Disaster Recovery Plan – Ensuring your Business Bounces Back
Disaster recovery in IT encompasses various types of measures which can be included in a disaster recovery plan (DRP). Disaster recovery planning is a subset of a larger process known as business continuity planning and includes planning for resumption of applications, data, hardware, electronic communications (such as networking) and other IT infrastructure.
How Is Disaster Recovery Performed?
- An analysis of all potential threats and possible reactions to them
Your DR plan should take into account the complete spectrum of “potential interrupters” to your business, advises Phil Goodwin, research director of data protection, availability and recovery for research firm IDC. (IDC is part of IDG, which publishes CSO.)
- A business impact analysis (BIA)
To effectively determine DR priorities, put each major information system through a business impact analysis, recommends Mark Testoni, president and CEO, SAP National Security Services, Inc.
“A common mistake many organizations make in their DR plans is “too much focus on technology and not enough on people and process,” Goodwin says. “IT is an enabler. Never forget you’re not just recovering data and servers.” He recommends thinking about how to build a DR plan in the context of your entire organization. “What behaviors will you need from your user community? What do they need to get up and running again after a disaster?”
Also, identify by name the critical people charged with responding to a crisis, says John Iannarelli, a security consultant and speaker and former member of the FBI Cyber Division. Make sure you have their email, cell and home numbers. Make it clear who will be called in to work during a crisis. Know who you’ll call for help, such as law enforcement, and if possible, establish a relationship with authorities before a disaster strikes. And decide in advance who will speak for your company to the victims, clients and employees in the event of a disaster. “Know what you plan to say, how much you plan to reveal, and how you’ll reassure those who might be nervous of continuing business with your company,” he adds.
Another big mistake organizations make is not updating their disaster recovery plans after changes are made to their internal systems, such as major software updates, notes Mark Jaggers, a Gartner research director focused on IT infrastructure strategies. Your plan isn’t complete unless it takes into account all the technologies, systems and applications currently in use.
“Identify what’s most important,” recommends Iannarelli. “Not everything in your business is worth saving or needs to be protected. Your proprietary information, of course, is. But any info that is for public release is not as important. Think of it as if your house were on fire. What would you grab as you run out the door?”
- Regular practice drills
“Just having a DR plan isn’t enough, the plan needs to be regularly tested, and people need to practice procedures, just like a school prepares its students for fire and emergency drills on a regular basis. If not regularly practiced, the plan is ineffective.”
- A consideration of DRaaS
The growing practice of moving data operations into the cloud has helped give rise to disaster recovery as a service (DRaaS). These on-demand services from providers such as iland and IBM have made DR easier and more economical, which in turn is enabling more organizations to be better prepared for disasters, Goodwin says.
Need some assistance in planning and executing disaster recovery for your business? Click here to get in touch with us today!
h/t to csoonline for the great info!