Life is known for its unexpected challenges, and everyone should have a backup plan if something goes wrong. A backup plan is particularly important to save yourself from unnecessary trouble and help you to be ready for any circumstances.
Having a disaster recovery plan (DRP) not only helps organisations survive when a crisis happens, but it also helps to contain the situation with maximum speed, and more importantly, minimum cost and effort.
Unfortunately, many business owners assume that they will be fine just because they have never faced a catastrophe yet. Well, as Steven Cyros says: “When disaster strikes, the time to prepare has passed.”
Now we shall get into it. A disaster recovery (DR) is the ability to provide important information technology (IT) and telecommunication capability for a pre-determined period of time by an organisation which is disrupted by a disaster or an emergency.
The DR helps to resume the disrupted IT and telecommunication capabilities to ensure that the business can continue within planned levels of disruption. Thus, the creation of a disaster recovery plan is vital for the success and safety of any business. The following is a discussion of the importance of a Disaster Recovery Plan, the elements that make up a DRP, and six critical steps required to create a successful one.
The importance of a disaster recovery plan
A disaster recovery plan can prevent your organisation from going out of business. According to the U.S. Federal Emergency Management Agency (FEMA), 40 per cent of organisations never recover from a natural disaster. Even if your company stays afloat, the consequences of a major disaster may include:
- Damaged reputation
- Loss of data
- Loss of revenue
- Reduced employee productivity (Mulligan, 2020)
Read more: Data protection - Are passwords obsolete?
The aim of DRP is the survival of an organisation. From a DRP perspective, a business without a DRP has little chance and time to survive1. DRP is gaining more recognition in several standards and regulations in recent years.
For instance, the PCI DSS (Payment Card Industry Data Security Standard). Although this is not a government’s issued legislation, a DRP is required by almost every merchant and financial services firm. Or the international standard for security management, ISO27001, suggests the use of a DRP, hence, several organisations require IT service providers to be compliant with this regulation1.
Additionally, the use of a DRP can improve the overall business process through the use of advanced technology to make systems more consistent and less disruptive. Also, it provides higher quality services; both for the company itself and to its supply-chain partners and its customers. Lastly, it gives the company an overall competitive advantage as the use of a good DRP allows the company to claim a “higher availability and reliability of its services”1.
Elements of a disaster recovery plan
A disaster recovery plan (DRP) is a highly organised documented strategy that “describes how an organisation can quickly resume work after an unplanned incident”2. It is an essential part of a business continuity plan (BCP), assisting the company in the recovery of system functionality and data loss so everything can perform perfectly in the aftermath of an incident.
Typically, disaster recovery planning involves an analysis of business processes and continuity needs. Before generating a detailed plan, an organisation often performs a business impact analysis (BIA) and risk analysis (RA) and establishes recovery objectives2.
Some types of disasters that organisations can plan for include:
- Application failure
- Communication failure
- Data centre disaster
- Building disaster
- Citywide disaster
- Regional disaster
- National disaster
- Multinational disaster
Recovery strategies define an organisation's plans for responding to an incident, while disaster recovery plans describe how the organisation should respond. Recovery plans are derived from recovery strategies. In determining a recovery strategy, organisations should consider such issues as:
- Insurance coverage
- Resources -- people and physical facilities
- Management's position on risks
- Compliance requirements
Steps involved in creating a disaster recovery plan
There are several guidelines that one can follow to create a DRP, such as a list of hardware and software ranked in order of priority, a list stating who is responsible for what, and the identification of backup employees. Additionally, one should always test their DRP regularly to ensure that it is as best as it could be. Furthermore, there are several steps required to create a successful DRP.
1. Create an inventory list
Every company should know exactly which IT resources—systems, hardware, and software—are used to run the business. In addition to a simple inventory management system, it can be helpful to add different scenarios to your IT disaster recovery plan. Ask yourself, which systems would be affected in the event of a flood, hurricane, fire, or power outage on your premises?
2. Establish a recovery timeline
Once you’ve documented your IT inventory, you can decide on the acceptable recovery goals and timeframes by which certain systems need to be back in operation. Industries such as healthcare may have a recovery timeline of mere minutes, while other industries may find longer timelines to be tolerable.
Before a disaster strikes, get information from key stakeholders. Everyone should understand which IT operations are potentially affected, what would happen next, and who would be responsible for resolving the issues. Ask employees how their work would be impacted if certain systems or networks were unavailable for a while. You should also create a plan for communicating with your staff in the event of a power or Internet outage.
4. Back up your data
Your options for data backups include cloud storage, internal off-site data backups, and vendor-supported backups. Maintaining your backups physically on-premises is not acceptable due to the risk of a natural disaster. Both physical and cloud backups have their risks. Working with a trusted managed services partner can help you weigh the issue and decide which is the better option for your circumstances.
Data backup and recovery should be an integral part of the business continuity plan and information technology disaster recovery plan. Developing a data backup strategy begins with identifying what data to backup, selecting and implementing hardware and software backup procedures, scheduling and conducting backups, and periodically validating data to ensure it has been properly stored3.
5. Consider insurance
Purchasing catastrophe insurance as part of a disaster recovery plan can be an interesting option if you’re worried about the costs of recovery. This means not just replacing your IT equipment, but examining the broader consequences and losses following a disaster. If this idea appeals to you, please consult with an insurance professional.
6. Test your disaster recovery plan
Your IT disaster recovery plan should be tested at least once, and preferably twice, per year. After not testing their plan for several years, one of our clients discovered that all of their drives failed to restore. If this had occurred during a real disaster, the data would have been lost forever. Any gaps that you identify during these tests should be documented extensively for further investigations and mitigations. Work with a trusted managed service provider to learn about your options for remediation4.
From the above examples, it is clear that a DRP is an essential that every company must have at their disposal. Ultimately, a DRP can save a company from disaster both by providing a recovery plan that is quick and efficient as well as by showing professionalism and high business etiquette.
At TRG, we solve business problems, take a consultative approach to every client engagement, and find actionable solutions that will help your organisation achieve the best business outcomes. Talk to us and explore the various Digital Advisory services we have in store for you today!
1. Gregory, P. and Rothstein, P., 2013. It Disaster Recovery Planning For Dummies. Hoboken, N.J.: John Wiley & Sons.
2. Rouse, M., 2020. What Is A Disaster Recovery Plan (DRP) And How Do You Write One?. [online] SearchDisasterRecovery. Available at: <https://searchdisasterrecovery.techtarget.com/definition/disaster-recovery-plan> [Accessed 7 August 2020].
3. The Department of Homeland Security, 2018. IT Disaster Recovery Plan. [online] Available at: <https://www.ready.gov/business/implementation/IT> [Accessed 7 August 2020].
4. Mulligan, B., 2020. 10-Step Disaster Recovery Plan For Your IT Department. [online] Kelsercorp.com. Available at: <https://www.kelsercorp.com/blog/10-step-disaster-recovery-plan-it-department> [Accessed 7 August 2020].