Business disruptions are facts of life. We have been seeing news about extreme weather, economic downturn and civil unrest lately. These are becoming more common these days. Your business must be equipped to ride out these disruptions, aside from mundane events. The key is in creating and executing an actionable disaster recovery plan.
What is a disaster recovery plan?
Technopedia defines disaster recovery plan (DRP) as a “business plan that describes how work can be resumed quickly and effectively after a disaster”. It is an essential part of business continuity, or the ability of an organization to continue operating during and after a disturbance. Business continuity is the macro perspective while DRP, the micro.
IT has now evolved from being a support system to cornerstone for any organization and a DRP is the necessity for every organization that runs its operations through IT systems, use IT systems to deliver its products/ services and store business information digitally. It allows an organization to operate, even at a minimal level, by recovering enough data and system functionality.
How to create a disaster recovery plan? Start by listing down your objectives.
What are the objectives of a disaster recovery plan?
A business or organization creates a DRP for the following general reasons:
- To protect critical data and records
- To safeguard and make available IT equipments/ Infrastructure to ensure the safety and recovery of data and records from predictable disasters
- To mitigate the risk of disasters due to human error, deliberate destruction and facilities/equipment failures
- To ensure the business or organization’s ability to continue operating during and after a disaster
- To recover lost or damaged data or records after a disruption within the acceptable time frames
- To provide an orderly and efficient transition from normal to emergency condition.
- To establish the threshold at which emergency response is triggered and determines who authorizes the response
- To have consistent understanding and strategy amongst concerned agencies for tackling the disasters.
It is advisable that you set specific objectives that are unique to the nature of your business, your organizational structure, resources and manpower.
What are the main components of a disaster recovery plan?
After you identify the objectives of your recovery plan, you can proceed in creating a feasible DRP. Here are the elements of a typical disaster recovery plan:
- A comprehensive inventory that includes all the IT assets including information on serial numbers, technical support data and contact information along with assets availability requirements
- A list of people (employees, managers, contractors, etc.) and their key roles and responsibilities that will ensure the DRP is executed accordingly. An organization must identify who are in charge of getting systems back and operating, those who will reach out to clients and shareholders, those who will get in touch with law enforcers, etc.
- An emergency communication strategy which is essential during and right after a disaster. Your DRP must include a contingency plan on how to communicate with employees, clients and other stakeholders. Develop backup plans in case phone lines and internet connections are down.
- A contingency plan with your service providers in the event of disruptions. How will they respond to your needs? What is their timetable? If such assistance is not included in your service level agreements (SLAs), you should consider appropriate provisions. Sit down and discuss it with your service providers.
A study by Antero Prazeres and Eurico Lopes from the Escola Superior de Tecnologia in Portugal enumerated points that need to be addressed in a DRP:
“Senior management must understand the effort needed and must commit to ensure its success; a project team must be selected that incorporates an adequate balance between IT and business community members; Solutions to fit the needs of the business and the IT communities and finally the final Plan needs to be incorporated with any other active plans such as Emergency Plans or Evacuation Plans, etc.”
An effective DRP is one that involves the entire organization, from the front liners to the service providers. Consider everyone’s role in keeping the organization and their IT systems running when disaster strikes.
What are the steps in creating a disaster recovery plan?
There is no one-fits-all recovery plan. Your DRP is different from other organizations’. “A project is unique in that which is not a routine operation, but a specific set of operations designed to accomplish a singular goal,” wrote Antero Prazeres and Eurico Lopes.
An effective recovery plan can be created with considering following steps:
- List down all your IT assets. – To create an effective recovery plan, you must know all the assets under IT management including all servers, storage devices, network equipments and others
- Indicate the location of each asset. – Clearly identify where each asset is physically located, which network it is connected to, the application it is running on, and indicate any dependencies.
- Determine the threats to each asset. – After conducting a comprehensive inventory of your IT assets, conduct a risk assessment to know the threats to each asset. List all the internal and external threats from natural calamities to common IT issues.
- Create solutions for different scenarios. – Once you have identified the threats, map out a strategy on how to deal with each scenario. Remember that disruptions are not limited to earthquakes and hurricanes. Consider mundane events which occur more commonly than massive calamities.
- Classify data and applications based on criticality. – Set meetings with support teams and managers to help classify data and applications based on criticality, frequency of change and retention. This will allow you to create recovery plans for data and apps with similar characteristics.
- Set a timeline. – Recovery time objective (RTO) is the acceptable period of time for which data, records and applications can be unavailable. The RTO will determine the features of your recovery tools and techniques. Do you have enough time to manually back-up data, or do you need a cloud-based backup for continuous data protection?
- Choose the right tools and techniques. – Match your objectives and resources with the right tools. Avoid over-protecting as this could lead to unnecessary expenses and complexity. To make sure you get the appropriate level of protection, consider working with specialists on disaster recovery management.
- Test your DRP. – Do not wait for a disaster to know whether your recovery plan works. Test your DRP to help you identify any areas of improvement. Key persons with important roles in the recovery plan must participate.
Generally, a DRP is to establish support for the processing and communications functions considered crucial by an organization and then to develop support for subsidiary systems. It is an essential part of business continuity. You should have an actionable recovery plan and every key member of your organization must be well-versed of his role in it.
Do not wait for a disruption to happen before taking action. Speak with disaster recovery management specialists at ECCI today! As Steven Cyros, President of the Department of Land Transfer Information, Inc. said, “Remember: When disaster strikes, the time to prepare has passed.”