Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

How to Write a Disaster Recovery Plan (And Why You Need One)

how to write a disaster recovery plan

about the author

Share this post

Whatever form a disaster takes, the best way to deal with it is to be prepared by turning to a well-thought-out Disaster Recovery plan. Staying cool and calm under pressure is much easier when you have someone (or thing) to guide you through a bad situation. Disasters take many forms from natural disasters to cyberattacks and accidents.

Cyber-attacks, such as ransomware, can be disastrous for a company, often halting work altogether. The impact from accidental document losses or a malicious security breach can be serious, including lost reputation, regulatory fines, and system and business downtime. Creating an actionable business continuity plan gives an organisation the best possible chance to minimize any impact of a disaster such as a flood, fire, or cyber-attack and reduce the recovery time.

Here is our guide to what a Disaster Recovery plan is and how to write one.

What is a Disaster Recovery Plan?

In the Hitchhiker’s Guide to the Galaxy, the Encyclopaedia Galactica begins with the words “Don’t Panic”. An effective Disaster Recovery plan (DR) doesn’t need to have those words emblazoned across its cover because it is a reasoned go-to guide to dealing with a disaster. A DR plan is an organisation’s documented instruction guide to responding to incidents including natural disasters such as floods, power outages, cyber-attacks, data loss, and so on. The plan presents a series of strategies that help to minimise the impact of a disaster; the goal being to maintain business operations and to resume work as soon as possible.

Why Do You Need to Write a Disaster Recovery Plan?

Bad things do happen and often without warning, resulting in widespread disruption. The 2015-2016 UK storms, for example, resulted in a £1.6 billion economic impact, with businesses spending over £500 million on flood damage. Cyber-attacks are also a disaster waiting to happen: in 2020, 65% of medium-sized businesses experienced a cyber-attack, according to a 2021 DCMS survey. Insider threats can be disastrous too, with costs surging, according to The Ponemon Institute: the last 12 months has seen the average annual cost of an insider breach rise by 31% to $11.45 million (£8.27 million).

Disasters are often unavoidable, but they can be managed to minimise their impact – this is where the Disaster Recovery plan comes in. A DR plan is designed to:

  • Limit the impact of the disaster on the business
  • Minimise the impact on business processes and operations
  • Minimise any physical or cyber-damage
  • Reduce the costs associated with the disaster
  • Train staff, vendors and stakeholders in the processes identified to mitigate disasters
  • Identify ways of working while the disaster is being dealt with
  • Post-disaster recovery procedures

How to Write a Disaster Recovery Plan

Disaster Recovery plans are typically comprised of five key components:

  1. Roles and responsibilities
  2. What are the risk areas?
  3. Carry out a Business Impact Assessment (BIA)
  4. Asset audit
  5. Data backups

Roles and responsibilities

Create a DR team that will be responsible for developing and maintaining the DR plan. Identify the key personnel involved in carrying out the duties involved in dealing with, and recovering from, a disaster. Effective dissemination of information and robust channels of communication are essential to an effective DR plan. Place personnel details, including contact and backup contact information, into an easily accessible log in the DR plan. This will be your master list of contacts. You should also build a backup team of contacts.

All employees must be informed about the DR plan and who is responsible for executing the plan in the event of a disaster. This will form part of a wider training program in disaster planning for all employees to understand what happens in the event of a disaster.

What are the risk areas?

Define the risk areas associated with a disaster. This typically breaks down disasters into types, e.g., natural, human-created, technology-related. Each type of disaster would typically have its own mitigation strategies. Outline what these mitigation strategies are and how each is implemented.

Carry out a Business Impact Assessment (BIA)

The effective management of a disaster requires prioritisation. A Business Impact Assessment (BIA) looks at the types of business activities and maps these to risk levels in terms of how critical they are to the company’s continued operations. This is mapped to the resource requirements of critical business operations that are needed to ensure operational resilience and continuity when the business is disrupted. In terms of disaster planning, a Disaster Recovery plan would typically focus on key business areas such as revenue generation and payroll. The goal, however, is to get full operations up and running as quickly as possible.

Asset audit

As part of a wider impact assessment, the DR plan should provide an audit of the most impactful applications, documents, hardware, etc., and their criticality to business operations. This is an ongoing process as these items can quickly change.


Having data backups of key and sensitive documents is a fail-safe. Documents that are essential to a business can be lost or damaged in a disaster or encrypted in ransomware attacks. Ensure your policy includes a backup and recovery strategy that covers the following checklist:

  • Who is responsible for data backups?
  • What to save and how often to perform backups
  • How to save it (type of backup system used – this is especially important for ransomware resistance)
  • How to test the backup system and how often to test
  • How to recover from backups

It is also important to remember that a Data Recovery plan is a living document that should be updated regularly. Creating a robust DR plan is an intensive process that dives into the weeds of your organisation and how you will cope in a worst-case scenario. It has many business-critical parts and collaboration with third-party experts should be considered to ensure a best-fit plan.

Is Your Disaster Recovery Plan Ready?

Every Disaster Recovery plan is unique to an organisation: a DR plan drills down into the core of an organisation’s business and how it operates. But a Disaster Recovery plan has people at its heart. Staff training on the implementation of the principles of a Disaster Recovery plan is vital to ensure that the plan is carried out effectively. Our staff are the means to avert a disaster, but they need to be made fully aware of their role to avert or minimise the impact of that disaster.

Key Steps to Effective Data Breach Management

Other Articles on Cyber Security Awareness Training You Might Find Interesting