What would you do if a storm flooded your data center? Or how would you respond if a power outage blacked out your servers? How would you recover your data and keep the business running after an unforeseen disaster? When disasters strike unprepared companies the consequences range from prolonged system downtime and the resulting revenue loss to the companies going out of business completely, yet many IT shops are not prepared to deal with such scenarios.
The key to surviving such an event is a business continuity strategy, a set of policies and procedures for reacting to and recovering from an IT-disabling disaster and the main component of a business continuity strategy is a disaster recovery plan (DRP). Let’s walk through the basics of creating an effective DRP.
Step 1: Risk Analysis
List all the possible risks that threaten system uptime and evaluate how imminent they are to your business. Anything that can cause a system outage is a threat, from relatively common manmade threats like virus attacks and accidental data deletions to more rare natural threats like floods and fires. Determine which of your threats are the most likely to occur and prioritize them using a simple system: rank each threat in two important categories, probability and impact. In each category, rate the risks as low, medium, or high.
Step 2: Establish the Budget
Remember; dollars spent in prevention are worth more than dollars spent in recovery. A good place to begin is by presenting the cost of downtime to the business. How long can your business afford to be without its computer systems should one of your threats occur?
Ultimately, the business operations unit decides which threats the business can tolerate. When developing a DRP, IT departments are "shooting in the dark without those business indications." Both IT and the business units must agree on which data and applications are most critical to the business and need to be recovered most quickly in a disaster.
Step 3: Develop the Plan
Calculate the amount of time it would take to execute the recovery plan and have the business back up. The recovery procedure should be written in a detailed plan or "script." Establish a Recovery Team from among the IT staff and assign specific recovery duties to each member. Define how to deal with the loss of various aspects of the network (databases, servers, bridges/routers, communications links, etc.) and specify who arranges for repairs or reconstruction and how the data recovery process occurs. The script will also outline priorities for the recovery: What needs to be recovered first? What is the communication procedure for the initial respondents? To complement the script, create a checklist or test procedure to verify that everything is back to normal once repairs and data recovery have taken place.
Step 4: Test, Test, Test
Test your DRP frequently. Eventually you'll need to perform a component-level restoration of your largest databases to get a realistic assessment of your recovery procedure, but a periodic walk-through of the procedure with the Recovery Team will assure that everyone knows their roles.
As your business environment changes, so should your DRP. Reexamine the plan every year on a high level: As applications, hardware, and software are added to your network, they must be brought into the plan. New employees must be trained on recovery procedures. New threats to business seem to pop up every week and a sound DRP takes all of them into account.
Should you have any questions or would like additional information, please contact TBNG Consulting at firstname.lastname@example.org or at 855-512-4817.