse require recovery plans for EPD (electronic patient record) systems.

For clients subject to these frameworks, the DRP becomes an audit deliverable, not an optional internal document.

Common pitfalls observed

On Hidora consulting engagements, DRP failures follow recurring patterns:

  1. Untested backups: the policy exists, backups run, but no restore has been validated in 2 years. Typical discovery: a backup format becomes incompatible after a version upgrade.

  2. Forgotten dependencies: the DRP covers applications but not third-party services (external DNS, SaaS authentication, mail provider). In an actual disaster, these dependencies make the procedure unusable.

  3. Updated documentation but stale runbooks: the mapping reflects the ideal state, operational commands date from 18 months ago. At 3 AM, the gap costs 2 hours of RTO.

Related Hidora services

  • Consulting: BIA audit, DRP design, runbook writing, organisation of quarterly drills.
  • Managed Services: operational execution of the DRP with monthly reports and half-yearly drills.
  • SLA Expert: 24/7 on-call intervention during plan activation.
  • RTO, RPO, Sovereign Cloud: related indicators and building blocks.