Skip to main content

Every organization relies on technology on a daily basis to operate. While up-to-date technology can improve your efficiency and help avoid problems, even the best technology can fail. So, what happens at your nonprofit when technology fails, whether from a natural disaster, a power outage, or even human error? Does your organization have an IT Backup and Disaster Recovery Plan? And more importantly, will it hold up when disaster strikes?

Having an IT Backup and Disaster Recovery Plan is critical but ensuring that it will be successful goes beyond creating one and keeping it in the files.

In this blog, we will not only discuss the importance of having an IT Backup and Disaster Recovery Plan, but we will also provide some tips on creating one that can keep your nonprofit running, no matter what.

What is an IT Backup and Disaster Recovery Plan?

An IT Backup and Disaster Recovery Plan is a combination of a couple of things. First, it requires a written policy that outlines (operationally) your organization’s information, its importance, your organization’s maximum desired thresholds for downtime (how long can you afford to be down) and retention (how far back you can go), and possibly even quantifies a cost for downtime. Next, like all good plans, you need actual, reproducible steps and procedures that your organization will take in the event of a restoration need or disaster to ensure continuity of business operations. The plan should include steps for identifying and mitigating risks, communicating with employees and stakeholders, restoring data and systems, reviewing everything at least annually, and performing annual exercises to test that your plan will still work as your business evolves. And of course, you also have to determine if you have the actual technology in place to achieve everything you’ve written down in your policy and procedures.

Why is an IT Backup and Disaster Recovery Plan important?

There are several reasons why having a working IT Backup and Disaster Recovery Plan is critical to your organization.

  • Technology by itself isn’t enough: Technology serves your organization, but it’s an operational necessity to define your organization’s backup and recovery needs and create a plan. Put these things in a written policy and set of procedures so you can choose the right technology and ensure it’s configured in a way that conforms to your operational needs.
  • It mitigates your risk: Data can become compromised, corrupted, or deleted in a variety of ways. Whether that’s from a rogue employee, hardware failure, human mistake, a cloud provider with their own issues, or a major disaster. A well-designed plan will mitigate your risk by ensuring you have a roadmap to recovery clearly laid out.
  • It reduces impact: When you need to recover data, having an actual plan in place will make the process quicker and more efficient. Don’t just wing it when it comes to backing up and restoring your data.
  • It’s required for compliance: Chances are you need to comply with some sort of regulation, whether that’s federal (such as HIPAA) or on a state level (some obscure data privacy laws you may not know about). You can read more here: Yes, Regulatory Compliance Applies To Your Organization – Scratchberry

How do you create an IT Backup and Disaster Recovery Plan?

Your IT Backup and Disaster Recovery Plan should be clear, concise and easily understood by everyone in your organization. The cooperation and teamwork of the entire team are critical when it comes to executing the plan in the wake of a disaster.

  • It should identify your important data and risks: You can’t protect anything if you don’t know what data you have, or the risks associated with the availability of that data. A good plan will identify and classify your data as well as risks to the confidentiality, integrity, and availability of that data.
  • It should assess your impact: After you have identified important data and risks, your IT Backup and Disaster Recovery Plan needs to acknowledge (and address) each one, helping you determine how much effort is required to comply with your own written policy.
  • It should have buy-in from your leadership: Having the support of your senior or executive leadership is critical for the success of your IT Backup and Disaster Recovery Plan. Their buy-in ensures that the plan will be respected and enforced and that the appropriate resources are available to support the plan.
  • It should be comprehensive: Once you have an overall policy defined, your IT Backup and Disaster Recovery Plan should include all procedures and steps to restore data and systems under specified conditions or circumstances. Be sure to identify all of your critical systems and data, determine your recovery time objectives, recovery point objectives, and establish your communication and reporting protocols with employees and stakeholders.
  • It should be reviewed and tested often: Test your IT Backup and Disaster Recovery Plan on a regular basis to ensure that it remains effective and that any adjustments can be made as necessary. Inevitably you will find gaps in your plan during these tests, perhaps from a change in staff or technology. By reviewing and testing your plan, you will be prepared for an actual outage.


Having an IT Backup and Disaster Recovery Plan is an essential tool for any nonprofit organization. If your organization doesn’t already have a plan in place, hopefully, this guide will help you create one. If you are a bit overwhelmed at the thought of creating such a vital document, reach out to our support team at today and let our experts help.

— —



Leave a Reply