Restoring your company data: How to build a Disaster Recovery Plan (DRP)

Restoring your company data: How to build a Disaster Recovery Plan (DRP)

Building a Disaster Recovery plan can seem daunting, but Landmark Technologies are here to help. We’ve broken down the process into a number of steps, detailing some of the things you’ll need to consider when preparing your business’ IT Disaster Recovery Plan, enabling it to be as fool proof as possible. Check out our, “How to build a Disaster Recovery Plan” steps below.

What is a Disaster Recovery Plan? 

A Disaster Recovery Plan is a document designed to lay out the process or procedures that will enable a business to recover and protect their IT infrastructure in the event of an incident that could disrupt business productivity.

Steps involved in building a Disaster Recovery Plan

1. List Your Assets

There’s no point building a plan when you don’t know what it is covering. Start with taking an inventory of all your assets. List everything. And that means EVERYTHING.

Now when we say everything, we don’t mean assets such as the couch or the fancy espresso machine in the canteen, but an inventory of all your IT related assets. Anything that is managed by IT goes into the asset inventory. This can include, data, storage devices, servers, networks, network appliances, etc. Make note of where they are physically connected, what network it is connected to and what their dependencies are. Whether they’re in office or offsite in the cloud or a data center, etc.

Some other pieces of information you may want to gather and document during the disaster recovery plan would be contact formation for clients, employees and any other companies or organisations you may need to contact during a disaster.

It is important to keep all the information as well as the disaster recovery plan both online and offline in case your regular IT equipment is compromised during a disaster

2. Assess Your Risk

What are the risks to your business? What is the probability that these risks might happen?

These risks can be internal or external, natural or mundane. You need to imagine the worst-case scenario of each of these given risks, so you can develop a path through them should they strike. As devastating as a natural disaster would be, remember, the mundane is much more likely. Thoroughly investigate the everyday possibilities that could result in disaster.

In today’s environment, cyber-attacks and the disruption, deletion and theft of data is becoming more and more common. There are a number of companies in the news every month dealing with the fallout of cyber-attacks. Unfortunately, this threat is a real possibility for many businesses. While this isn’t the everyday risk, thoroughly investigate this possibility of this and asses the transition plan should this happen. Leave no stone unturned.

3. Identify Critical Applications and Data

Business continuity is dependent on the applications and data that you use.

Talk with each department. It’s very important to have open and correct communication with each department manager to ensure that you have been made aware of each application and which data they use. Each department may depend on different applications or data in order to function. There’s no point prioritising the recovery of one application when another department relies on another. Each department has different priorities.

Look for common applications or data between departments as their accessibility will be critical to the normal operations of the business. Grouping commonalities between departments will allow for a less complex recovery strategy compared to different strategies for each area of the business.

4. Define Your Recovery Objectives

Not every business will have the same objectives when it comes to recovery, because no two businesses are the same. Your recovery objectives will be different compared to others, and should reflect how your business operates.

The amount of non-operational downtime your business can sustain will affect the immediacy and priority of your objectives. 

It is important to define what the business-critical processes and systems are. All stakeholders should be consulted and their views should be considered as part of the plan. All heads of departments should be aligned and in agreement for the plan to work successfully.

You can use a business impact analysis (BIA) to help you define your objectives. Conducting this analysis allows you to measure the impact downtime may have on business availability and any affected areas, in terms of cost, legality of data loss, security and customer retention. This will help you further identify what your company needs to consider when defining their objectives for recovery.

Consider the Recovery Time Objective (RTO). How long can your core systems be down before business profitability is affected?

Today’s consumers have little patience for any delay. With every increasing minute a business system is down, the business is losing money and potentially customers. Think more in seconds to minutes as a recovery time is as opposed to days to weeks.

Take into account your Recovery Point Objective (RPO). This is the maximum targeted time in which data transactions may be lost due to a major incident. RTO and RPO should be considered in tandem. They should be balanced to ensure that the optimum solution is chosen. Choosing the correct balance will help you to decide the frequency of your backups.

5. Find Your Disaster Recovery Solution.

It’s time to choose your solution. Take the time to choose the right one. Consider what your business needs. Incorporate a disaster recovery solution that is suitable. Consider the backups required and how regular these need to be.

Where feasible offsite backup to a data centre or cloud-based solution should be considered. The offsite backup is less likely to be affected by the same conditions that pertain at the original facilities.

6. Document Your Recovery Plan

All the information you have gathered now needs to put into a document that is easily readable and communicable to members of staff. Not all staff members need access to it, only those required in the event of an emergency. All associated staff need to be aware of the procedures put in place, who they report to and what they need to do in the face of disaster.

7. Test. Practice. Evaluate. Update.

Regular testing of the DR plan is vital to ensure its efficiency. Problems highlighted and resolved at the testing phase result in a better chance of a full recovery. Testing can be controlled, allowing you to test again and again until you are happy with the outcome of the plan in terms of RPO AND RTO.

Landmark Technologies can review and test your current Disaster Recovery environment.

There’s no such thing as a perfect disaster. However, regular simulations will make your response as close to perfect as it can be. Familiarise your staff with the recovery routine so there should be no need to panic if disaster strikes. Rehearse various aspects of the recovery plan, allowing all staff to become competent in what they’re doing and prepared for any given situation. Obviously, you can’t prepare for every disaster, but give staff the tools to keep them ahead of it.

Businesses are always growing. Staff change. Procedures change. Update your plan with any major or minor details that may affect the plans efficiency.

Preparing a Disaster Recovery Plan may be daunting, but it will benefit your business. Having a validated and regularly tested process will ensure that you are best placed to recover should the worst occur.

Landmark Technologies can tailor a Backup & Disaster Recovery strategy for your business. Contact us today to understand how Landmark Technologies’ Backup & Disaster Recovery products (BDR) can help you.

Hungry for knowledge, what are you waiting for? Sign up today

[email-subscribers-form id=”1″]