IT Disaster Recovery Planning [FREE IT DR PLAN TEMPLATE]

September 20, 2017

No matter how big or small your business, it’s probably fair to say that you rely on IT to function. Furthermore, all IT, whether it comes in the form of a mobile device, an email server or a cloud-based application, is susceptible to failure.

From severe storms and forest fires to infrastructure issues and cyber-attacks, businesses of all sizes and types are subject to disasters and disruptions. Moreover, while large companies typically plan for such events, small businesses usually do not have a formal disaster-recovery plan, causing between 40 to 60 percent of them to close their doors after disaster strikes.

Some time ago we wrote a blog post on how to avoid a business IT disaster recovery nightmare and now we are sharing some tips on the hardest and yet the most critical step – Disaster Recovery plan.

 What Is A Disaster Recovery Plan?

Disaster recovery (DR) and business continuity planning are processes that help organisations prepare for disruptive events— whether because of a natural disaster like a hurricane or as a result of technical failures like power outage caused by a backhoe in the parking lot or human factors such as sabotage. A DR plan consists of the policies and procedures that a given entity – in your case, your business – will follow when IT services are disrupted. The following steps will help you organise your thoughts, ask the right questions, and develop the right strategy to build a DR plan that is closely aligned with your business.

1.    Analyse Potential Threats And Design Your Plan For The Most Likely Disruptions

Your DR plan should take into account the complete spectrum of “potential interrupters” to your business. While it’s impossible to prepare for every risk, you can identify those most likely to happen based on industry, technology, geography, and other factors. You should then spell out a recovery plan for each scenario. Of course, not all scenarios are equally likely to occur. So as best you can, try to anticipate which potential disruptors are most probable.

2. Appoint An Employee Recovery Team

A common mistake many organisations make in their DR plans is too much focus on technology and not enough on people and process. Establish a team of employees with essential skills and knowledge and make it clear who will be called into work during a crisis. Teams could be built from specialists such as information technology, operations, and human resources, who can help employees get back up and running remotely or from an alternate location.

3. Define Criticality Of Applications And Data

Before you begin to build out your IT disaster recovery plan, you’ll need to classify your data and applications according to their criticality. Start by speaking to your colleagues and support staff to determine the criticality of each application and data set.

Look for commonalities and group them according to the criticality to your business continuity, a frequency of change, and retention policy. Grouping your data into classes with similar characteristics will allow you to implement a less complex strategy to recover.

4. Document And Communicate Your Plan

In a disaster scenario, you need a documented strategy for how to get back to a working state. This report should be written for the people who will use it.

Clear and transparent communication with employees, customers, and others are essential for maintaining trust and reputation. Establish one point of contact for employee, customer, and supplier communication.

All too often, only one person in the organisation knows the whole picture, leaving the organisation vulnerable if that one person is unavailable during a disaster. Moreover, be sure to store your DR strategy where it can be accessed during a catastrophe — not on public share in your Exchange folders. Ideally, it should be printed and posted in multiple locations.

5. Test Your DR Plan

Merely devising a DR plan isn’t enough, the program needs to be regularly checked, and people need to practice procedures; just like a school prepares its students for fire and emergency drills on a regular basis. If not commonly practiced, the plan is ineffective. No organisation ever gets to perfection with its disaster plan, but practice will help you find and rectify problems in your project, as well as enable you to execute it faster and more accurately. DR plan is useless if it spends most of its life sitting in a drawer somewhere. There’s no point in creating one if you’re not going to allocate sufficient resources to training staff on the existence of the plan, as well as what their roles and responsibilities would be in the event of an IT outage.

6. Evaluate And Update Your Plan

A DR plan should be a living document. It’s especially important to regularly review your plan given the shifting sands of an ever-changing business environment. As time passes and your business grows, you’ll need to accommodate new systems and IT services in your DR plan. Tolerance for downtime and data loss may decline. Key personnel may go on leave or terminate their employment. IT might migrate to new hardware or operating systems. The company might acquire another company. Your planning needs to reflect the current state of the organisation.

7. Be Cyber Secure

Establish steps for IT personnel to take if your company experiences a data breach or needs to keep networks secure as remote workers log-in externally.

While no one likes to think about disasters, planning can make the difference between moving your business forward and shuttering it because of losses. Create a plan today to ensure that your company can bounce back after a disaster.

Structuring The Perfect Disaster Recovery Plan

Most business DR plans follow a similar structure, encompassing definitions, duties, step-by-step response procedures and maintenance activities. The IT DR plan should outline the steps that need to be followed to re-establish services, whom they have to call, as well as the level of technical expertise that is required at each stage of recovery. The plan needs to provide guidance not only to IT Management but also to other senior management and staff who may be involved in the recovery. Thus, a program needs to be written so that non-technical people can understand it and know the processes to follow.

At the center of most DR plans should be two all-important KPIs, which are typically applied individually to different IT services: recovery point objective (RPO) and recovery time objective (RTO). Don’t be confused by the jargon, because they’re very simple:

  • RPO: The maximum age of a backup before it ceases to be useful. If you can afford to lose a day’s worth of data in a given system, you set an RPO of 24 hours.
  • RTO: The maximum amount of time that should be allowed to elapse before the backup is implemented and normal services are resumed.

 

With a well-designed, well-tested disaster recovery plan in place, you can ensure that the impact on your business’s bottom line will be minimal when catastrophe hits. Unfortunately, it’s not always a walk in the park to create an effective DR plan, particularly when you’re only a small business. Doing it well requires time, knowledge, and expertise, and measuring ROI can be difficult. Luckily, help is available, we’ve prepared a template that covers disaster recovery planning for your business. All you need to do is download it here

 

Want to read more? Here’s some articles you might find interesting:

Categorised in: