Although technology plays a major role in most organizations, there’s a common misconception that having a simple data backup plan in place is enough to account for potential disasters. Backup strategies are crucial, but they’re only one part of a larger plan all businesses should have — an IT disaster recovery plan (IT DRP).
IT DRPs should be comprehensive so that your IT team knows exactly what to do if a natural disaster or other unexpected event causes a technology outage. If your business doesn’t have a plan, it’s better to be proactive now than wait until disaster strikes. There are many ways to approach developing an effective IT DRP, but following are a few essentials that should be included.
Goals and Assigned Responsibilities
A critical first step toward creating a solid recovery plan is defining the goals you want it to accomplish. These goals act as the foundation for the entire plan and will be used to determine whether the plan is working for your business or could use changes. It’s also important to define the specific teams that will be responsible for putting the plan into action should the unexpected occur. The clearer the team accountabilities and goals they need to achieve are, the quicker they can respond to issues.
An Audit of Software and Hardware
According to the U.S. Department of Homeland Security, recovery strategies need to be developed for all IT systems, applications and data. To ensure everything is accounted for within your IT DRP, it’s recommended to perform an internal audit of business hardware, business software and any other data sources. This inventory will help your team understand which systems are vital to overall operations, where and when regular data backups need to occur and where to prioritize restorations in the event of an outage.
Data Backup Strategy
As mentioned earlier, a data backup strategy is a core part of an IT DRP. When developing this strategy for your IT DRP, you should pinpoint what data needs to be backed up for your business to run smoothly. From there, you should determine how to implement your backup procedures and backup schedule. Once you start backing up your data, it’s important to validate your backups after they’re completed to ensure data is accurate and that your procedures are working properly.
An effective backup strategy also accounts for two concepts: recovery time objective (RTO), or how long it takes to restore data, and recovery point objective (RPO), the amount of data you’re willing to lose or manually reenter after an outage. If it takes two days to restore data from an external server or hard drive but the company can only allow half a day of downtime, the backup procedure isn’t adequate from an RTO standpoint. Likewise, if a company can only afford to lose two hours of operating data but backups happen nightly, the backup procedure isn’t sufficient from an RPO standpoint.
Frequent Plan Reviews and Tests
A business’s IT DRP isn’t a document that sits on a shelf and collects dust once completed. It’s a living document that should be regularly reviewed to confirm it still meets the needs of your changing business. The National Institute of Standards and Technology (NIST) recommends businesses use these three practices when reviewing their IT DRP:
- Test the system. Tests often focus on recovery and backup operations. For example, a suitable test would be to remove power from a system to assess how quickly the business can recover.
- Conduct a tabletop exercise. These are conversation-based exercises where a facilitator presents a scenario and asks participants questions related to the scenario. The questions initiate a discussion among the participants about roles, responsibilities, coordination and decision-making as they relate to a potential disaster.
- Conduct a functional exercise. This practice allows staff to execute their roles and responsibilities as they would in an actual emergency situation — but in a simulated manner. The goal is to exercise the roles and responsibilities of specific team members, procedures and assets involved in one of more aspects of the recovery plan.
Developing an effective IT DRP is key to preparing your business for the unexpected. The more detailed and diligent you are with creating and reviewing your plan, the better equipped your teams will be to respond if and when disaster strikes.
At Creative Planning Business Services, our technology team assists clients with all stages of disaster recovery planning. From initial plan development to routine plan testing, our comprehensive services have you covered. Schedule a meeting with us today to get a better picture of your current disaster preparedness.