A disaster can hit your organization at any time, causing disruptions and even downtime to your business. According to research from Spiceworks, 27 percent of organizations that experienced one or more outages in the last 12 months reported loss of business revenue as a result. When disaster strikes, an organization needs a disaster recovery plan in place to ensure restoration of services as soon as possible. Here are 5 steps to creating a disaster recovery plan.
1. Identify Critical Assets
Your IT infrastructure is comprised of several types of resources and processes that make up the core of your business. To ensure they stay protected, you need to identify your assets and prioritize the most critical ones.
Start by taking an inventory of your managed assets, such as your servers, devices, data, etc. Take stock of where they are located and what data each asset holds. This will help you identify the most critical assets.
2. Conduct a Risk Assessment
Once you’ve determined your critical assets the next step is to understand the threats to these assets, the potential impacts the threats have to your business and the likelihood they will occur. These threats can range from a wide variety of things such as a natural disaster or a power outage.
To best understand the threats in your infrastructure, it’s best to conduct a risk assessment. Risk assessments help identify gaps that would negatively impact an organization. The results of a risk assessment should help guide your planning on how to best protect your business during a disaster.
3. Outline Recovery Objectives
Each aspect of your infrastructure will have a different recovery objective depending on its impact on your business. Defining your recovery objectives is a crucial part of your disaster recovery plan because it involves the availability of your infrastructure. This is the bulk of your strategy so it’s important that you get it right. Your IT department should work with key business managers to ensure that each IT asset is given the proper recovery objective that best suits the business. This is crucial in helping your business recover in the event of a disaster.
Recovery objectives are defined in two ways:
1. Recovery time objective (RTO): The maximum of time your systems can be unavailable. In other words, how much loss can you take if X application was unavailable? Would you lose a significant amount of revenue? What happens if your employees or customers can’t access your services? Your RTO is crucial for determining the features you need in your data backups.
2. Recovery point objective (RPO): The maximum amount of data loss your organization can stand to lose. For example, if you backup your data at midnight but a disaster occurs at 9 am the following morning, you would have lost about 9 hours of data. If your RPO is less than 9 hours of data, your business might not be able to handle that data loss. RPO is useful for determining how often you should backup your data.
4. Communicate Your Plan
While IT might be in charge of your overall infrastructure, they shouldn’t be the only department privy to your disaster recovery plan. All department heads should be aware of your disaster recovery so that they can act accordingly in event of a disaster. For example, you may get an increase of calls from customers if they are unable to access an application. In this case your communications department should spring into action to notify customers of problems and to update them periodically. Having other departments involved in your disaster recovery plan can also help you determine other business impacts you may not have thought about.
5. Test and Update Your Plan
In the event of a disaster you want to make sure that you will be able to recover efficiently and as soon as possible. While things often go awry in an actual disaster, it’s still best to test the plan beforehand to ensure the plan can work as intended. Practice will also help you spring into action faster because people often panic during a disaster. Testing the entire plan at once might not be feasible so you can break up aspects of your plan and test them in increments.
Once you’ve tested your plan you can determine which parts work and fix the parts that need to be improved. It’s important to always update your plan so that it reflects your current infrastructure.
For more information on our backup solutions, visit our Store IT product page.