The first thing you need is a plan. The larger the organisation, the more complex the plan will become. You will need to allow for finding alternative suitable accommodation, sourcing new equipment, getting communications up and running, and then some.
Where are your systems? Conduct a data assessment. Know your high-value data assets - where your customer information and other sensitive data live, which files are heavily used, who is using them and which departments they align with. What is run and stored internally and what is in the cloud? What would happen if your cloud provider itself were to have a problem? How do you want to structure the retrieval of your data? Which are more important to your operation and need to be retrieved quickly and which are less important and can be left for later?
Good documentation is always important. This is especially true when dealing with Disaster Recovery where time is critical. If your Disaster Recovery plan is in a key employees head and that person leaves, you will not have the luxury of painstakingly recreating the knowledge required to get your systems up and running to a point of minimum viable recovery.
The Plan is made and the documentation is written, the proof of it’s worth and validity is in the testing. Also, Disaster Recovery plan testing is critical to identifying changes in the environment so that the plan can be updated or modified to include any new situations and to accommodate any altered conditions.