As you may already know, not all disaster recovery (DR) plans are created equal. Outages will happen, it’s just a matter of when and how prepared you are to deal with them. With the help of a few disaster recovery experts, we wanted to share their words of wisdom for creating an effective DR plan.
The following guidelines will help you create a plan that will allow for a quick recovery when the next natural disaster, hardware/software failure, or human error occurs.Inventory all hardware and software – your DR plan should include a complete inventory of hardware and software applications in priority order. Each item should have the vendor technical support contract information and contact numbers.
Define your tolerance for downtime and data loss – this is the starting point of your planning. Figuring out where you are on the downtime tolerance spectrum will determine what type of solution you will need and how much your company should spend on DR.
Evaluate what an acceptable recovery point objective (RPO) and recovery time objective (RTO) is for each set of applications. By properly identifying these two metrics businesses can prioritize what is needed to successfully survive a disaster, ensure a cost-effective level of disaster recovery and lower the potential risk of miscalculating what they’re able to recover during a disaster.
Divide your applications into three tiers - tier 1 should include the applications you need immediately. These are the mission-critical apps you can’t do business without. Tier 2 covers applications you need within 8 to 10 hours, even up to 24 hours. They’re essential, but you don’t need them right away. Tier 3 applications can be comfortably recovered within a few days.
Lay out who is responsible for what – and identify backup personnel. All disaster recovery plans should clearly define the key roles, responsibilities and parties involved during an event. Among these responsibilities must be who makes the decision to declare a disaster. Having clearly identified roles will garner a universal understanding of what tasks need to be completed and who is responsible for what. This is especially critical when working with a third-party vendor.
One final consideration is to have a succession plan in place with trained back-up employees in case a key staff member is on vacation, in a place where they cannot do their part, or leaves the company.
Create a communication plan – one of the more overlooked components of a disaster recovery plan is having a good communication plan. In the event a disaster strikes, how are you going to communicate with your employees? Do your employees know how to access the systems they need to perform their job duties during a DR event?
The usual communication platforms (phone and email) may be affected and alternative methods of contacting your employees will be needed. A good communication plan will account for initial communications at the onset of a disaster as well as ongoing updates to keep staff informed throughout the event.
A good disaster recovery plan should also include a statement that can be published on your company’s website and social media platforms in the event of an emergency. Be prepared to give your customers timely status updates on what they can expect from your business and when. If your customers understand that you are aware of the situation, you are adequately prepared and working to take care of it in a timely manner, they will feel much better.
Let employees know where to go in case of emergency – and have a backup work site. Many firms think that the DR plan is just for their technology systems, but they fail to realize that people (i.e., their employees) also need to have a plan in place. Have an alternate site in mind if your primary office is not available. Ensure that your staff knows where to go, where to sit and how to access the systems from that site.
In the event of a disaster, your team will need an operational place to work, with the right equipment, space and communications. That might mean telework and other alternative strategies need to be devised in case a regional disaster causes power outages across large geographies. Be sure to note any compliance requirements and contract dedicated work space where staff and data can remain private.
Make sure your service-level agreements (SLAs) include disasters/emergencies – if you have outsourced technology or systems, make sure you have a binding agreement with your vendors that define their level of service in the event of a disaster. This will help ensure that they start working on resolving your problem within a specified time. Agreements should address the time frame for getting systems back up and running. For more tips on provisions for IT service contracts, see our blog post on the topic.
Include how to handle sensitive information – defining operational and technical procedures to ensure the protection of sensitive information is a critical component of a DR plan. These procedures should address how sensitive information will be maintained and accessed when a DR plan has been activated.
Test your plan regularly – If you’re not testing your DR process, you don’t have one. Your backup hardware may have failed, your supply chain may rely on someone incapable of dealing with disaster, your internet connection may be too slow to restore your data in the expected amount of time, the DR key employee may have changed their cell phone number. There are a lot of things that may break a perfect plan. The only way to find them is to test it when you can afford to fail.
Fortunately, recovery assurance technology now exists that is able to automate DR testing without disrupting production systems and can certify RTO and RPO targets are being met for 100% confidence in disaster recovery even for complex n-tier applications.
This blog content was powered by a CIO online article. Here is the original post for all the source info.
Need an easy to spin up, cost-effective DR service? Here’s a free infographic explaining the benefits of Disaster-Recovery-as-a-Service (DRaaS).