Essential Steps to Disaster Recovery Planning
In the face of catastrophe, natural or man-made, a business can be left in turmoil, resulting in loss of work time and, thus, loss of business. The main question is how deep that loss will be. Year after year, we read surveys that indicate many organizations are still not confident in their ability to restore normal business operations in a reasonable time frame following a disaster event. Regardless of statistics that tell us every minute of downtime can cost a business umpteen thousands of dollars, many shops haven’t yet established a corporate disaster recovery plan they know they can rely on.
Though a recovery plan can be quite lengthy, it can generally be broken down into these major steps:
Understand Your Business
Before you begin writing your plan, it is important to define your business in writing. Establish the basics of the company and what you are trying to achieve. You should also take inventory of how the company works and the essential day-to-day operations that keep it running.
Assess the risks
Look at the range of things that could go wrong with your IT systems, not just one specific scenario. What potential disasters is your business most at risk for experiencing? If any one of those disasters strikes, what would the impact be? A risk assessment answers these questions so that you can assure your disaster recovery plan adequately addresses the risks your business actually faces. There are typically four risks every business faces in relation to the company’s ability to function. A risk assessment is designed to mitigate risks that can cause any of these scenarios:
- A loss of the business’ facilities (or access to the facilities)
- A loss of business data
- A loss of the IT department’s services
- A loss of essential skills to run IT and/or the business itself
Determine what scenarios might cause any one or more of these situations, and these are the risks you need to prepare a disaster recovery plan to address. Make a checklist of all equipment that can be used to aid recovery.
Implement a Plan of Action
Divide the plan into categories to make it more manageable. Come up with a plan of action for communication, clients or customers, vendors, employees and digital backups. These indexes will make it easier to utilize the plan if and when it is needed.
Priorities your threats
Organize the threat in a logical manner. For instance, what is most likely to occur, which city will do the most damage to your city, where are you more vulnerable, what will hurt the most, what will hurt you the most etc. Focus on those which are more disastrous and plan accordingly.
Plan your employee’s roles & responsibilities
Most businesses make the mistake of jumping right to the technology part of a disaster recovery plan, forgetting that technology is nothing without the people to run it and somewhere for it to run. So, the first part of your disaster recovery should focus on the people. The most efficient and failsafe way to create a plan that works in practice is to assign roles, and then to designate specific responsibilities within those roles. While you’re doing this, don’t forget that some disasters may render people unable to be there. Establish backup personnel for each function.
Implement off-site backups
Unfortunately, the vast majority of businesses are relying on backups on-site, meaning if a disaster hits your premises directly, backups are worthless. Choosing a cloud backup provider enables your data to be encrypted and stored OFF-site, so if anything happens to your property, your data will be safely stored in another location.
Construct a business continuity plan
In the event of an emergency restricting access to your premises, or even just a power-cut – it is vital that business can continue as normal. Being thoroughly prepared for situations like these means having a continuity plan in place, allowing operations via mobile phone, laptop, iPad or even good old-fashioned handshakes to carry on without disturbance.
Managing Technology During a Disaster
As you draw up your disaster recovery plan, don’t think in terms of immediately fully restoring all your systems to their pre-disaster state. To do so is essentially setting up your recovery teams for failure. Outline the essentials, the nice-to-haves, and the maybe-laters. This method puts the least stress on your recovery team, while putting them in the best position to succeed. Essentials include everything that you have to have to function as a business. If you’re using mostly cloud-based applications and systems, this part of the process might merely be a matter of setting up some computers, running some networking cables, and logging into your cloud service providers.
Disaster Recovery Documentation
When all is said and done, the success or failure of your disaster recovery plan hinges as much on documentation as anything else. Draft documentation that can be easily and quickly followed, even if workers are in shock, tired, and afraid. Along with the roles and responsibilities, include contact information for your hardware and software vendors and a copy of your current IT asset management list. You’ll also need things like account numbers, passwords, access codes, etc. Like all aspects of your disaster recovery plan, it is essential to keep copies of your documentation offsite, for the same reasons that you need offsite copies of your backups. A cloud service is ideal for keeping documentation safe from any disaster that befalls your business.
Testing & Updating a Disaster Recovery Plan
It’s common for businesses to create a plan, run through it a time or two with their teams, and stow it away for a decade ‘until it’s needed’. By then, all of your systems have been replaced, key personnel have come and gone, and your disaster recovery plan is wholly inadequate to help you restore systems and operations. It has to be reviewed. Generally speaking, anytime you need to update your asset management system, your payroll system, or any vendor contracts, it’s also time to update the disaster recovery plan to reflect those changes.
Disaster recovery isn’t just about hurricanes and earthquakes and fires and floods. The most common disasters faced by IT teams in real life are server failures, data breaches, and other situations that draw downtime, revenue loss, and customer angst. So if you’d like to discuss any of our tips in further detail, please get in touch.