Why Every Organization Should Have a Disaster Recovery Plan

/in , /by

By David Strickland, COO of Kenton Brothers

Why Every Organization Should Have a Disaster Recovery PlanDisasters don’t wait for a convenient time. They don’t send a calendar invite. They arrive suddenly—sometimes in the form of a cyberattack, a building fire, a devastating flood, a tornado, or even the unthinkable like an active shooter situation.

Every organization, whether large or small, faces risks from events that could disrupt operations and put people, property, and reputations in jeopardy.

The difference between surviving and stumbling often comes down to one thing: a solid disaster recovery plan.

At Kenton Brothers Systems for Security, we’ve seen this firsthand. When a massive flood struck our Kansas City headquarters, our team didn’t panic, we went into action. That’s because we had a disaster response plan already in place. Everyone knew their role, everyone knew who backed them up, and we had the processes to stabilize the situation and continue serving our customers.

This experience reminded us: preparation isn’t optional. It’s essential.

Why Disaster Recovery Planning Matters

  • Protects People – First and foremost, your plan safeguards your employees, customers, and visitors.
  • Ensures Continuity – Your customers rely on you. Downtime is costly both in dollars and reputation.
  • Minimizes Losses – Every hour lost without a plan can multiply financial damage.
  • Strengthens Reputation – Companies that respond swiftly are seen as professional and trustworthy.
  • Fulfills Legal & Regulatory Requirements – In many industries, a written and tested plan is not just smart—it’s required.

What Every Disaster Recovery Plan Should Include

Disaster Recovery PlanAn effective plan isn’t a binder collecting dust. It’s a living, trained, and tested document. Here’s what yours should contain:

1) Comprehensive Risk Assessment

Identify the types of disasters most likely to affect your organization. Be sure to include:

  • Natural Disasters  Flood, tornado, earthquake, severe storms, fire.
  • Technological Disasters  Cyberattacks, data breaches, power outages, system failures.
  • Human Threats  Workplace violence, active shooter events, theft, sabotage.
2) Defined Roles & Responsibilities

Every role must be clearly spelled out:

  • Incident commander / leadership team.
  • Safety officer (responsible for evacuation & headcounts).
  • IT recovery lead.
  • Facilities manager.
  • HR & employee communications.
  • Customer communications lead.
  • Media spokesperson – someone trained to talk to the press in a professional, consistent manner.

Backup personnel are essential. If the primary person is affected by the disaster, the backup must be able to step in immediately.

3) Emergency Communication Plan
  • Internal: text alerts, phone trees, email distribution lists.
  • External: customer updates, vendor notifications, and media messaging.
  • Designate communication channels and ensure redundancy (in case phone lines or internet are down).
4) Evacuation and Shelter Procedures

Clear maps, rally points, and accountability processes. Train employees regularly.

5) IT & Data Recovery
  • Cloud backups.
  • Offline storage.
  • Recovery point objectives (RPO) and recovery time objectives (RTO).
  • Testing restores at least twice a year.
6) Vendor and Partner Coordination

Pre-arranged agreements with recovery vendors (like SERVPRO after our flood) save time and stress.

7) Press and Public Relations Protocol
  • Identify a single, trained spokesperson.
  • Prepare holding statements in advance.
  • Ensure messaging is clear, calm, and fact-based.

Training and Execution

A plan is only as strong as the people behind it.

  • Annual Training – Every employee should be familiar with the basics of the plan.
  • Tabletop Exercises – Walk through scenarios to test decision-making.
  • Full Drills – Fire, evacuation, cyberattack simulations.
  • Cross-Training – Backups shadow primaries so they’re ready to step in.

When the flood hit Kenton Brothers, our people didn’t just know what to do—they had practiced it. That’s why we were able to keep protecting people, property, and possessions even in the middle of chaos.

Reviewing and Updating the Plan

A disaster recovery plan isn’t “set it and forget it.” It should be reviewed and updated annually to:

  • Account for staff turnover.
  • Adjust for new technologies or systems.
  • Incorporate lessons learned from real events or exercises.
  • Meet changing regulatory requirements.

 Tips & Tricks for Success

  1. Keep It Simple  A plan that’s 200 pages long won’t be used in an emergency.
  2. Use Checklists  Easy-to-follow checklists reduce stress when adrenaline is high.
  3. Store Copies Everywhere Digital, cloud, printed copies offsite.
  4. Empower Everyone Even new hires should know the basics.
  5. Learn from Others Study responses from other organizations, both successes and failures.

Every organization, from schools and hospitals to small businesses and global corporations, needs a disaster recovery plan. The type of disaster may differ, but the need for structure, communication, and leadership is universal.  At Kenton Brothers Systems for Security, we experienced this reality when floodwaters entered our building. Our ability to keep going wasn’t luck, it was preparation.

Don’t wait for disaster to force your hand. Write the plan, train the plan, execute the plan, and review the plan. Because when, not if, disaster strikes, your people, your customers, and your community will be counting on you. If you need help, give us a call.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply