Around half of all businesses fail when a serious problem strikes and they don’t have a disaster recovery plan. Those that survive often endure serious pain, both financially and through damage to their strategic plans. In a recent survey, eight out of ten businesses put IT problems at the top of their list of business disaster risks. Over half put security threats as their top concern (malware, ransomware), while hardware failure and data corruption are also serious worries. Helping to protect your business, by creating an IT disaster recovery plan, means identifying the main risks, the potential solutions, and what preparations you can make now.

Be clear about who is responsible for disaster recovery planning and action

A senior member of your business team needs to take ownership of disaster recovery planning and have authority to initiate disaster recovery action. Review these responsibilities and the plan annually to ensure they’re in line with how the business currently operates.

Identify risks to the business

A risk analysis, or business impact analysis, highlights areas of IT you need to focus on. Go beyond the obvious such as fire, flood and theft. Consider the implications of events such as:

• Losing a key team member with no notice – perhaps due to sickness or accident.
• A cybercrime attack locking you out of your systems and data.
• A major IT problem occurring when your support team is at its weakest due to holidays.

Consider a range of situations to ensure you cover the majority of risks. Also, quantify the impact on the business of something going wrong, such as:

• Your website going down for 24 hours or longer.
• Your online banking system being unavailable for 24 hours or more.
• Your customer data being leaked online.

Assessment of risk includes estimating the likelihood of a problem occurring. This is why cybercrime is the leading concern, because it’s affecting so many organisations right now.

Establish recovery time objectives

Having established risks to your IT systems, now identify how quickly you need to recover the situation before your business is seriously impacted. A firm of accountants may be able to tolerate a website outage for a few days, while an online retailer could suffer serious loss if it’s down for a few hours. Establish recovery points for your business data. That is, how many hours of data can you afford to lose? This determines how often data is backed up and the most appropriate restore mechanisms. Would your business be seriously compromised if it lost the last 24 hours of data? Or the last 12 hours? Or 4 hours? Understanding this will help you determine an appropriate recovery point. The recovery point may vary for different types of data.

Develop strategies for disaster recovery

Your IT disaster recovery plan needs three distinct strategies:

• Prevention strategy
• Response strategy
• Recovery strategy

Each of these strategies requires its own plan. Prevention strategy This is about taking steps to avoid an IT disaster. Having identified the risks and their potential business impact, put measures in place to reduce the chance of a problem occurring. This may include testing and audit by a third party. Response strategy Should something go wrong, despite all the preventative measures you’ve taken, you need a plan for dealing with the short-term issues that could arise after a disaster. This plan enables the business to recover the agreed minimum level of operation as quickly as possible. Recovery strategy Having established this minimum level of operation through the response strategy, your recovery process takes you back to where you were before the disaster occurred. Identify opportunities for implementing planned strategic enhancements earlier than anticipated, such as bringing forward hardware or software upgrades. Learning from a disaster recovery experience allows you to be even better prepared for the future. The recovery strategy should also include a review process to help you identify gaps in your pre-disaster planning and actions that did not go as planned, along with any innovations during response and recovery that provided unexpected short-cuts or benefits.

We help our clients with disaster recovery planning

Those responsible for leadership in many organisations are increasingly recognising the importance of disaster recovery planning. We’re helping our clients implement the strategies that they need. To learn more about how we can help you with IT disaster recovery planning, give us a call on 0345 051 0600 or email enquiries@itsupport365.co.uk. We would be pleased to have a no-obligation conversation with you. Alternatively, you can follow us as we share news on Twitter, Facebook and LinkedIn. It’s never too early to start work on your disaster recovery plan. Having good intentions of creating a plan aren’t enough, as demonstrated by the many businesses which failed because they didn’t have one.