All kinds and sizes of disasters come. These are not just catastrophic events such as hurricanes, seismic events and tornadoes, but they can even be categorized as catastrophic events such as cyber-attacks, faults in equipment and even terrorism.
In designing disaster recovery plans, companies and organizations are planning to detail actions to be taken and procedures to return to essential activities quickly and without significant business or revenue losses.
What is disaster recovery?
In the IT sector, the emphasis is on IT systems that support critical business operations. Disaster recovery. The word “economic continuity,” but the two terms are not completely interchangeable, can often be used for disaster recovery. The recovery of disasters is a part of business continuity, concentrating more on preserving all facets of an organization following catastrophe. As IT systems are so important to the business ‘ survival today, disaster recovery is a key factor in the cycle of business continuity.
The cost of disasters
Unprepared businesses will cause economic and organizational losses. According to a 2015 study from the IT Disaster Recovery Preparedness (DRP) Council, a 1-hour downtime can cost small businesses up to $8,000, medium-sized businesses up to $74,000 and large companies up to $700,000.
More than half of the businesses (54 percent) surveyed had a disaster recovery incident that took more than eight hours in the last five years, according to another study by disaster recuperation provider Zetta. Two thirds said that their companies will lose more than $20,000 for each inactivity day.
Risk assessments identify vulnerabilities
Even if your organization already has some kind of disaster recovery plan, an upgrade might be necessary. Do not fall in your feet first without a risk assessment when the company does not have one and you are given the task of coming up with one. Identify bugs and where things could go wrong with your IT infrastructure. You need to know how the IT infrastructure looks.
What is a disaster recovery plan?
Type “disaster recovery plan template” into Google and dozens, if not hundreds, of templates will appear. Use those to get started and modify towards your business or organization.
The plan itself should include the following:
- Statement, overview and main goals of the plan.
- Contact information for key personnel and disaster recovery team members.
- Description of emergency response actions immediately following a disaster.
- Diagram of the entire IT network and the recovery site. Don’t forget to include directions on how to reach the recovery site for personnel that need to get there.
- Definition and description of maximum outage times of the most important IT properties. Get to know the terms Recovery Point Goal (RPO) and Recovery Time Goal (RTO). RPO determines the maximum “age” of files to be retrieved by an organization, after a catastrophe, from backup storage for normal operations. The machine will back up every five hours if you choose an RPO of five hours. The RTO is the maximum amount for the corporation to retrieve the files from backup storage and resume normal operations after a catastrophe. It cannot be shorter if your RTO is three hours.
- List of software, license keys and systems that will be used in the recovery effort.
- Technical documentation from vendors on recovery technology system software.
- Summary of insurance coverage.
- Proposals for dealing with financial and legal issues, as well as media outreach.
Building a disaster recovery team
The strategy should be handle by the IT team members responsible for the company’s vital IT infrastructure. Those who need to be made aware of the strategy include the CEO or a delegated senior manager, managers, department leaders, officials in the human resources and public relations department.
Outside the business, disaster recovery vendors (for example, software and data backup) should be familiar with and contact details. Facility owners, property management, communications with law enforcement authorities or emergency respondents (and update frequently as names or telephone numbers change) should also be identify and listed in the Program.
When Management has written the plan and approved it, check the plan and amend if necessary. Make sure to plan the disaster recovery activities for the next review period and/or audit. Update, update, update (large or small) as events transpire. Don’t just put the plan in a desk drawer and hope a disaster doesn’t happen.
A disaster has happened – now what?
If a tragedy has occurred it is time to begin your response to the incident. Make sure the incident response team has a copy of the disaster recovery plan (if it’s different from the disaster recovery planning team).
Incident response includes evaluating the situation (knowing what equipment, software, processes have impact by the disaster), system recovery, and tracking (what work, what didn’t work, what can improve).
What’s next? Cloud or recovery-as-a-service
Like many other corporate IT systems that have migrated into the cloud, the recovery of disasters also has. The cloud advantages include lower costs, faster implementation and the opportunity to frequently check plans. This might however lead to increased bandwidth requirements or degrade the network performance of a business with more complex systems.