1. Risk analysis
- identify apps
- identify IT devices ( servers, networking, routers, firewalls, etc. )
- identify business devices ( phones, pabx, etc. )
- assign risk
2. Establish budget
3. Develop plan
- scope / capability
- key roles / responsibilities
- critical services
- recovery objectives
- priorities
- 3rd party contact details
- Data centre provider / ISP
- media handling
- recovery team
- recovery activities / sequence of activities
- pre-requisities / dependencies
- high-end activities
- recovery time objective / recovery point objective
- cold / warm / hot DR