BP Perspective Insights from a Business Partner

3 Key Areas That Should Be in Your IT Disaster Recovery Runbook

With a growing number of adverse events, from power outages to cybersecurity breaches to terrorist attacks, it seems that anything could halt a law firm’s operations. For this reason, it can be difficult to design a good IT disaster recovery (IT-DR) strategy that addresses all likely and unlikely scenarios. A key part of a robust IT-DR plan is preparing a comprehensive runbook and testing its effectiveness.

Jeff Ton

A runbook is a script for your IT team and your law firm to follow when returning IT operations to normal after a breach or disaster event. The goal is to delineate steps and responsibilities for everyone who is involved — or could be involved — so that when a disaster strikes, the recovery process will run smoothly and quickly.

As a starting point, here are three key areas to include in a runbook to ensure your firm is completely covered.


To construct a good runbook, you must begin with the IT-DR plan itself. Examine what your current recovery capabilities are versus what you’d like to do. If your data contains archived data, it could take days to weeks to recover. For this reason, many law firms have various solutions for their differing types of data.

Start with an architectural diagram of the whole IT systems setup, illustrating how each is supposed to communicate with the other. Configuration details are key to successful recovery, so note any special environments, such as VPN tunnels, networking and connectivity logistics, so team members will know what to do in both full and partial failover scenarios. When you’re in the IT-DR environment, how is it secured? Your runbook should note all security services, such as antivirus, firewalls and intrusion prevention system, as well as how to check if these are, indeed, secured.

Also, include all important links to access your environment, including password vaults, URLs for Software as a Service (SaaS) applications like Office 365, etc. Given the disaster type and scope, you may be in a failed-over environment for a while, so make sure end users will have everything they need to know during this period.

With delineated roles and processes in place — and regularly tested — to prop up your IT systems after an event, you should trust that things will work as expected.


Keep in mind that IT-DR should be integrated into your overall business continuity plan. Any number of scenarios can occur to take your IT systems offline, so it’s imperative to plan for several event types in your runbook.

Fast recovery depends on a clear process and order of operations. This demands each application and dataset are organized correctly. To know where to put each dataset, order them by importance and then map them to specific recovery times — that way, the crown jewels receive prioritized attention. Keep in mind what service-level agreements (SLAs) you’d like to hit and how you’ll be able to verify these goals. What are the managing partners’ expectations? Look beyond the technical aspects of a recovery time objective (RTO), as your partners are ultimately concerned with how long it will take to return applications to end users again. Use that return-to-end-user time as your RTO estimate instead.


Within the opening section of the runbook, list all relevant contacts, including IT personnel, executives, board members, vendors, etc. You also want to include alternate email addresses and phone numbers for all responsible parties, so they can be reached if the on-premises systems go down.

Note who makes decisions and how for each step of the declaration and recovery process — as well as who will make decisions in that person’s absence. Events like weather-related disasters could render key IT personnel unreachable because they will be focused on their family’s safety rather than the business. A runbook should be written in a digestible but detailed manner so that anyone inside or outside the firm can execute the process without extensive IT knowledge.

Your firm should also have a central communications team to handle all client- and public-facing communications during an event, as your IT team will not have the bandwidth to do this while trying to recover the IT systems and data. How do you notify marketing and PR to issue press releases or other relevant damage-control responses? Note these items in the runbook, too.


These tips are, of course, not the only aspects that go into a runbook development, but they are a good starting point. A runbook should provide your IT team and firm with confidence. With delineated roles and processes in place — and regularly tested — to prop up your IT systems after an event, you should trust that things will work as expected. Ultimately, a runbook’s goal is to provide clarity in a period when many people will not be thinking clearly. Depending on the disaster type, there will often be high anxiety and pressure for hasty action, in which case a runbook is intended to mitigate these pain points.