They’re called Disaster Recovery Plans, but perhaps they should be called Disaster Recovery Pre-Plans instead. Nearly all the work is done months -even years- before the disaster actually happens. The plan needs to be in place, ready to roll, whenever an accident might occur.
Creating a disaster recovery (DR) plan requires substantial legwork, but it’s absolutely necessary for a business today. As operations increasingly require a functioning network and reliable data storage to function, their disaster planning has to keep pace.
6 Steps To Forming A Solid DR Plan
1 – Select Personnel.
A DR plan will touch on all operational areas, so you’ll want more than one person -preferably several- who are all attached to the project. Ideally, these are people with a better-than-average understanding of the “big picture” of your business. IT staff will of course be involved, but HR, Budgeting, and Operations Management will need to have input as well, at the least.
2 – Conduct A Business Impact Analysis
Broadly speaking, this answers the question, “What systems can we least afford to lose?” Through departmental interviews and systemic overviews, a good DR plan identifies and targets the most critical systems required for continuity of business. As an obvious example, if your business uses a central server/controller for their network, that server MUST be kept operational and/or backed up at a different location.
This analysis will necessarily also include cost figures on the per-minute/hour/day expenses associated with downtime.
DR can theoretically protect/back up all systems within a company, but costs pile up for every additional layer of security. If your company can live without something for a day, it probably doesn’t need disaster recovery protections.
3 – Conduct A Risk Assessment
Having identified your key systems / departments / people, the next step is realistically assessing risk factors that could lead to these systems’ disruption. These could include, but are certainly not limited to:
- Physical security
- Network / computer security
- Likelihood of “hack attacks” or other intrusions
- Likelihood of large-scale natural disaster
- HR / Employee termination policies. (A commonly-overlooked risk factor.)
- Adequacy of current backup solutions.
In short, after steps two and three, you should have the puzzle pieces in place for creating an effective DR plan. Having identified your key systems and the most likely reasons they could be disrupted, you know what areas to focus your DR on.
An optimized, cost-efficient DR plan seeks to minmax your protections, and prevent unnecessary costs. You’re targeting the most necessary systems, and implementing solutions to protect against the most likely sources of disruption.
4. Find Your RTO and RPO
We’ll cover these more in-depth in future blogs, but your RTO and RPO are the other critical elements to determine. In brief, these are:
Recovery Point Objective (RPO): How much data can you afford to lose? If your RPO is “four hours,” that basically means your data is backed up every four hours, but in the case of a data disaster, anything less than four hours old will be lost. RPOs can range from days to minutes, depending on the importance of the system and what you’re willing to pay for protections.
Recovery Time Objective (RTO): How long can your operations last without access to power / data / networking? Your RTO is the maximum amount of time it should take to restore working operations, even if in a temporarily reduced form.
5. Source Solutions
At this point, you have everything you need to put a solution in place. Largely, the technology will be dictated by previous determinations. This is where an experienced networking specialist can be invaluable. If you have the above information, they can quickly build solutions that will meet your business needs.
6. Test And Retest
Finally, any good DR plan must be accompanied by regular tests, audits, and readiness drills. We recommend this happen at least twice a year, to ensure all your systems are still working as intended. You never know when an actual data disaster will happen, so you have to know your DR systems are ready.