How to create an effective Disaster Recovery Plan

The importance of a disaster recovery plan –

Organizations today face a great many challenges. Some of these are natural disasters like floods, and fires, while others can be power outages, data thefts, among others.

The loss of data in any of these circumstances can cripple a business’ operations, leaving it unable to compete effectively in the market.

How can you protect your company from these worst-case situations, and set up safeguards for your data? Create and deploy a disaster recovery plan.

A DR plan is a well-developed strategy that details procedures to be followed in case of multiple disruption scenarios. Here we share the steps you can follow to create an effective, robust DR plan.

Evaluate and prioritize your IT assets –

Begin by taking stock of all your current IT inventory. List all your assets such as servers, network appliances, switches, devices, as well as applications. Next, map them with their physical location, network, vendor technical support information and contacts.

It is also important to classify these assets based on their criticality and then group them into segments on the basis of commonalities. This will help create a prioritized order of asset categories to be recovered.

Conduct a risk analysis –

After mapping out all IT assets, make a list of probable disruption scenarios. This list should span across all events – natural disasters, internal risks, cyber threats, etc. and detail the probability, expected impact and costs corresponding to each. A holistic view of both risks and impacts together will enable better decision-making for leadership.

Define your objectives –

Follow up your business impact analysis/evaluation with a setup of the key metrics for the recovery period. Evaluate and arrive at an acceptable amount of downtime per risk, along with the expected costs that will be incurred. Two important parameters to be kept in mind, are ‘Recovery Point Objective (RPO)’ and ‘Recovery Time Objective (RTO)’.  These are defined as –

• Recovery Point Objective:
  RPO is the maximum acceptable amount of data loss your business can afford, measured from the time of the disaster. It is usually the age of the data backup taken and decides the backup method the organization will use, such as weekly or daily backups, real-time syncing of data, etc.
• Recovery Time Objective:
  RTO, on the other hand, is the duration of time that the applications can be unavailable, without affecting the business significantly. The RTO represents the amount of time it takes for the business to recover to its pre-disaster state.

 To determine the RPO and RTO per application in your organization, ask questions of your management team.   These can be:

• What applications and datasets do the different departments use and how can they be restored?
• What is the acceptable amount of downtime and data loss for each?
• How much data do you need to retain per application and per department?
• Is there a data retention policy in place for our industry, organization or region?
• Are there any regulations regarding data storage in a particular location, region?
•  

Define roles and responsibilities –

A good plan should have a disaster recovery team with clearly mapped out roles and responsibilities they will take up in the event of a disaster.  Defining unambiguous tasks for your team members will make them effective in the event of a disruption.

This will help reduce any inefficiency and loss of time in response. The DR committee should not only be limited to entry-level or IT employees. A cross-functional and multi-level team should be put in place, one that includes representatives from the HR, marketing, operations, etc.

Identify procedures –

Once you have documented the assets, priorities/objectives and team, it is critical to identify the tools/procedures you will deploy. Use techniques on the basis of how critical the dataset/application is for your business/department. For example, daily backups using file-based methods is appropriate for low-risk data but is insufficient protection for critical data systems. Similarly, a complex solution such as CDP would be more suitable for high-risk data.

Another point to consider is the selection of a disaster recovery site. A disaster recovery site is a remote location that a business uses to restore its data and operations to normalcy, till the original location is restored. DR sites can be of the three types:

• Cold site: A cold site is an office location with only the bare basics in place – cooling, communication equipment. This takes longer to set up but is the most affordable option.
• Hot site: A hot site, on the other hand, is an almost identical copy of the primary office. It has the same hardware, software and networks as the affected site, and a real-time backup of all data affected. It is the most expensive option.
• Warm site: A warm site is a mix of the two. While it has more types of equipment in place than a cold site, it cannot function at the same level as a hot site. The data backups are weekly or daily, which can lead to a little data loss.

Set up a communication plan –

When responding to a crisis, a communication plan is essential. Document and share a good communication plan to all responsible members. Create physical copies of this written strategy, as in case of disasters, the usual methods of communication such as phones and emails might get disrupted. If possible, print and post the document across your office spaces/locations. 

Test and update the plan –

Disaster recovery plans need to be tested thoroughly in order to become effective. Simulate multiple scenarios and see how the procedures and team members respond to each threat. Make sure all involved employees attend practice sessions and provide feedback. You can then use these points to further revise and streamline the DR plan.

Get hands-on help with your DR strategies today. We are one of the fastest-growing IT solutions distributors in MEA, with disaster recovery and data centre specialists who can help. Reach out to us at marketing@hiperdist.ae.