Disaster Recovery Planning for 10–30 Person Businesses: A Practical Template

A disaster recovery plan doesn't need to be a 50-page document. A 15-person business only needs 4–6 clear pages and one practice run to be genuinely prepared.

---

Why 80% of SMBs Don't Have a Recovery Plan

We've asked over 50 business owners in Da Nang the same question:

"If your main server failed at 8 a.m. on a Monday, who does what in the first 30 minutes?"

Most hesitate. Some say "call IT." When asked "call who exactly?", they reach for a notebook to find the number.

That is evidence of no plan.

No plan = chaos + wasted time + wasted money

A 2025 study found: businesses with a documented recovery plan recover 60% faster than those without — with the exact same backup infrastructure.

---

The Two Most Important Metrics: RTO and RPO

Before writing a plan, you need to define two numbers:

RTO — Recovery Time Objective

"How long can we afford to be down?"

Examples:

• Accounting firm: RTO = 4 hours (client deadlines)
• Restaurant with POS system: RTO = 2 hours (dinner service starts at 5 p.m.)
• Small construction company: RTO = 1–2 days (less IT-dependent)
• E-commerce platform: RTO = 30 minutes (every minute = lost revenue)

RPO — Recovery Point Objective

"How much data can we afford to lose?"

Examples:

• Financial transactions: RPO = 0 (cannot accept losing any transaction)
• HR data: RPO = 1 day (nightly backup is sufficient)
• Design files: RPO = 1 day (infrequent changes, recovering yesterday's version is acceptable)

Exercise: Fill in this table for your business:

System / Data	RTO (max downtime)	RPO (max data loss)
Email (Microsoft 365)	_____	_____
File server / NAS	_____	_____
Accounting software	_____	_____
Website / e-commerce	_____	_____
Customer data / CRM	_____	_____

---

Simple DRP Structure for an SMB

A recovery plan doesn't need to be complex. The minimum structure:

Section 1: Emergency Contact Directory

Who to call, in what order:

Role	Name	Phone	Email	When to Contact
IT Provider (Vietify IT)	_____	0914 985 772	support@vietify.vn	Immediately on any incident
Director / Business Owner	_____	_____	_____	Within 15 minutes
Accounting Manager	_____	_____	_____	If financial data is affected
Internet Service Provider	_____	_____	_____	If connectivity is lost
Cyber Insurance Company	_____	_____	_____	For serious incidents

Section 2: Incident Classification

Helps staff categorise severity immediately:

Level 1 — Minor Incident (1 person, 1 system)

• Individual laptop failure → IT department handles
• Accidental file deletion → Restore from local backup
• Application crash → Restart

Level 2 — Moderate Incident (1 server, 1 department)

• Main file server fails → Activate server recovery plan
• Internet lost → Switch to mobile hotspot, notify ISP
• Microsoft 365 email inaccessible → Check Microsoft status, contact IT

Level 3 — Disaster (full system, data encrypted)

• Ransomware → Shut down all computers, contact IT emergency line IMMEDIATELY
• Fire / flood / physical damage → Evacuate, ensure safety, then contact IT
• Mass hardware failure → Activate full DRP

Section 3: Recovery Procedures by System

If a User's Computer Fails:

1. Call IT: _____ (phone number)
2. Provide computer name and describe symptoms
3. IT will provide a spare machine within _____ hours
4. Data restored from OneDrive / NAS backup within _____ hours

If the NAS File Server Fails:

1. Call IT: _____ (phone number) — 24/7
2. Do not attempt to power cycle the device yourself
3. IT assesses recovery options within 30 minutes
4. If hardware failure: spare device activated
5. If data lost: cloud backup restore begins within _____ hours

If Ransomware Is Suspected:

1. IMMEDIATELY — Disconnect the entire office from the internet (unplug the WAN cable or shut down the router)
2. Do not power off infected computers — unplug the network cable, keep power on
3. Call IT: _____ — THIS IS AN EMERGENCY
4. Do not pay any ransom before consulting your IT provider
5. Photograph any ransom note displayed on screen

Section 4: Backup Locations and Access Information

(This section must be kept secure — only IT and the director should hold this)

Backup Type	Location	Access Information	Responsible
Office NAS	Server room	Rack #2, config in IT cabinet	IT Manager
Cloud backup	Wasabi / Backblaze	In KeePass password manager	IT Manager
Offsite backup	Director's cabinet	WD My Cloud drive, black USB	Director
Microsoft 365 backup	Dropsuite dashboard	In password manager	IT Manager

---

DRP Drills: Non-Negotiable

An unpractised plan is a plan that won't work.

Minimum Practice Schedule:

Drill Type	Frequency	Time Required	Who Participates
Single file restore	Monthly	30 minutes	IT + 1 staff member
Single system recovery	Quarterly	2–4 hours	IT team
Full disaster simulation	Annually	Half a day	Full leadership team

Document the results: How did actual recovery time compare to RTO targets?

Quarterly recovery drills expose gaps before a real disaster does.

---

Common DRP Mistakes in SMBs

❌ Outdated contact lists — phone numbers change but the document isn't updated ❌ Access credentials locked in a compromised email account — can't access when you need it most ❌ Only one person knows the DRP — what if that person is unavailable? ❌ Never practised — looks great on paper, fails in reality ❌ Not updated after infrastructure changes — new server bought, but DRP still describes old setup

---

Vietify IT Supports Your Business

We provide Disaster Recovery Planning services for SMBs in Da Nang:

• Assess specific RTO/RPO targets for each system
• Write a practical DRP tailored to your size and industry
• Deploy backup and recovery infrastructure
• Train staff on response procedures
• Run recovery drills annually with documented results
• Annual review and update as infrastructure evolves

Get a Free DRP Template. Book a consultation with Vietify IT — we'll review your infrastructure and provide a customised DRP template for your business.

Call: 0914 985 772 | vietify.vn/contact

---

Vietify IT Services — Disaster Recovery Planning and Data Protection for SMBs in Da Nang.