A Disaster recovery plan outlines the strategies and procedures you need to follow after a disaster so as to resume your IT operations on an acceptable level. A disaster can have very serious consequences if you are unprepared. 40% of businesses that encounter a major IT failure go out of business within one year. Data from National Archives & Records Administration in Washington indicate that 93% of companies that lost their data centers for 10 days or more filed for bankruptcy within a year, whereas 50% of companies who found themselves without data management for 10 days or more after a crisis filed for bankruptcy immediately. In my years of experience I have found that companies with a sound Disaster Recovery Plan are able to minimize damages due to downtime after a crisis strikes. To ensure that your organization is ready to encounter with any sort of disaster, I urge you to develop a DR plan and follow these steps while doing so:
1. Perform a Risk Assessment and establish RTOs and RPOs
Before you start designing your plan, you need to perform a risk assessment to identify which are the most critical IT services on which the functioning of your business depends. Once you have identified such services, you should thoroughly examine the internal and external threats and vulnerabilities that these services are subjected to. Furthermore, you need to establish RTOs and RPOs. The RPOs (Recovery point objectives) is the age of the file that must be extracted from the backup systems after a disaster halts business operations. The RPO govern the frequency of the backups and often, the backup technology to be employed for data storage. The RTOs (Recovery time objectives) is the maximum tolerable time that your network can be down. This will majorly depend on the extent of the disruption and the affected equipment and applications.
2. Formulate Strategies:
Once you have identified which are the most crucial business systems you need up and running after a crisis and defined your RPOs and RTOs, develop plans as to how you would protect these infrastructures and how you would recover them. The strategies you develop to encounter and recover should take into account budget constraints, technological and staff constraints, the nature of your existing onsite/online data storage systems and the available resources.
3. Develop Plans:
Once you have developed strategies to protect and recover your infrastructure and made sure that they are well within the limits of your budget and company policies, translate these strategies into actionable steps. These steps explain in detail what the employees must do to in the response stage to bring the infrastructure back to a temporarily running state to avoid massive downtime and in the recovery stage to fully recover from the crisis. At the end of this step, you should have a detailed plan that lists all your critical systems on the basis of their impact on the company or their vulnerability, the RPOs and RTOs of the respective systems, the perceived threat and lastly, strategies and action plans you need to employ to prevent, respond to the crisis and recover from it.
Structure of a good DR Plan
According to ISO standards, a good Disaster Recovery Plan must follow the sequence defined below:
- Key Action steps: This provides contact information of employees and list of places for the employees to assemble in case of an evacuation.
- Introduction: It defines the purpose and scope of the plan.
- Roles and Responsibilities: This section defines the roles and responsibilities of all the DR team members.
- Incident Response: It contains instructions for employees to become aware of “abnormal” situations, assess the situations and adopt measures to contain the damage.
- Plan activation: If the disaster could not be controlled in the Incident Response stage, this section clarifies which disaster recovery plan to invoke.
- Procedure: This section contains the response and recovery methods we saw above. Members of the DR team, each of which have their roles and responsibilities predefined, follow the steps outlined to restore their IT strategy and infrastructure.
In addition to developing a proper DR plan, you must ensure that there are regular drills so as to check the feasibility and efficiency of the plan. You must practice it and update it frequently.
To sum everything up, while developing an adequate DRP, you need to assess the most critical components of your business and take steps to avoid damage to such infrastructure and then to restore such components to a functioning stage at the earliest so as to reduce the downtime your business experiences during a crisis. Such infrastructure may include your data center or your data storage facility. Upon identifying such critical systems, you must formulate strategies and their corresponding actionable steps that take into account all the factors in your business environment, mainly the budget, the senior management policy, technological and manpower constraints, etc. Once you have come up with a detailed plan, you should practice it in the form of drills on a regular basis to get the employees acquainted with their responsibilities and avoid chaos on the actual day of the crisis.
Developing a good disaster recovery program demands the expertise of professionals. An inadequate DR plan will increase your downtime and prove harmful for your business. NIC has been an experienced player in this field along with the other managed IT services that we provide. We are a managed service provider based out of Los Angeles. For more than a decade, we assist numerous companies in developing their DR plans and backup services. We cater to businesses of all sizes. Contact us today to know how we can help you to protect your data and applications.