There are lots of "experts" out there who are ready to take your money to create a disaster recovery pla for you. While they have the experience to do this fast, the process is not really all that hard; it's just takes an active imagination.
Rule #1: Do this in writing; do not trust your memory.
Rule #2: Do it where it is easy to update and commit yourself to keeping it current. (This is difficult for those "experts.")
- Start by writing down every conceivable "disaster". This is not the time to rate or analyze them. This is a brainstorming exercise. For example: Host goes out of business; database corrupted; natural disaster hits data center; out of memory; designer/maintainer hit by truck.
- When you've finished that, go through the list. Rate each one by severity, but do not delete any. You might want to add in the cost of such a "disaster."
- Now sort the list by severity, highest first.
- Go through the list again. Ask yourself what could you do (probably manually) to fix or mitigate the problem. At this stage, you may very well be adding items to the list; that's a good sign. If you identify items that you don't know how to fix, find someone who does.
- Look for ways to automate the solutions (or portions) that may lend themselves to doing so. Keep in mind that automating a solution may result in additional "disasters". For example, "making off site back ups" leaves you with a) how do I get it back if I need it; b) how long will retrieving it take; c) what if my data format has changed; d) what do I do if the storage site is destroyed.
This is not rocket science, but it is an iterative process that needs to be revisited frequently.