If there is one thing the global pandemic has taught business, it’s that planning for disaster is key to business survival. This is why so many organisations are looking at implementing a disaster recovery plan to quickly react and recover from any potential threat. An important sub-section of this is the Information Technology (IT) disaster recovery which will look at:
- The recovery time objective (RTO) – The target length of time a business application can be down.
- The recovery point objective (RPO) – The age of files that must be recovered from backup storage for normal operations to resume.
What steps are needed for disaster recovery?
A disaster recovery plan can be a time-consuming and costly affair, but the risk of not implementing one can be the death knell of any organisation. In order to streamline the process and ensure an effective DR solution is in place, here are some steps to follow.
1. Organise the disaster recovery team
A business must put in place a DR team responsible for everything from developing and implementing the DR plan through to ongoing maintenance of it. Every team member must be fully briefed on his or her role within the team, responsibilities clearly defined, and emergency contact information readily available. Whatever disaster scenario is practised, the team members must fully understand their respective roles and actions to take.
2. Communication is key
When it comes to a disaster, panic is often the natural response. To counteract this, the DR team needs to fully brief every employee on what will happen in any scenario and, when the time comes, reiterate the procedure with everyone. The chain of communication is key so that nothing gets overlooked when stress is heightened.
3. Disaster risk assessment
Part of the development of a DR plan is performing a thorough risk assessment of an organisation to determine the most likely threats and counteract them. Once identified, the DR team can then outline possible recovery strategies, as well as the budget and resources required to keep the business operational.
4. Prioritise processes
In the midst of a disaster, it’s unlikely that any business can operate at 100% functionality, which is why a DR plan must highlight what the priority processes are so as to accommodate them. Short-term survivability will keep operations going until everything is functioning at full capacity once again.
5. Determine the data backup procedure
All the business’ critical applications, documents and equipment will need to be backed up in the event of a disaster. The focus should be on priority processes needed for daily operations, and it is vital that ongoing backup checks are performed. The backup location should also be off-site, so that there is no additional threat in the case of a natural disaster. When considering a data backup plan, all data on the network servers, desktop and laptop computers, and wireless devices must be identified, alongside any hard copy documents that are essential. Backup data should be protected with the same level of security as the original data.
6. Continue to update the disaster recovery plan
One of the biggest mistakes when putting together a disaster recovery plan is not following up with regular updates and maintenance. It cannot be viewed as a once-off project, stored away for ‘in case of emergency’, but rather a continual process that evolves to meet emerging threats on the horizon, while updating the priority documentation. The DR team will need to meet regularly to accommodate changes.
What are the types of IT disaster recovery plans?
Here’s a look at the main types of IT-related disaster recovery plans businesses are likely to encounter:
1. Network disaster recovery plan
The complexity of the network will, undoubtedly, determine the complexity of the disaster recovery plan. Businesses should ensure this network-specific plan outlines a detailed step-by-step recovery procedure, including documenting network hardware models, serial numbers and support information. If configuration settings will be needed for replacement equipment, this must be included as well.
2. Virtualised disaster recovery plan
Virtual machines can include anything from databases to servers, often charged with running an important aspect of business operations. Through virtualisation, a business doesn’t require the reconstruction of a physical machine. Rather, a virtualised environment can allow for application recovery on virtual machines.
3. Cloud disaster recovery plan
This is considered a cost-effective plan, provided there is considerable management involved. Through the cloud-based DR, the cloud providers’ data centre will effectively act as the recovery site rather than the business’ own data centre facilities.
4. Data centre disaster recovery plan
This specialised DR relates exclusively to data facilities, and is hinged on a thorough operational risk assessment to work. Elements such as the physical building security, support personnel, utility providers, and backup power all come into play for this particular DR.
What is included in a disaster recovery plan?
To give a quick overview, for disaster recovery, an organisation will need to:
- Establish the DR team
- Gather the relevant documents
- Establish the scope of recovery
- Review past procedures while identifying emerging threats and adapt
- Get management to approve the new disaster recovery plan
- Test and update the plan
There are many IT professionals that can offer valuable insight and time-saving assistance in outlining and implementing an effective and comprehensive disaster recovery plan. This gives business operators peace of mind that all necessary boxes are ticked in case of any emergency, be it a natural disaster, cyber threat or basic human error.