Around half of all businesses fail when a serious problem strikes and they don’t have a disaster recovery plan. Those that survive often endure serious pain, both financially and through damage to their strategic plans. In a recent survey, eight out of ten businesses put IT problems at the top of their list of business disaster risks. Over half put security threats as their top concern (malware, ransomware), while hardware failure and data corruption are also serious worries. Helping to protect your business, by creating an IT disaster recovery plan, means identifying the main risks, the potential solutions, and what preparations you can make now.
Be clear about who is responsible for disaster recovery planning and actionA senior member of your business team needs to take ownership of disaster recovery planning and have authority to initiate disaster recovery action. Review these responsibilities and the plan annually to ensure they’re in line with how the business currently operates.
Identify risks to the businessA risk analysis, or business impact analysis, highlights areas of IT you need to focus on. Go beyond the obvious such as fire, flood and theft. Consider the implications of events such as:
- Losing a key team member with no notice – perhaps due to sickness or accident.
- A cybercrime attack locking you out of your systems and data.
- A major IT problem occurring when your support team is at its weakest due to holidays.
- Your website going down for 24 hours or longer.
- Your online banking system being unavailable for 24 hours or more.
- Your customer data being leaked online.
Establish recovery time objectivesHaving established risks to your IT systems, now identify how quickly you need to recover the situation before your business is seriously impacted. A firm of accountants may be able to tolerate a website outage for a few days, while an online retailer could suffer serious loss if it’s down for a few hours. Establish recovery points for your business data. That is, how many hours of data can you afford to lose? This determines how often data is backed up and the most appropriate restore mechanisms. Would your business be seriously compromised if it lost the last 24 hours of data? Or the last 12 hours? Or 4 hours? Understanding this will help you determine an appropriate recovery point. The recovery point may vary for different types of data.
Develop strategies for disaster recoveryYour IT disaster recovery plan needs three distinct strategies:
- Prevention strategy
- Response strategy
- Recovery strategy