Disaster Recovery Plan Template for Small Business UK
Every UK business — no matter how small — needs a disaster recovery (DR) plan. Yet the majority of SMEs don't have one. According to a UK Government survey, only around a third of businesses have formal incident response plans, leaving two-thirds vulnerable to prolonged downtime if something goes seriously wrong.
This guide provides a practical disaster recovery plan template designed specifically for UK small businesses. You can adapt it to your own organisation, fill in the blanks, and have a working DR plan in place within a day.
What Is a Disaster Recovery Plan?
A disaster recovery plan is a documented set of procedures that tells your team exactly what to do when a major IT incident occurs. Its purpose is to minimise downtime, limit data loss, and get your business back to normal operations as quickly as possible.
A DR plan covers scenarios like:
- Server or infrastructure failure
- Ransomware or cyberattack
- Data loss or corruption
- Office inaccessibility (fire, flood, power outage)
- Cloud service outage
- Key personnel unavailability
It's a subset of your broader business continuity plan, focused specifically on IT systems and data recovery.
Disaster Recovery Plan Template
Use the following sections as your starting framework. Fill in each section with details specific to your business.
Section 1: Business Overview
- Company name: [Your company]
- Plan owner: [Name and role of the person responsible for maintaining this plan]
- Last reviewed: [Date]
- Next review due: [Date — review at least annually]
Section 2: Critical Systems Inventory
List every IT system your business depends on, ranked by priority:
| System | Provider | Priority | RTO | RPO |
|---|---|---|---|---|
| Email (Microsoft 365) | Microsoft | Critical | 4 hours | 24 hours |
| CRM | [Provider] | Critical | 4 hours | 4 hours |
| Accounting | [Provider] | High | 8 hours | 24 hours |
| File server | [Internal/Cloud] | High | 8 hours | 24 hours |
| Phone system | [Provider] | Critical | 2 hours | N/A |
RTO = Recovery Time Objective (how quickly must this system be restored?)
RPO = Recovery Point Objective (how much data loss is acceptable?)
Section 3: Key Contacts
Maintain an up-to-date contact list for everyone involved in disaster recovery:
- Internal DR lead: [Name, mobile, email]
- IT provider / MSP: [Company, phone, support email, account number]
- Internet provider: [Company, phone, account number]
- Phone system provider: [Company, phone, account number]
- Cloud backup provider: [Company, phone, account number]
- Insurance company: [Company, phone, policy number]
- Key staff contacts: [Names, mobiles — especially those who can work remotely]
Store this list both digitally (in a secure cloud location) and as a printed copy kept off-site.
Section 4: Backup Details
- Backup solution: [Software/service name]
- Backup frequency: [Daily, hourly, continuous]
- Backup locations: [On-site NAS, cloud provider, off-site location]
- Retention period: [e.g., 30 days daily, 12 months monthly]
- Last successful test restore: [Date and outcome]
- Encryption: [Yes/No — in transit and at rest]
Section 5: Recovery Procedures
Document step-by-step procedures for each major scenario:
Scenario A: Server or Hardware Failure
- Confirm the failure and identify affected systems.
- Contact IT provider / MSP support line.
- Initiate restore from local backup (NAS or backup server).
- If local backup is unavailable, initiate cloud restore.
- Verify restored data integrity.
- Communicate status to affected staff.
Scenario B: Ransomware Attack
- Disconnect affected devices from the network immediately.
- Do NOT pay the ransom.
- Contact IT provider and report the incident.
- Report to Action Fraud (0300 123 2040) and the ICO if personal data is affected.
- Identify the ransomware variant (your IT provider can assist).
- Wipe and rebuild affected devices from clean images.
- Restore data from the most recent clean backup (verify backup integrity before restoring).
- Conduct a post-incident review.
Scenario C: Office Inaccessible
- Activate remote working plan — staff work from home using laptops and cloud services.
- Divert phone lines to mobiles or a cloud-based phone system.
- Communicate with clients and suppliers about temporary arrangements.
- If prolonged, arrange temporary office space.
Section 6: Communication Plan
- Internal notification — who informs staff, and through which channel (email, WhatsApp group, phone tree)?
- Client notification — template email or message for informing clients of service disruption
- Regulatory notification — if personal data is breached, notify the ICO within 72 hours
- Social media / website — who posts a service status update if needed?
Section 7: Testing and Maintenance
- Full DR test: annually (simulate a complete recovery scenario)
- Backup restore test: quarterly
- Plan review: annually, or after any major IT change, staffing change, or incident
- Contact list update: quarterly
Tips for Making Your DR Plan Effective
- Keep it simple — a 3-page plan that people actually follow beats a 50-page document nobody reads
- Make it accessible — store it in a cloud location accessible even if your office is down, plus keep a printed copy off-site
- Assign clear owners — every action should have a named person responsible
- Test regularly — an untested plan is just a wish list
- Include your IT provider — your managed IT support provider should be involved in both creating and testing the plan
Need Help Building Your DR Plan?
A managed IT provider can help you build, test, and maintain a disaster recovery plan tailored to your business — including backup infrastructure, monitoring, and guaranteed response times. Get a free IT quote from vetted UK providers.
Need IT Support?
Build a disaster recovery plan with expert IT support — protect your business from downtime.
Get a Free IT Quote