A number of studies have been conducted over the years regarding Disaster Recovery (DR) planning and its importance to business. The results of the studies were shocking:
- 61% of all businesses surveyed had to invoke their DR Plan at least once in the last 5 years
- 80% of businesses that suffer a disaster and have no plan, ultimately go out of business within 3 years
- 40% of businesses that suffer a critical IT failure go out of business within a year
The statistics above clearly demonstrate that businesses need a DR plan, ideally one that addresses both business and IT because they can result in different scenarios. Unfortunately, despite the wealth of information regarding the importance of DR planning, 30-40% of all IT organizations do not have a DR plan nor do they know how to properly use the one they have. Below are 5 steps to successful DR planning.
Don’t Launch a DR Plan Planning Exercise Without Engaging the Right People
The first step in the DR planning process is to engage with the business leaders to gain buy-in and support for this process. Most companies launch a full-blown DR planning effort without realizing that development of a DR plan is a complex and invasive project that can take many months or even years to complete depending on the size of the company. The project demands significant time and involvement from the organization; valuable resources that are almost always in short supply causing projects to either fail or be deferred.
The Interim DR Plan
A key to succeeding in the establishment of a DR plan, that is both functional and provides a solid foundation for subsequent revisions to the plan, is to start small and evolve to a plan that is specific to the needs of the organization. In DR terms this is usually called an “Interim DR Plan”. An Interim DR plan covers the basics of a DR scenario (such as the complete loss of the data centre) and identifies the necessary information and processes to recover the key systems needed to continue to operate the business.
The Importance of Reviewing Your Plan
An Interim DR plan is critical to the development of a comprehensive DR plan. Once the Interim DR plan has been established and tested, a review of the assumptions used in its creation should be conducted. This review must involve the business and IT teams to identify the risks associated with each assumption. As a result, the IT group can cost the necessary mitigation strategies and the business, and IT can then review and agree on how to deal with gaps for the next iteration of the DR plan. This iterative process should continue for some time in order to provide the necessary flexibility to the business and IT regarding costs, resource demands, and execution.
Continuous Improvement
The final critical piece of a DR plan is related to awareness and continuous improvement. Once created, the DR plan is a living document that needs review and update. Businesses that have DR plans but whose plans are out of date because they do not follow a continuous improvement model may be rendered useless in the event of a disaster. The organization, the vendors, partners and customers all need to be aware of the plan and they need to be involved in ensuring it is maintained.
Regular Testing for Effectiveness of the Plan
The plan is only as good as its’ last test. DR plans should be tested yearly (or more frequently, if possible) as this provides feedback on the effectiveness of the plan and identifies gaps that may be present and must be mitigated in the next revision.
40% of businesses surveyed tested less than once a year and another 40% of those surveyed did not do a complete test of the plan.
The IT DR plan will be a long term and complex undertaking that has proven to be an absolute requirement for business success. Start it modestly, covering the absolute basics to keep the business running; update it every year with a complete review and conduct a full test; communicate the plan to everyone inside and outside the company and evolve it through an iterative process that uses the DR test as a feedback process for the next revision of the plan.
The Litcom Approach
Business Continuity and Disaster Recovery (BC/DR) Planning is not just an IT issue, it is a business problem and that’s where the planning needs to begin. Litcom will help you define your organization’s requirements and build a business case to support your disaster recovery initiatives. Our professional team will work with you to understand your business requirements with respect to disaster recovery and data protection. For more information on how Litcom can help your organization with a disaster recovery plan, please contact us at: info@litcom.ca.