It is inevitable that at some point in your business career something will go wrong – this could be a server crash, a ransomware attack on your office premises could catch fire or flood. With the majority of business being carried out online, using computers, laptops, and other mobile devices (with minimum paper backups) should there be an outage for whatever reason, this could mean all your business data is inaccessible – essentially shutting the business down.
A Disaster Recovery Plan is a document that outlines all the procedures in place to deal with a disaster to ensure data is protected and the business is up and running as soon as possible. For more information on what a Disaster Recovery Plan is and the benefits to your business head over to our article, which includes what to include in a disaster recovery plan.
What is a disaster recovery plan?
A Disaster Recovery Plan is a document created by a Disaster Recovery Team within an organisation that identifies potential risks and outlines all the procedures in place to deal with these different incidents. The most common incidents include:
- Data breaches – which can be the result of poor security, ransomware, or malware.
- Technology failure – hardware can fail for a variety of reasons including malfunction or power outages which can result in business downtime.
- Natural disasters – this can cover anything that is non-technology based such as fire, flood, or earthquake which could affect office premises.
There are no limits to what could constitute a disaster for your business and therefore a Disaster Recovery Plan (DRP), whilst having some common elements may also have some bespoke elements too. The objective of a DRP is to get the business up and running as quickly as possible with little to no damage.
Benefits of a Disaster Recovery Plan
There are numerous benefits to having a Disaster Recovery Plan for your business. Although it is generally hoped that the plan won’t ever be needed it provides the security of knowing what you would do should the worst happen, meaning there will be little reliance on knee-jerk reactions.
Therefore, a DRP can:
- Reduce the time that business is interrupted.
- Limit the damage caused.
- Reduce the economic impact of the disaster.
- Identify weaknesses and alternative operational procedures in advance.
- Ensure all staff are trained in the procedures.
- Provide a quick and smooth return to ‘business as usual’.
Many businesses lose revenue and data when a disaster happens purely because they are unprepared and don’t have a plan in place. A robust plan will outline exactly what needs to be done, by whom and in what order, ensuring everything is carried out quickly and efficiently getting your business back trading ASAP.
How to create a Disaster Recovery Plan
So how do you create a foolproof Disaster Recovery Plan? First of all, the plan needs to be clear and easy to follow by anyone, not just those on the Disaster Recovery Team. It also needs to be easy to locate should the worst happen. There is little point in having one copy on a networked server, as this will then be unavailable should the server fail.
Allocate a Disaster Recovery Team (DRT) – This team will have the responsibility of compiling the DRP, as well as implementing it. They are also responsible for ensuring every member of staff knows their role, and who should be contacted when and in what order.
In addition to this there should also be a staff plan with relevant contact details which would still be operational should there be a technology failure.
Identify the major goals – The objective of each DRT could be different so it is essential to identify the overarching goals first; e.g. recover data, restore online presence.
Recovery Point Objective – Identify the time scale within which the business needs to be fully functioning before data could be irretrievably lost.
Recovery Time Objective – Identify how long it would be before the business would be negatively impacted.
Identify risks – There is no such thing as a one size fits all DRP as each disaster will bring its own challenges method of recovery. The DRT will identify each possible risk and create a DRP relevant to that risk.
Business Impact Analysis – Once the potential incidents are identified, the direct impact each of these could have on the business should also be assessed.
Identify critical and time-sensitive resources – Identify what documents and applications are critical to the business and then ensure getting those up and running are at the forefront of the plan. These will be specific to your business. Having a list of applications including whether they are a fixed asset and their importance to the running of the business is key to prioritising tasks. There should be a clear plan in place to restore hardware, software, and applications quickly and smoothly to get the business up and running again.
Specify backup solutions – It is important to identify what the backup procedure is, who is responsible for this and how often as well as what off-site storage solutions are in place. It is also key to identify what is most important data to back up (what can you not afford to lose), where this is backed up as well as the data recovery procedure.
It is also possible that your network could be ‘mirrored’ at another site, and if so this needs to be assessed and the recovery plan outlined clearly.
You can explore more about our back up services here.
These have to be put in place for all hardware (including handheld devices), computer room environment (servers, air conditioning), connection to third-party services (broadband, cable), software applications as well as data recovery.
Inventory of hardware
Create a list of all technology and hardware including make, model, and whether it is owned or rented.
Different office set-ups also need to be assessed including remote, hot-desking or office-based as well as the alternative backup solutions following a disaster.
Some third parties can provide hot sites to help with disaster recovery, where their data centres hold regularly used hardware and software. Subscribers can store data at the hot site for disaster recovery.
Following an incident, it should be clear who will be responsible for assessing the damage and repairing and rebuilding the systems.
Maintain the DRP
Once a DRP is created it shouldn’t be put in a drawer and forgotten about. It should be reviewed, tested, and updated regularly, as the process falls apart if the people to contact on the list are no longer working at the company, or some applications are no longer in use.
With much business now being carried out over the cloud, some organisations adopt online disaster recovery services which can automate some of the procedures, therefore, speeding up the data recovery process and getting the business online quicker.
If you would like to discuss putting a Disaster Recovery Plan in place or would like your current DRP assessed contact the team at CiS today.