Disaster planning and business continuity are tasks that, like healthy eating and regular exercise, are often left by the wayside in a busy small or medium company. Today, I’d like to take you through the very basic steps involves in building a disaster recovery plan to show you how to get started in preparing for unexpected data and business interruptions.
Get your boss on board
As with many things in IT, convincing your boss you need to take time from your regular work to fix what seems to them like a non-existent problem is often the most difficult part. Try and frame disaster recovery as similar to insurance; you hope you never need it but you wouldn’t be in business without it.
The best way to convince any superior is always a business case. Stack it full of figures showing that the risks are ever-present and what the cost would be if your data center went down for an hour, a day a couple of days and a week.
Conduct a risk assessment
Risk assessments are often one of the first steps in getting a disaster recovery plan off the ground. They should catalog risks associated with your IT infrastructure including everything from users not logging out to getting hacked to flood waters rising past the roof. You should also categorize each risk you think of by its severity and the likeliness that it will occur. If you’ve ever had to do a health and safety assessment this will be a familiar process.
A decent IT risk assessment template is available over at TechTarget.
Go through a business impact analysis
So now you know how the business can get battered you’ve got to look at what you need to get up and running after it’s been hit. Accounting for the critical parts of the business, the IT infrastructure that serves them and what would happen to the business if they were lost is the basis of the business impact analysis.
Again, the people over at TechTarget have a thorough plan for conducting your business impact analysis.
Build a disaster recovery plan
This should be a step-by-step procedure that you can pick up and quickly get systems up and running again. Remember there is going to be a fair amount of shock involved, especially if it’s a natural disaster and staff may be unable to focus on the business for the simple fact that their own lives or properties are at risk.
Your plan should take into consideration the previous steps: what are the most likely disasters and how can you minimize their impact? Where is critical infrastructure located and is it vulnerable? Which systems are critical and which aren’t?A key consideration should be your data, what is stored where and how it is backed up. What data will need to be recovered and what time, known as a recovery time objective (RTO), and maximum amount of data that can be lost, known as a recovery point objective (RPO) should be at the core of the data part of your disaster recovery plan.
The Microsoft folks over Technet have a good basic example of a disaster recovery template that you can take and adjust for your own purposes.
Remember that the most important part of any disaster recovery plan is that it is tailored to your needs and that it encompasses your business rather than being just copied from a template.