Incident & Disaster Recovery Planning
Plan for crisis. Test to survive. Recover with confidence.
Request a quoteThe problem
When ransomware, a data center failure, or a business email compromise hits, your organisation has minutes or hours to respond. Most SMEs discover their incident response plan during the actual incident โ when it is too late to write one. Without tested procedures, a single incident can result in days of downtime, permanent data loss, and reputational damage. Organisations that recover quickly are the ones that planned and tested before the crisis.
Our methodology
- Business impact analysis โ identify critical systems, dependencies, and acceptable downtime (RTO) and data loss (RPO)
- Incident response plan development aligned to NIST SP 800-61
- Disaster recovery strategy โ failover procedures, backup validation, recovery sequence
- Role-specific playbooks โ for executive, IT, communications, legal/compliance
- Tabletop exercise โ walkthrough of response and recovery procedures (2-3 hours)
- Full-scale simulation โ actually execute recovery steps, identify real bottlenecks (4-8 hours)
- Cyber attack simulation โ inject a realistic attack (ransomware, BEC, data exfiltration) and test full response cycle
- Post-exercise analysis and improvement roadmap
What you will receive
- Business impact analysis (critical systems, RTO/RPO targets)
- Incident response plan (NIST-aligned)
- Disaster recovery strategy and recovery runbooks
- Role-specific playbooks (executive, IT, communications, legal)
- Tabletop exercise report with gap analysis
- Full-scale simulation report (timeline, issues, lessons learned)
- Cyber attack simulation report (detection, response, recovery performance)
- Improvement roadmap and annual testing schedule
- Recovery procedures checklist (for use during actual incident)
Estimated timeline
6-8 weeks
The Power of Testing
Organisations that have tested their incident response and disaster recovery procedures recover 3-5x faster than those that have not. An untested plan is not a plan โ it is a list of hopeful ideas.
During an actual incident, your team will be panicked, uncertain, and under time pressure. The only thing that works is muscle memory from practicing. We help you build that muscle memory through structured exercises and realistic simulations.
Three Levels of Readiness
Level 1: Tabletop Exercise โ Discuss what you would do (2-3 hours, quarterly) Level 2: Full-Scale Simulation โ Actually execute recovery procedures (4-8 hours, annual) Level 3: Cyber Attack Simulation โ Realistic attack scenario with full response cycle (4-8 hours, annual)
After this engagement, every person with a role in incident response knows exactly what they are expected to do. The plan has been tested. The gaps have been identified and closed. You are ready.
Ready to plan and test your incident response? Start with a free 30-minute discovery call to assess your critical systems and discuss your readiness.
Frequently asked questions
What is a tabletop exercise?
A structured walkthrough where your team discusses how they would respond to a simulated incident โ ransomware, BEC, data center outage โ without actually triggering anything. The facilitator injects new information as the scenario evolves. Participants discuss decisions, roles, and escalation. It surfaces gaps in procedures and unclear responsibilities in a low-stakes environment.
Why do we need both tabletop exercises and full-scale simulations?
Tabletop exercises clarify what you should do. Full-scale simulations reveal what actually happens when you try to do it โ backups may take longer than expected, key people may be unreachable, your failover infrastructure may not work as assumed. You need both. Tabletops quarterly, simulations annually.
What is a full-scale simulation?
You actually execute recovery steps under controlled conditions. Trigger failover to backup systems, restore from backups, bring services online. Real timing, real problems, real learning. Supervised by us so we can pause and discuss when issues arise. Usually takes 4-8 hours and reveals bottlenecks that tabletops miss.
What happens during a cyber attack simulation?
We inject a realistic attack scenario โ ransomware spreads through your network, malware exfiltrates data, a compromised account is used for fraud. Your team detects it (if they can), responds, contains it, and initiates recovery. We observe and time the full cycle. This is the most stressful test but also the most valuable because it stresses your real capabilities under realistic pressure.
What scenarios do you simulate?
We focus on threats relevant to Tanzanian SMEs: ransomware (high frequency, real financial impact), business email compromise (most costly attack globally), mobile money fraud (Tanzania-specific), and data center outages (infrastructure risks in East Africa). You choose the scenario(s) most relevant to your risk profile.
What is RTO and RPO?
RTO (Recovery Time Objective) = how long you can afford to be without a system. RPO (Recovery Point Objective) = how much data loss you can tolerate. Example: your email RTO is 4 hours, RPO is 1 hour. Your payment system RTO is 1 hour, RPO is 15 minutes. We design your recovery strategy to meet these targets.
What if we fail the simulation?
That is the point โ to fail in a safe environment before the real incident. If recovery takes 6 hours but your RTO is 2 hours, you discover that now and can fix it (upgrade backup infrastructure, change recovery procedure, etc.). Every failed simulation is data you can use to improve.
What about compliance during recovery?
We integrate PDPA, BoT, and internal compliance requirements into your playbooks. For PDPA: breach notification must happen within 72 hours, forensics must be preserved. For BoT: certain incidents must be reported. For internal policy: you may need to escalate certain decisions. These are built into your procedures so compliance is automatic, not improvised.
Ready to get started?
All engagements begin with a free 30-minute discovery call. No commitment, no jargon โ just an honest conversation about your situation.