The key elements are to analyze the risk. First there must be a list of all the possible risks that threaten system uptime and evaluate how imminent they are in your particular IT shop. Anything that can cause a system outage is a threat, from relatively common manmade threats like virus attacks and accidental data deletions to more rare natural threats like floods and fires. Determine which of the hearts are the most likely to occur and prioritize them using a simple system: rank each threat in two important categories, probability and impact. In each category, rate the risks as low, medium, or high. Next is to establish a budget. Once the risk has be assessed, the question remains can it be suppressed, and how much will it cost?' Can the threat be detected before it hits? What is the potential of it occurring? How can the impact to the business be reduced? Asking these questions will help to determine the budget. The next step would be to develop the plan with the information obtain to this point. The final step is to test the plan. Once your DRP is set, test it and test it frequently. Eventually, performing a component-level restoration of the largest databases to get a realistic assessment of they recovery procedure, but a periodic walk-through of the procedure with the Recovery Team will assure that everyone knows their roles. Test the systems that are going to be used in recovery regularly to validate that all the pieces work. Always record test results and update the DRP to address any shortcomings.
As the business environment changes, so should your DRP. Reexamine the plan every year on a high level: Does the plan still need every part or does it need to be added? Will the budget need to be adjusted to accommodate changes to the plan? As applications, hardware, and software are added to the network, they must be brought into the plan. New employees must be trained on recovery procedures. New threats to business seem to pop up every week and a sound DRP takes all of them into account.
The five methods of testing a Disaster Recovery Plan are performing a structure walk-through test, go over the checklist test, do a simulation test and a parallel test. This is performed in conjunction with either the checklist test or the simulation test. The final test is the full-interruption test; this test activated the total disaster recovery plan. DRP requires testing to prepare for disasters and things that could occur during normal operation.
Resources:
Gregory, Peter H. (2008). IT Disaster Recovery Planning for Dummies. Wiley Publishing, Inc.
Cummings, E., Haag, S., & McCubbrey D. (2005). Management Information Systems for the Information Age.