Taking the necessary steps to prepare for unexpected downtime and how to ensure a rapid return to normal operations is referred to as disaster recovery planning. DR planning can be a complex process, especially for small businesses with limited resources. An effective DR plan takes expertise, knowledge, and time but as you’ll discover below, learning to protect your business with a recovery plan is a necessity in today’s world.
Pretty much all businesses of any size these days rely on IT to operate. Whether it be laptops, smartphones, cloud software, or email servers, all of it has the potential to fail.
Statistica, a data analysis company has stated that on average worldwide, that downtime costs organizations about $400,000 per hour. The Ponemon Institute revealed in 2018 that the global average cost of data loss of about $140 per record. Our business world today is data-driven; not being able to quickly recover results in the demise of many organizations.
Simply put, a DR plan is the guide to what procedures and policies that your organization will follow if your IT services are unexpectedly disrupted as a result of a technical failure, natural disaster, cyber-attack, or terrorism. The plan is designed to restore your business process as quickly as possible by either switching over to a contingency system or restoring the disruptive services. A proper disaster recovery plan should include the following elements:
People – Who are the key stakeholders on both the business and IT side during a disaster recovery process?
IT Services – Which processes are supported by what systems and what are the risks for each?
Suppliers – List of suppliers that will need to be contacted in the event of an IT outage.
Locations – Plan for where work will be performed if your existing location is affected or not accessible.
Training – List of necessary documentation and what training will need to be provided to end-users.
Additionally, there are typically two KPIs that are used in DR plans – RPO (recovery point objection) and RTO (recovery time objective). These mean the maximum age of a backup before it is no longer useful and the maximum amount of time that can elapse before the backup system is implemented.
Even if your business is small, your DR plan can be quite complex. There is, however, a common structure that is often used to define definitions, responsibilities, response procedures, and maintenance requirements.
A template outline that we recommend includes the following:
Introduction – Summary of objective and plan scope including what locations and services are covered, the RPO and RTO for each service, and what the maintenance and testing requirements are.
Responsibilities – Detailed list of all internal and external stakeholders and what their involvement in each DR process is. Include their contact details and a description of their specific duties.
Response – Instructions as to when the DR plan should be triggered and how employees, customers, and partners are notified.
Procedure – List of all DR processes (step-by-step) for each IT service.
Appendices – Any other relevant lists, forms, documents, and resources.
As with other policy documents, if your disaster recovery plan gets put on a shelf and never reviewed or updates, it will not remain relevant for long. Sufficient resources for training, document management, and revisions as new IT systems are added are necessary. Finally, it is critical that you thoroughly test your DR plan! Only testing will confirm if your procedures are effective and your RTO and RPO are viable. Be sure to not only test in stages but to test the entire plan as well.
For more information on how MBC can help support your IT needs, get a free assessment today.
MBC Security Tip: Goodbye Passwords, Hello Passphrases. Strengthen your security with strong passwords that are simple to remember by using a passphrase that includes numbers and special characters like hello7dan$ingAlligat0rs. mbccs.com/it-business-so… #cybersecurity #infosec pic.twitter.com/ExdjFov1DR