ITDR

corporate resilience advisory

Our Information Technology Disaster Recovery (ITDR) Plans will help you assess the severity of the situation, activate your team, and select the right recovery strategy.

case studies & testimonials

Trusted by inspiring organisations,
just like yours.

Disciplines that define your resilience A modular approach to building your ITDR program.

IT Disaster Recovery (ITDR) safeguards critical IT infrastructure by ensuring swift recovery from cyber incidents, outages, or data loss. Through tailored backup strategies and response plans, organisations can minimise downtime and maintain business continuity.

To support organisations in achieving true resilience, we provide 15 ITDR Disciplines that would - if validated annually - ensure true resilience. Each discipline can be adopted individually, but in most cases will form the majority of your ITDR program with Fixinc.

When you first engage us, we review the progress of each of these Disciplines within your organisation to determine your current capability.

ITDR Business Impact Analysis Report

DISCIPLINE MODULE

Data means nothing if it’s not communicated clearly. This module delivers a clean, structured report from your ITDR Business Impact Analysis, giving your leaders the insight they need to act with confidence.

ITDR Component Testing

DISCIPLINE MODULE

Your recovery process is only as strong as its weakest part. This module tests individual ITDR components, from backup systems to restoration protocols, so nothing fails when everything's on the line.

ITDR Plan Development

DISCIPLINE MODULE

Your disaster recovery plan is the playbook your team turns to when things go wrong. This module ensures that plan is built around reality, clean, accessible, and aligned to how your systems and people actually operate.

ITDR Program Review and Audit

DISCIPLINE MODULE

If you’re not reviewing your ITDR program regularly, you’re just hoping it’ll work. This module audits your entire recovery capability, systems, people, and plans, to ensure they’re aligned, current, and ready.

ITDR Business Impact Analysis

DISCIPLINE MODULE

Not all systems are created equal, and in a disaster, knowing what to recover first can be the difference between delay and disaster. This module focuses your IT recovery on what actually matters to your business.

ITDR Training

DISCIPLINE MODULE

A disaster recovery plan is only as strong as the people running it. This module turns ITDR knowledge into team-wide capability, clear, confident, and ready to act when systems go down.

IT Applications and Systems Mapping

DISCIPLINE MODULE

You can’t recover what you can’t see. This module maps every application and system in your environment, so you know what’s critical, what’s connected, and what’s at risk.

ITDR System Analysis

DISCIPLINE MODULE

If you don’t know how your systems connect, you won’t know what’s failing, or what to recover first. This module maps your infrastructure, uncovers risks, and gives you the visibility to lead with confidence during a disruption.

ITDR Test Exercise

DISCIPLINE MODULE

A recovery plan that hasn’t been tested is just theory. This module simulates a real-world IT disaster to test how your team responds, what breaks down, and where recovery needs to move faster.

Cyber Response Exercise

DISCIPLINE MODULE

When cyber incidents strike, they escalate fast. This module simulates a targeted cyber event in real time, helping your team respond with speed, clarity, and technical precision when every second counts.

ITDR Threat Analysis

DISCIPLINE MODULE

You can’t defend what you don’t see coming. This module analyses the evolving threat landscape, so your disaster recovery plans stay ahead of the next outage, breach, or breakdown.

ITDR Plan Training for Technical Teams

DISCIPLINE MODULE

Technical teams don’t need theory, they need to know exactly what to do when the pressure hits. This module trains your IT and infrastructure teams on the recovery plan they’ll execute when systems go down.

Disaster Recovery Training

DISCIPLINE MODULE

Disaster recovery doesn’t start with the IT team, it starts with everyone who relies on them. This module trains leaders, operators, and support teams to understand ITDR, their role in it, and how to respond when technology fails.

ITDR Team Development

DISCIPLINE MODULE

Even the best recovery plan fails without the right people behind it. This module helps you build a fit-for-purpose ITDR team, clear roles, defined authority, and seamless coordination across business and tech.

ITDR Strategy Development

DISCIPLINE MODULE

Disaster recovery isn’t just about restoring systems, it’s about knowing what to restore, when, and why. This module helps you build a recovery strategy that aligns with business priorities, threat realities, and technology architecture.

First principles resilience.
Clear programs, collaborativ delivery, and a fresh take on resilience.

01.

Phase

ITDR is the Planning Phase to our Tungsten Diamond lifecycle.

02.

Maturity

ITDR involves 15 Disciplines to reach full maturity.

03.

Maintenance

ITDR makes up a third of the Maintenance Program offering.

04.

act

Start a ITDR program within 48 hours with our Consultation package.

Information Technology Disaster Recovery (ITDR) is part two of your Cyber Incident Management Response. It's best broken down into how you assess your IT outage severity, how you activate your ITDR team, assessments of the business impacts to an event, and selecting a strong recovery strategy.

We do ITDR the same way we run our own business; by simplifying processes, going back to first principles, and standardising programs so anyone at any time can adopt how you plan and respond to a disruption. When you engage in a ITDR program with our Advisors at Fixinc, you are embarking on a partnership that is a collaborative effort, held together by strong and reliable communication. We're not your usual consultancy, we're something different, fresh, modern with a focus on the people that make up Australian, New Zealand, and Malaysian business. Still need convincing? Have a read of why OceanaGoldNTTOptus chose us in the case study below.

book a call to discuss

The Tungsten Diamond

Understanding the Diamond

When we assess the maturity of your ITDR, we measure this against our Tungsten Diamond model. This simple diagram maps the full corporate resilience spectrum; from compliance and planning, through to real-time response and technology. Our Advisory Board supports the end response, while our Directory and Resilience Services give you ongoing access to the tools, insights, and partnerships needed to strengthen planning. As a result, if you work with Fixinc, you are covered entirely.

learn more about the diamond

Digital Business Impact Analysis

emergency notications

F24 is our go-to platform for emergency notification and crisis management. It enables rapid, multi-channel communication during critical events, ensuring your teams receive timely alerts and can coordinate effectively. Integrated with our advisory services, F24 supports your organisation in managing crises confidently and efficiently.​

Client Portal and Advisory Board

emergency notications

F24 is our go-to platform for emergency notification and crisis management. It enables rapid, multi-channel communication during critical events, ensuring your teams receive timely alerts and can coordinate effectively. Integrated with our advisory services, F24 supports your organisation in managing crises confidently and efficiently.​

Meet your advisor

32 years of incident management and business continuity experience including serving in the British Army.

Brad Law is Fixinc’s Global Head of Consulting and one of the region’s most experienced resilience professionals. With over 30 years in business continuity, IT, and crisis leadership across the UK, Europe, Asia, and Oceania, Brad brings sharp, practical insight to every session. He’s the architect behind the Tungsten Diamond framework and has supported governments, banks, universities, and utilities through real-world crises. If you’re facing pressure, complexity, or just need clarity—Brad’s the expert you want in the room.

From frontline crises to boardroom strategy, Brad has led resilience programs across four continents and every major sector.

You’ll get straight, actionable advice grounded in real events, not recycled frameworks or generic best practices.

This isn’t a sales pitch. Brad treats every session as an opportunity to help—and prove why Fixinc is deeply connected to the co-creation of resilience.

Frequently asked ITDR questions

What are "cryptographic keys" and why does stealing them matter?

Cryptographic keys are like master keys that unlock encrypted data and verify the authenticity of digital communications. In SharePoint's case, these keys (called ValidationKey and DecryptionKey) are used to ensure that requests to the server are legitimate. When hackers steal these keys, they can create fake but valid-looking requests that SharePoint will trust and process. It's like someone stealing the master key to your office building and being able to make perfect copies. Even after you change the locks (patch the vulnerability), they can still get in using their copied keys until you replace the entire locking system.

How can hackers bypass MFA and SSO if these are supposed to protect us?

Multi-factor authentication (MFA) and single sign-on (SSO) are like security guards at the front door of your building. They check IDs and verify people before letting them in. But this SharePoint vulnerability is like a hidden tunnel that goes directly into the building, completely avoiding the front door security. The hackers don't need to present credentials or pass through your authentication systems because they're exploiting a flaw in how SharePoint processes certain data. Your security measures are still important, but they can't protect against attacks that don't use the normal entry points.

What does "remote code execution" mean for my business?

Remote code execution means hackers can run their own programs on your computer or server from anywhere in the world, without being physically present. It's like someone being able to operate your office computer from their home, opening files, installing software, or stealing data. In the SharePoint vulnerability, attackers can execute commands on your SharePoint server as if they were sitting at your IT desk with full administrator access. They can copy files, install malware, or use your server to attack other systems.

What is a zero-day vulnerability?

A zero-day vulnerability is a security flaw that hackers know about but the software company doesn't. Think of it like finding an unlocked back door to a building that the owner doesn't know exists. The term "zero-day" means there have been zero days to fix the problem since it was discovered. In this SharePoint case, attackers found a way to break into systems that Microsoft didn't know was possible. They exploited it for days before Microsoft learned about the attacks and could start working on a fix.

What makes your IT Disaster Recovery (ITDR) service different?

Our ITDR service takes a holistic approach, integrating technical recovery requirements with business needs. We help organisations identify critical systems, establish recovery time objectives, and develop comprehensive recovery strategies that align with business continuity goals.

How do we begin working with your organisation?

We start with an initial consultation to understand your needs and objectives through a 45-minute discovery call. This is followed by a digital proposal outlining recommended services, approach, timeframes, and investment required. We can then develop a detailed project plan based on agreed priorities. Once signed, an hours' engagement meeting is conducted within a 4 week window, and then the program begins.

How do you ensure program adoption across the organisation?

We use a combination of engagement strategies, including stakeholder workshops, training sessions, communication campaigns, and practical exercises to build awareness and capability across all levels of the organisation. At a more general level, we build relationships with key members of your team through email campaigns, one on one meetings, and even connecting over LinkedIn. This builds trust and typically uncovers issues or ideas from more introverted colleagues.

Do you provide ongoing support after the program is implemented?

Yes, and in fact, it is our core service offering outcome. At Fixinc, we're seeking to build lifelong partnerships with individuals and organisations. This does two things: it allows us to pore ourselves into the very fabric of your organisation and threat landscape, build relationships where we are always available to support you, and hold ourselves accountable to ensure your resilience capability is continuously growing.

What makes Fixinc different from other resilience solutions?

First and foremost, it is the simplicity of our programs. Many organisations and professionals are led to believe that the "threat landscape is evolving at an unprecedented rate", and whilst there is no legitimate data to support this claim, it only creates fear through marketing. We believe that resilience can be a simple, modern skill developed through building a culture of resilience, and removing the noise of bulky plans and poor technology.

How long does it typically take to implement a comprehensive resilience program?

Implementation timeframes vary based on organisation size and complexity, typically ranging from 6-9 months. We provide a detailed project plan with milestones and can phase implementation to address priority areas first. Our team are considered industry experts in project management and implementation. Typically, the only delay are stakeholders from your organisation. Our quickest program rollout was 4.5 weeks.

How does Fixinc customise resilience programs for different industries?

Fixinc tailors programs based on industry-specific risks, regulatory requirements, and your business goals through detailed assessments and expert consultations. Utilising hundreds of millions of threat intelligence data sets through our technology partnerships, we're able to create tailored programs for each organisation in any industry.

What information do you need from us to get started?

Initially, we need to understand your current resilience capabilities, regulatory obligations, key risks, and strategic objectives. We'll provide a detailed information request once we agree on the scope of engagement via our client portal.

How do you determine the cost of your services?

Our pricing is based on the scope of services required, organisation size, and complexity of requirements. All activities start from a base investment that we can share with you. We provide detailed proposals with clear deliverables and can structure engagements to align with your budget constraints. Typically, our client base has an annual business continuity budget of $45,000 or an entire resilience program of between 55 and $100,000.

How do your services help organisations become more resilient?

Our comprehensive suite of services helps organisations prepare for, respond to, and recover from disruptions through integrated approaches to emergency management, crisis management, IT disaster recovery, and business continuity planning. We align these with international standards and local regulatory requirements. However, at its core our programs and support gets into the heart of your culture and continuously identifies ways to simplify how you plan and respond to threats. People are busy, they don't have time to attend multiple, day long training. We make it simple.

How long does it take for a program to be rolled out?

Our team focus heavily on streamlined project management processes. We utilise our own technology to create implementation plans that make every step seamless. External factors (like getting your team involved with meetings) may impact time, but we have techniques to speed this up. Typically, a single program can take between 5 weeks and 3 months.

What ROI can organisations expect from implementing these programs?

While ROI varies, organisations typically see benefits through reduced impact of disruptions, improved stakeholder confidence, competitive advantage, and reduced insurance premiums. We can provide case studies demonstrating value realisation.

What types of organizations do you typically work with?

We specialise in serving medium to large-sized organisations across New Zealand, Australia, and Malaysia (the Oceania and ASEAN regions), in both public and private sectors. Our clients include financial institutions, government agencies, healthcare providers, and major corporations. You can see a list of all our industries serviced here.

How much does a typical program cost

In most cases, you can expect programs to start from $10,000 AUD. However, reviews are as little as a few thousand. After we establish a scope of work and your requirements, we can provide you an initial quote within the same day of enquiry to pinpoint a more appropriate fee. We believe in long-term partnerships at Fixinc, so if budgets are a restraint, we can work with you.

Still have questions?

Over a no-obligation call, we will walk you through how are tools work for you to determine if they're right for you.

Next Service:
Emergency Management

Discover

Build strong Emergency Management response plans and programs, create confident teams, design professional evacuation plans, and couple it all together with Europe's leading response technology.

Emergency Management advisory services in New Zealand, Australia, Malaysia. By Fixinc