Disaster Recovery Planning2 February 2017
A senior member of your business team needs to take ownership of disaster recovery planning and have authority to initiate disaster recovery action.
Review these responsibilities and the plan annually to ensure they’re in line with how the business currently operates.
A risk analysis, or business impact analysis, highlights areas of IT you need to focus on. Go beyond the obvious such as fire, flood and theft. Consider the implications of events such as:
Consider a range of situations to ensure you cover the majority of risks.
Also, quantify the impact on the business of something going wrong, such as:
Assessment of risk includes estimating the likelihood of a problem occurring. This is why cybercrime is the leading concern, because it’s affecting so many organisations right now.
Having established risks to your IT systems, now identify how quickly you need to recover the situation before your business is seriously impacted.
A firm of accountants may be able to tolerate a website outage for a few days, while an online retailer could suffer serious loss if it’s down for a few hours.
Establish recovery points for your business data. That is, how many hours of data can you afford to lose? This determines how often data is backed up and the most appropriate restore mechanisms.
Would your business be seriously compromised if it lost the last 24 hours of data? Or the last 12 hours? Or 4 hours? Understanding this will help you determine an appropriate recovery point. The recovery point may vary for different types of data.
Your IT disaster recovery plan needs three distinct strategies:
• Prevention strategy
• Response strategy
• Recovery strategy
Each of these strategies requires its own plan.
This is about taking steps to avoid an IT disaster. Having identified the risks and their potential business impact, put measures in place to reduce the chance of a problem occurring. This may include testing and audit by a third party.
Should something go wrong, despite all the preventative measures you’ve taken, you need a plan for dealing with the short-term issues that could arise after a disaster. This plan enables the business to recover the agreed minimum level of operation as quickly as possible.
Having established this minimum level of operation through the response strategy, your recovery process takes you back to where you were before the disaster occurred. Identify opportunities for implementing planned strategic enhancements earlier than anticipated, such as bringing forward hardware or software upgrades.
Learning from a disaster recovery experience allows you to be even better prepared for the future. The recovery strategy should also include a review process to help you identify gaps in your pre-disaster planning and actions that did not go as planned, along with any innovations during response and recovery that provided unexpected short-cuts or benefits.
Those responsible for leadership in many organisations are increasingly recognising the importance of disaster recovery planning. We’re helping our clients implement the strategies that they need.
To learn more about how we can help you with IT disaster recovery planning, give us a call on 0808 168 9135 or email firstname.lastname@example.org. We would be pleased to have a no-obligation conversation with you.
Alternatively, you can follow us as we share news on Twitter, Facebook and LinkedIn.
It’s never too early to start work on your disaster recovery plan. Having good intentions of creating a plan aren’t enough, as demonstrated by the many businesses which failed because they didn’t have one.