How prepared is your organization for a disaster? What types of disasters has your business planned for? What policies and procedures does your organization have in place to maintain an effective Disaster Recovery Plan (DRP)? If your organization has a DRP in place, when was the last time a checkup was conducted? How often do you think IT should perform a health check on an existing DRP?
Ideally, to ensure business continuity, a DRP should have a checkup a minimum of twice a year, and more often if major infrastructure changes occur. Many organizations build their DRP, perhaps test it annually, and then store it somewhere without conducting (or not having the time to perform) regular checkups.
Unfortunately, most organizations get caught off-guard when disaster strikes because simple routine plan maintenance was not performed. Rather than fostering pro-active solutions for such an event, most IT departments prioritize other corporate deliverables and don’t have the time to get around to planning for emergencies.
Conducting a periodic review of your Disaster Plan is a business-critical step to ensure your organization can sustain the most likely disasters, and still stay in business. Several aspects of a DRP should be reviewed, such as:
Is your DRP up to date?
The plan may have been accurate the day it was written, so every change that has taken place— from a new staff recruitment to new hardware or software — makes your organization’s plan that much less effective. Be sure to update your current plan with any recent changes.
Testing on a regular basis
Testing your organization’s plan is essential to implementing your recovery. Even if your DRP is updated but not exercised regularly, it could be forgotten. Stakeholders should be at ease accessing, referencing and executing the details of the plan. Testing allows staff to get acquainted with the document, thus getting your primary stakeholders comfortable with adhering to the plan in a non-disaster setting.
Remaining current with policies and procedures
It is crucial to perform practical exercises to ensure your DRPs will be completely operational when required. For instance: Are the phone numbers of staff that should be conducted in case of a disaster current? Are the staff current (do new hires need to be trained on the plan)? Do IT staff know how to access offsite data? Are the stated Recovery Point and Recovery Time objectives still effective? Who is the DRP co-coordinator? Is that individual currently working at the organization?
Perform off-site data back-up and storage
Any disaster that jeopardizes a business is liable to make access to on-site data back-up impossible. The primary concerns for data back-up are security during and ease of access ensuing a crisis. There is no advantage to making a back-up file of valuable data if this information is not transferred via a secure method and stored in an offsite data storage center with foolproof protection. As part of creating a back-up data solution, each organization needs to decide its “recovery point objective” (RPO) – the time between the last available back-up and when a disruption could conceivably take place. The RPO is founded on tolerance for loss of data or re-entering of data. Every business should back-up its data at least once daily, but should strongly consider more frequent back-up or “continuous data protection” if necessary.
Make sure your backup strategies reflect the critical nature of your data. Recovery of your systems cannot even be started if infrastructure and data backups are incomplete. Examine your backup policies to ensure they have kept pace with all recent changes. Revisit your backups, often.
Making the plan available
The complete DR Plan must be distributed to your Plan holders. Everyone must be able to access their plan immediately when called upon. The plans must be maintained by the plan coordinator and available to everyone, with minimal manual intervention required.
Is the plan comprehensible to non IT staff?
The plan must be detailed enough to circulate the document over to any business or IT professional with the expectation that they’ll be able to recover the organization’s servers with no additional input. The plan must detail each and every step so it can be followed like a recovery roadmap. This assumes no previous knowledge or any requirement to read between the lines. It’s an error to depend on specific individuals during a disaster, as they may be simply unavailable. The plan must be able to stand on its own.
The plan must support all critical aspects of the business. It must cover all technological hardware platforms, business processes and network recovery elements required to meet today’s business objectives. Both technical recovery and management aspects must be clearly outlined.
Business Continuity and Disaster Recovery (BC/DR) Planning is not just an IT issue, it is a business problem and that’s where the planning needs to begin. Litcom will help you define your organization’s requirements and build a business case to support your disaster recovery initiatives. Our professional team will work with you to understand your business requirements with respect to disaster recovery and data protection. For more information on how Litcom can help your organization with a Disaster Recovery Plan, please contact us at: firstname.lastname@example.org.