Writing a Disaster Recovery Plan
The only way to effectively recover from an IT disaster is to have a detailed plan in place. Firstly because disaster recovery requires preparative procedures carried out on a regular basis, and secondly because the last thing you need in a disaster is to come up with solutions on the fly.
But where do you start?
The first stage is identifying where the risks and weak points are. The key questions to ask are:
- Which IT services are critical to day-to-day business?
- What possible threats are there to these services?
- How long can you afford for these services to be down? Or, how quickly do you need to get them back up for business continuity?
- How far back must files and systems go? Or, how often do back-ups need to be made?
The answers to these questions will logically dictate the majority of your plan. For example, if for business continuity you need files to be an hour old at most, you must have a system that backs up every hour. And that dictates what kind of storage you use – external hard drives, off-site servers, or removable media.
The next stage is to develop a strategy for each identified threat in each department. Take into account people, physical facilities, technology, data and suppliers.
This means designing strategies that consider the needs of workers as well as the availability of help or substitutes. What facilities are required and what may be available, similarly for technology. How quickly, how much and what data needs to be restored. And what suppliers can provide in terms of replacement parts, technology or even people (such as contractors).
For example, if the security system goes down, the appropriate response would be to deploy security guards at strategic points while the system is evaluated as to what needs replacing. Replacements then need to be sourced and implemented. This needs to be broken down into where to source the guards, who will brief them, where they need to be, who will troubleshoot the system, order the replacements, where from, and who will install once obtained.
Once the strategy has been defined, it should be broken down into a step-by-step process so there is a definite procedure to be followed. There should be no room for uncertainty as to who does what, when and in which order.
It’s important to not only define who is responsible for what in any given situation, but that there is a back-up should they not be available.
Finally, the plan will be for nothing if nobody is aware of it. Naturally the individuals involved need to be aware. But all employees should have at least a basic knowledge of the disaster recovery plan in their department, so they know what events trigger the plan, and who to report to.
IT disaster can ruin a business. Be prepared, talk to us about disaster recovery today.