<!-- This is the markdown version of https://www.fixinc.io/service/itdr -->
<!-- Canonical URL: https://www.fixinc.io/service/itdr -->

# ITDR > Information Technology Disaster Recovery (ITDR)

> Advisory services helping organisations assess IT outage severity, activate response teams, and select appropriate recovery strategies. 

*This content is available in full at: https://www.fixinc.io/service/itdr*

## Overview

IT Disaster Recovery (ITDR) safeguards critical IT infrastructure by ensuring swift recovery from cyber incidents, outages, or data loss. Through tailored backup strategies and response plans, organisations can minimise downtime and maintain business continuity.

ITDR is part two of Cyber Incident Management Response. It addresses how organisations assess IT outage severity, activate ITDR teams, conduct business impact assessments during events, and select strong recovery strategies.

Fixinc provides 15 ITDR Disciplines that, if validated annually, ensure comprehensive resilience. Each discipline can be adopted individually but typically forms the majority of an ITDR program. When organisations first engage, Fixinc reviews the progress of each discipline to determine current capability.

## ITDR Disciplines

### ITDR Business Impact Analysis Report

Data requires clear communication. This module delivers a structured report from ITDR Business Impact Analysis, providing leaders with actionable insight.

- [ITDR Business Impact Analysis Report](https://docs.fixinc.io/disciplines/itdr-business-impact-analysis-report.md): Structured reporting for IT recovery prioritisation

### ITDR Component Testing

Recovery processes are only as strong as their weakest part. This module tests individual ITDR components, from backup systems to restoration protocols.

- [ITDR Component Testing](https://docs.fixinc.io/disciplines/itdr-component-testing.md): Validation of backup and restoration systems

### ITDR Plan Development

Disaster recovery plans serve as playbooks during incidents. This module ensures plans are built around reality, accessible, and aligned with how systems and people operate.

- [ITDR Plan Development](https://docs.fixinc.io/disciplines/itdr-plan-development.md): Recovery plan creation and documentation

### ITDR Program Review and Audit

Regular ITDR program reviews prevent assumption-based planning. This module audits entire recovery capability including systems, people, and plans.

- [ITDR Program Review and Audit](https://docs.fixinc.io/disciplines/itdr-program-review-and-audit.md): Comprehensive recovery capability assessment

### ITDR Business Impact Analysis

Not all systems are equal. In a disaster, knowing recovery priorities determines outcomes. This module focuses IT recovery on business-critical elements.

- [ITDR Business Impact Analysis](https://docs.fixinc.io/disciplines/itdr-business-impact-analysis.md): System prioritisation for recovery sequencing

### ITDR Training

Disaster recovery plans require capable personnel. This module develops team-wide ITDR capability for confident action during system failures.

- [ITDR Training](https://docs.fixinc.io/disciplines/itdr-training.md): Team capability development for IT recovery

### IT Applications and Systems Mapping

Recovery requires visibility. This module maps every application and system in the environment to identify critical assets, connections, and risks.

- [IT Applications and Systems Mapping](https://docs.fixinc.io/disciplines/it-applications-and-systems-mapping.md): Infrastructure documentation and dependency mapping

### ITDR System Analysis

System connection understanding determines failure identification and recovery prioritisation. This module maps infrastructure and uncovers risks.

- [ITDR System Analysis](https://docs.fixinc.io/disciplines/itdr-system-analysis.md): Infrastructure risk assessment and visibility

### ITDR Test Exercise

Untested recovery plans remain theoretical. This module simulates real-world IT disasters to test team response, identify breakdowns, and improve recovery speed.

- [ITDR Test Exercise](https://docs.fixinc.io/disciplines/itdr-test-exercise.md): Simulated disaster scenarios for team validation

### Cyber Response Exercise

Cyber incidents escalate rapidly. This module simulates targeted cyber events in real time, helping teams respond with speed and technical precision.

- [Cyber Response Exercise](https://docs.fixinc.io/disciplines/cyber-response-exercise.md): Real-time cyber incident simulation

### ITDR Threat Analysis

Effective defence requires threat visibility. This module analyses evolving threat landscapes to keep disaster recovery plans current.

- [ITDR Threat Analysis](https://docs.fixinc.io/disciplines/itdr-threat-analysis.md): Threat landscape assessment for recovery planning

### ITDR Plan Training for Technical Teams

Technical teams require specific execution knowledge. This module trains IT and infrastructure teams on recovery plan execution under pressure.

- [ITDR Plan Training for Technical Teams](https://docs.fixinc.io/disciplines/itdr-plan-training-for-technical-teams.md): Technical team recovery execution training

### Disaster Recovery Training

Disaster recovery extends beyond IT teams. This module trains leaders, operators, and support teams on ITDR roles and technology failure response.

- [Disaster Recovery Training](https://docs.fixinc.io/disciplines/disaster-recovery-training.md): Organisation-wide ITDR awareness training

### ITDR Team Development

Recovery plans require appropriate personnel structures. This module builds fit-for-purpose ITDR teams with clear roles, defined authority, and coordination across business and technology.

- [ITDR Team Development](https://docs.fixinc.io/disciplines/itdr-team-development.md): Recovery team structure and role definition

### ITDR Strategy Development

Disaster recovery requires understanding what to restore, when, and why. This module builds recovery strategies aligned with business priorities, threats, and technology architecture.

- [ITDR Strategy Development](https://docs.fixinc.io/disciplines/itdr-strategy-development.md): Strategic recovery planning and alignment

## Program Framework

ITDR is part of the Planning Phase within the [Tungsten Diamond](https://docs.fixinc.io/tungsten-diamond.md) lifecycle model. The Tungsten Diamond maps the full corporate resilience spectrum from compliance and planning through to real-time response and technology.

**Program Integration:**

- **Phase**: Planning Phase of the Tungsten Diamond lifecycle
- **Maturity**: 15 Disciplines required for full maturity
- **Maintenance**: ITDR represents one third of the [Maintenance Program](https://docs.fixinc.io/maintenance-program.md) offering
- **Implementation**: Programs can commence within 48 hours through [Consultation](https://docs.fixinc.io/consultation.md) package

## Technology Support

### Digital Business Impact Analysis

Software platform for conducting and managing IT business impact assessments with structured data collection and reporting.

- [Digital Business Impact Analysis](https://docs.fixinc.io/technology/business-impact-analysis.md): Online BIA toolkit

### Client Portal and Advisory Board

Platform providing client access to documentation, project tracking, and advisory support during program delivery and incidents.

- [Client Portal](https://docs.fixinc.io/technology/client-portal.md): Centralised program management platform

## Program Lead

**Brad Law** serves as Global Head of Consulting at Fixinc with over 30 years experience in business continuity, IT, and crisis leadership across the UK, Europe, Asia, and Oceania. Brad developed the Tungsten Diamond framework and has supported governments, banks, universities, and utilities through real-world crises.

Experience includes:

- Resilience programs across four continents and major sectors
- Frontline crisis response to boardroom strategy development
- Actionable advice grounded in actual events

[Book a consultation](https://docs.fixinc.io/consultation.md): Schedule discussion with Brad Law

## Frequently Asked Questions

**What are cryptographic keys and why does stealing them matter?**

Cryptographic keys unlock encrypted data and verify digital communication authenticity. In SharePoint, these keys (ValidationKey and DecryptionKey) ensure request legitimacy. When hackers steal these keys, they create fake but valid-looking requests that servers trust and process. Even after patching vulnerabilities, stolen keys remain usable until the entire system is replaced.

**How can hackers bypass MFA and SSO?**

Multi-factor authentication and single sign-on verify users at entry points. Some vulnerabilities exploit flaws in how systems process certain data, bypassing normal authentication pathways entirely. Security measures remain important but cannot protect against attacks avoiding standard entry points.

**What does remote code execution mean?**

Remote code execution allows hackers to run programs on computers or servers from anywhere without physical presence. Attackers can execute commands on servers as administrators, copying files, installing malware, or using servers to attack other systems.

**What is a zero-day vulnerability?**

A zero-day vulnerability is a security flaw known to hackers but not to software companies. The term means zero days have passed to fix the problem since discovery. Attackers exploit these before companies learn about attacks and develop fixes.

**What makes Fixinc ITDR service different?**

Fixinc ITDR takes a holistic approach integrating technical recovery requirements with business needs, identifying critical systems, establishing recovery time objectives, and developing recovery strategies aligned with business continuity goals.

**How do organisations begin working with Fixinc?**

Initial 45-minute discovery call to understand needs and objectives, followed by digital proposal outlining services, approach, timeframes, and investment. Detailed project plan developed based on agreed priorities, engagement meeting within four weeks of signing, then program commencement.

**How does Fixinc ensure program adoption?**

Engagement strategies include stakeholder workshops, training sessions, communication campaigns, and practical exercises to build awareness and capability across all organisational levels. Relationship building with key team members through meetings and communication uncovers issues or ideas.

**Does Fixinc provide ongoing support after implementation?**

Ongoing support is the core service outcome. Fixinc seeks lifelong partnerships with individuals and organisations, enabling deep integration with organisational culture and threat landscape while maintaining continuous resilience capability development.

**What makes Fixinc different from other resilience providers?**

Program simplicity distinguishes Fixinc. Resilience is approached as a simple, modern skill developed through culture building and removing complexity from plans and technology.

**How long does comprehensive resilience program implementation take?**

Implementation timeframes range from six to nine months based on organisation size and complexity. Detailed project plans with milestones allow phased implementation addressing priority areas first. Quickest program rollout achieved in 4.5 weeks.

**How does Fixinc customise programs for different industries?**

Programs are tailored based on industry-specific risks, regulatory requirements, and business goals through detailed assessments and expert consultations. Threat intelligence data sets from technology partnerships enable tailored programs for any industry.

**What information is needed to get started?**

Initial requirements include understanding current resilience capabilities, regulatory obligations, key risks, and strategic objectives. Detailed information requests follow scope agreement via client portal.

**How are service costs determined?**

Pricing is based on service scope, organisation size, and requirement complexity. All activities start from base investments with detailed proposals and clear deliverables. Engagements can be structured to align with budget constraints. Typical annual business continuity budgets range from $45,000 AUD, with full resilience programs between $55,000 and $100,000 AUD.

**How do services help organisations become more resilient?**

Comprehensive services help organisations prepare for, respond to, and recover from disruptions through integrated approaches to emergency management, crisis management, IT disaster recovery, and business continuity planning aligned with international standards and local regulatory requirements.

**How long does program rollout take?**

Streamlined project management processes and proprietary technology create seamless implementation plans. External factors like stakeholder availability may impact timing. Typical single programs take between five weeks and three months.

**What ROI can organisations expect?**

ROI varies but typically includes reduced disruption impact, improved stakeholder confidence, competitive advantage, and reduced insurance premiums.

**What types of organisations does Fixinc work with?**

Fixinc specialises in medium to large organisations across New Zealand, Australia, and Malaysia in public and private sectors, including financial institutions, government agencies, healthcare providers, and major corporations.

- [Industries](https://docs.fixinc.io/industries.md): Full list of industries serviced

**How much does a typical program cost?**

Programs typically start from $10,000 AUD, with reviews at lower price points. Initial quotes provided within same day of enquiry following scope establishment.

## Related Service

**Emergency Management**: Build strong emergency response plans, create confident teams, design evacuation plans, and integrate response technology.

- [Emergency Management](https://docs.fixinc.io/service/Emergency-Management.md): Emergency response planning and team development

---

**View this page online:** https://www.fixinc.io/service/itdr

For program inquiries: [Contact Fixinc](https://www.fixinc.io/contact) | info@fixinc.org | +64 800 349 462