What should an IT disaster recovery plan for small business include?
An IT disaster recovery plan for small business should define a recovery time objective (RTO) and recovery point objective (RPO), establish cloud-based or offsite data backups tested against those targets, identify a recovery site model (cold, warm, or hot), assign a documented incident response team, and include a communication plan that functions when primary systems are offline. For Southern California businesses, the plan must also account for wildfire-related power and connectivity outages and earthquake-triggered infrastructure damage — two threats that operate on overlapping timelines and require different recovery assumptions.
For any Los Angeles business that relies on technology to operate — which is every business — an IT disaster recovery plan is not optional infrastructure. It is the documented difference between recovering from a disruption in hours and losing the business entirely.
This guide walks Southern California companies through how to build, test, and maintain a managed disaster recovery plan that holds up under the specific conditions this region creates: year-round wildfire risk, constant seismic exposure, and the power and connectivity failures that follow both.
Southern California businesses face a threat combination that is unlike almost anywhere else in the country: wildfire seasons that now run nearly year-round, and seismic risk that never goes away. If your IT infrastructure goes down during a disaster, the clock starts immediately and it’s important to understand the difference between disaster recovery and business continuity.
For small businesses, unplanned downtime can cost roughly $100,000 per hour. For larger organizations, the figure climbs much higher. A current, tested disaster recovery plan is the difference between a disruption your business recovers from and one it does not.
Why Southern California Businesses Need to Refresh Their DR Plans Right Now
Cal Fire data shows that California’s most destructive wildfire periods have increasingly extended beyond the traditional fall window, with significant fire activity now occurring from late spring through winter. June marks the point at which fire weather conditions in Los Angeles, Ventura, and San Bernardino counties begin to intensify.
The January 2025 Los Angeles wildfires were a stark reminder of how quickly conditions can escalate. The Palisades and Eaton fires caused widespread power outages, forced evacuations across commercial districts, and disrupted business operations for weeks in some areas.
Many businesses discovered during that event that their disaster recovery documentation was outdated, their backups had not been tested, or their recovery procedures assumed access to physical office infrastructure that was no longer available.
Earthquake risk adds a separate but equally serious layer. The USGS estimates a 60% probability of a magnitude 6.7 or greater earthquake striking the greater Los Angeles area within the next 30 years.
Unlike wildfires, earthquakes provide no warning period at all. A DR plan built only around events with some lead time (evacuations, weather forecasts) will have critical gaps when applied to a seismic event.
The business case for updating your plan now is straightforward. According to research, the costliest consequences of downtime that IT leaders consistently identify are lost revenue (cited by 53%), lost productivity (47%), and lasting damage to corporate reputation (41%). All three compound the longer a business remains offline.
Defining RTO and RPO: The Foundation of Any IT Disaster Recovery Plan
Before choosing any specific technology or recovery site, a business needs to define two numbers that will drive every other decision in the disaster recovery plan.
- Recovery Time Objective (RTO) is the maximum amount of time your business can afford to be offline before the disruption causes unacceptable damage. A business with an RTO of four hours needs to be back online within four hours of a disaster. A business with an RTO of 24 hours has more flexibility but still needs a plan that reliably hits that target.
- Recovery Point Objective (RPO) is the maximum amount of data loss your business can tolerate, expressed as time. An RPO of one hour means your backups must be current enough that you never lose more than one hour of data. An RPO of 24 hours means daily backups are sufficient.
For most Los Angeles small businesses, an honest assessment of RTO and RPO reveals that their current backup and recovery setup does not actually meet their own tolerance for loss. A business that says it cannot afford to lose more than two hours of data but only backs up nightly has an RPO gap of up to 22 hours.
Cold Site vs. Warm Site vs. Hot Site: Choosing Your Recovery Model
The three standard recovery site models represent different tradeoffs between cost and recovery speed. For Southern California businesses, the right choice depends on your defined RTO, your budget, and the nature of your operations.
Disaster Recovery Site Comparison: Cold vs. Warm vs. Hot
| Definition | Empty facility with power and connectivity only | Partially equipped with hardware and some systems pre-configured | Fully operational mirror of primary environment |
| RTO | 72 hours or more | 4 to 24 hours | Minutes to 2 hours |
| RPO | 24 to 72 hours | 1 to 24 hours | Near-zero to 1 hour |
| Monthly cost (SMB estimate) | $200 to $1,000 | $1,500 to $5,000 | $5,000 to $20,000+ |
| Hardware on-site | None | Partial | Full mirror |
| Best for | Low-criticality operations, tight budgets | Most small to mid-sized businesses | Healthcare, finance, e-commerce, mission-critical ops |
| Wildfire suitability | Limited (slow activation) | Good (if site is outside fire zone) | Best (immediate failover) |
| Earthquake suitability | Poor (assumes staff can access site) | Moderate | Best (cloud-based hot site removes site access dependency) |
For most Los Angeles SMBs, a warm-site model delivered through cloud infrastructure represents the best balance of cost and capability. Cloud-based warm sites eliminate the geographic vulnerability of a physical alternate location (which could itself be affected by a regional disaster) and allow activation without staff needing to physically travel anywhere.
A fully cloud-based hot site is worth the premium for businesses where even two to four hours of downtime has direct revenue or compliance consequences, including medical practices, legal firms, financial services, and e-commerce operations.
The Real Cost of Getting This Wrong
Small businesses with fewer than 25 employees can face downtime costs of approximately $100,000 per hour. Larger organizations see that figure climb to between $500,000 and $1 million per hour, with healthcare and financial sector businesses exceeding $5 million per hour in high-stakes scenarios.
For context: the average wildfire-related business disruption in Los Angeles during the January 2025 fires lasted between three days and two weeks for businesses in affected areas. At even the low end of SMB downtime costs, a 72-hour outage represents $7.2 million in losses. Most small businesses do not survive that scenario without a working recovery plan already in place.
This is also why the recovery site model you choose matters so much. A cold site with a 72-hour RTO exposes a small business to the full weight of that downtime cost. A warm or hot site with a four-hour or sub-two-hour RTO contains the damage to a fraction of that figure.
How to Build an IT Disaster Recovery Plan: A 7-Step Checklist for Southern California Businesses
This checklist is designed for businesses that already have some form of IT disaster recovery documentation but have not formally reviewed or tested it within the past 12 months. Each step is actionable and can be completed with internal resources or with the support of a managed IT services partner in Los Angeles.
1 – Pull your existing DR plan and identify what has changed since it was last updated
Start by locating your current documentation. If it references hardware, software, staff members, office locations, or vendors that have changed, those sections are immediately outdated and must be revised before anything else. Pay particular attention to contact lists, which go stale quickly, and any references to physical office infrastructure that may have changed due to remote or hybrid work arrangements.
2 – Reconfirm your RTO and RPO with current leadership
Business priorities shift. The RTO and RPO that were acceptable two years ago may no longer reflect your current operations, client obligations, or contractual requirements. Bring key stakeholders together for a short working session to reconfirm these numbers. If you serve clients with their own uptime requirements (such as SLA-bound service contracts), their requirements set a ceiling on your RTO.
3 – Audit your current backup configuration against your RPO
Pull a report from your backup system showing the last 30 days of backup jobs. Verify that backups are running on schedule, completing successfully, and storing data at a frequency that matches your defined RPO. If you have a one-hour RPO but your backup logs show daily jobs with frequent failures, you have a critical gap. Reviewing your data backup and protection setup at this stage will surface problems before a disaster does.
4 – Test your recovery procedure, not just your backups
Running a backup and being able to restore from it are two different things. A backup that has never been tested is an assumption, not a safety net. Conduct a restoration test using a non-production environment and document how long the full restoration takes. Compare that time against your RTO. If the actual restoration time exceeds your RTO, you need either faster recovery infrastructure or a revised plan.
5 – Assess your recovery site for geographic and seismic risk
If your DR plan relies on a physical alternate location, verify that it is outside the fire risk zones identified in Cal Fire’s current hazard severity maps for Los Angeles, Ventura, and San Bernardino counties. Also assess whether the site is in a different seismic zone from your primary location. A backup site five miles from your office offers limited protection in a regional earthquake. For businesses that want to minimize business disruptions from regional events, cloud-based recovery removes geographic vulnerability entirely.
6 – Update your communication and escalation plan
Your DR plan should specify exactly who contacts whom, through which channels, and in what order when a disaster occurs. Verify that all staff contact information is current, that the escalation chain reflects your current organizational structure, and that the plan does not assume communication methods that may be unavailable during a disaster (such as phone calls when cell networks are overloaded, or email when your server is offline). Designate out-of-band communication options such as a group text thread or a pre-established check-in protocol.
7 – Document the refresh and schedule the next one
Date-stamp the updated plan, note what was changed, and identify who reviewed and approved it. Then schedule the next review before you close the document. For Southern California businesses, a twice-yearly review cadence (once before fire season in late spring, once before the wet season in November) aligns the refresh cycle with the regional risk calendar. Your data recovery solutions should also be reviewed on this same cadence to ensure technology choices remain current.
Wildfire vs. Earthquake: Different Disasters, Different DR Requirements
A DR plan built only for one disaster type will have gaps when the other strikes. Here is how the two primary Southern California threats differ in their IT recovery implications.
| Warning time | Hours to days (evacuation orders) | None |
| Primary IT risk | Power loss, facility damage, evacuation | Physical hardware damage, network infrastructure failure |
| Staff availability | May be evacuated or displaced | May be unable to travel to office |
| Internet/connectivity | Often disrupted in affected zones | Fiber and cell infrastructure may be physically damaged |
| Recovery site access | Staff can typically relocate | Staff may be unable to travel |
| Cloud recovery advantage | High (access from anywhere) | Critical (no travel required) |
| Key DR priority | Offsite backup accessibility, remote work capability | Hardware redundancy, cloud failover |
This comparison illustrates why cloud-based recovery infrastructure is particularly well-suited to the Southern California threat environment. Both wildfire and earthquake scenarios benefit from recovery models that do not require physical access to a specific location.
A fully cloud-hosted recovery environment can be activated from any device with an internet connection, by staff working from home, a coffee shop, or a temporary office space.
Create a Wildfire Disaster Recovery Plan for Business with Managed IT
For most small to mid-sized businesses, maintaining a current, tested disaster recovery plan is not something the internal team has the bandwidth to prioritize consistently. It competes with daily operations, help desk demands, and a dozen other IT priorities.
This is precisely where managed IT services deliver value that is difficult to replicate internally. A managed IT partner takes ownership of the DR lifecycle: maintaining documentation, monitoring backup jobs, conducting restoration tests, updating recovery procedures when systems change, and coordinating the response when an actual event occurs.
They also bring vendor relationships and infrastructure options that most small businesses cannot access independently, including enterprise-grade cloud recovery platforms and colocation partnerships.
For a Los Angeles business evaluating its DR readiness ahead of fire season, the practical question is not whether a managed IT partner is affordable. It is whether the cost of a managed DR program is less than the cost of 72 hours of downtime.
FAQs: IT Disaster Recovery Plan for Los Angeles Businesses
What is a wildfire disaster recovery plan for business?
How often should a Los Angeles business update its disaster recovery plan?
What is the difference between RTO and RPO?
What is the difference between a cold site, warm site, and hot site?
A cold site is a facility with power and connectivity but no pre-configured hardware, resulting in recovery times of 72 hours or more. A warm site has partial hardware and system configuration in place, enabling recovery in 4 to 24 hours.
A hot site is a fully operational mirror of your primary environment, enabling recovery in minutes to two hours. For most Los Angeles small businesses, a cloud-based warm site delivers the best balance of cost and recovery speed given the regional risk environment.
Does a disaster recovery plan cover earthquakes as well as wildfires?
A well-designed disaster recovery plan should cover both, but the two threats have different implications for IT recovery. Wildfires typically provide some warning time (evacuation orders) and primarily affect power and facility access.
Earthquakes provide no warning and can cause direct physical damage to hardware and network infrastructure, as well as preventing staff from traveling to office or recovery locations. Cloud-based recovery infrastructure addresses both scenarios more effectively than physical alternate sites, since it can be accessed from any location with internet connectivity.
How do I know if my current backups are actually working?
The only way to verify that backups are functional is to test restoration from them. Many businesses run backup jobs that appear to complete successfully but produce corrupted or incomplete data that cannot actually be restored.
A backup audit should include pulling a restoration test in a non-production environment and documenting the time required to complete a full restore. That time should then be compared against your defined RTO. If the restoration time exceeds your RTO, your current backup infrastructure is not sufficient to meet your recovery objectives.
What should be in a business communication plan for a disaster event?
A disaster communication plan should specify the escalation chain (who contacts whom and in what order), the communication channels to be used (and backup channels when primary options are unavailable), staff check-in procedures, client notification responsibilities and messaging, and vendor contact information for critical IT and business services.
It should not rely exclusively on communication methods that may be unavailable during the event itself, such as office phone systems or email hosted on affected infrastructure.
Building and Maintaining Your IT Disaster Recovery Plan With a Managed IT Partner
Southern California’s disaster calendar does not align with IT project timelines. Fire weather conditions in the greater Los Angeles area begin intensifying in June and can produce major incidents through the following winter.
The businesses that weather those events without lasting damage are the ones that updated their recovery plans before the season started, not during it. If your DR documentation has not been reviewed since last year, or if your backups have not been tested in recent months, now is the time to close that gap.
For most small to mid-sized businesses, maintaining a current, tested IT disaster recovery plan is not something the internal team has the bandwidth to prioritize consistently. It competes with daily operations, help desk demands, and a dozen other IT priorities.
This is where managed IT services deliver value that is difficult to replicate internally. A managed IT partner takes ownership of the full disaster recovery lifecycle: maintaining documentation, monitoring backup jobs, conducting restoration tests, updating recovery procedures when systems change, and coordinating the response when an actual event occurs.
For Southern California businesses evaluating DR readiness ahead of fire season, the practical question is not whether managed disaster recovery services are affordable. It is whether the cost of a managed program is less than the cost of 72 hours of downtime — which, for a small business, can reach $7.2 million.
Be Structured provides IT disaster recovery planning, data backup and protection, and all-inclusive managed IT support specifically designed for Los Angeles businesses operating in a high-risk environment. From initial DR assessment through implementation and ongoing plan maintenance, our team keeps your recovery infrastructure current, tested, and ready before the next event — not after it.
Contact Be Structured today to schedule a disaster recovery assessment.
