Do You Have a Disaster Recovery Plan?
Businesses of all sizes that manage data rely on the fact that data will be available in some way or another. When you think of the word disaster, what comes to mind? More than likely, it’s some type of natural disaster like a fire, earthquake, tornado or flood. In fact, there are many different types of disasters, such as hardware failure, human error, hacking, or malware. With so many types of situations that can arise, how is it possible to plan for every problem and where should you even begin?
Planning For A Disaster
The best time to plan for a disaster is before it happens. Be proactive instead of reactive and focus on the critical aspects of your business so recovering from a disaster is quicker and less costly. Complete a business impact analysis (BIA) to predict the consequences of a disruption to your business in the event of a disaster. During your impact analysis, ready.gov recommends businesses consider the following scenarios:
- Physical damage to a building
- Damage to or breakdown of machinery, systems or equipment
- Restricted access to a site or building
- Interruption of the supply chain including failure of a supplier or disruption of transportation of goods from the supplier
- Utility outage (e.g., electrical power or water outage)
- Damage to, loss or corruption of information technology including voice and data communications, servers, computers, operating systems, applications, and data
Your BIA should also consider the following impacts to your business:
- Lost sales and income
- Delayed sales or income
- Increased expenses (e.g., overtime labor, outsourcing, expediting costs, etc.)
- Regulatory fines
- Contractual penalties or loss of contractual bonuses
- Customer dissatisfaction or defection
- Delay of new business plans
Download the free Business Impact Analysis template from the National Institute of Standards and Technology and the Business Impact Analysis Worksheet from Ready.gov below:
Disaster Recovery Plan
The objective of a disaster recovery plan (DRP) is to ensure that your business is well equipped for responding to a disaster or other emergency that affects information systems and to minimize the effect on the operation of the business should one occur. Having a Business Impact Analysis is very important to creating an effective DRP because it allows you to design your plan with the entire scope of your business’s critical services in mind. Skipping the BIA would likely mean you will miss important factors in your plan specific to your business that will show up when trying to implement your DRP during or after a disaster.
Ready.gov recommends that recovery strategies be developed anticipating the loss of one or more of the following system components:
- Computer room environment (secure computer room with climate control, conditioned and backup power supply, etc.)
- Hardware (networks, servers, desktop and laptop computers, wireless devices and peripherals)
- Connectivity to a service provider (fiber, cable, wireless, etc.)
- Software applications (electronic data interchange, electronic mail, enterprise resource management, office productivity, etc.)
- Data and restoration
To start your disaster recovery plan, take an inventory of all hardware, software applications, and data. Identify the critical software applications and data and the hardware used to run them. Some type of cluster setup will help with replacing hardware components, or make sure you are using standardized components so they are easy to replace. Make sure that your software is available to reinstall should you need to. Your DRP should include a detailed strategy to ensure that all critical information is backed up.
Identify data on servers, computers, mobile devices, and don’t forget to include hard copy records. Your backup plan needs to include regularly scheduled backups and you should test your backup methods to make sure they work. Make sure that you consider the time that it takes to restore from a backup in your plan as well. Backing up your data is essential to any disaster recovery plan.
After you’ve identified and inventoried all critical components to your information systems, the next step is to being writing down your recovery plan. You can begin from scratch or use one of the templates below.
Download the free Disaster Recovery Plan templates below:
- National Institute of Standards and Technology – Building an Information Technology Security Awareness and Training Program
- IBM – Example: Disaster recovery plan
- Ready.gov – IT Disaster Recovery Plan
- Ready.gov – Business Impact Analysis
- Ready.gov – Risk Assessment
- Ready.gov – Risk Mitigation
Any articles, templates, or information provided by Shorey IT on this blog post are for reference only. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the blog post or the information, articles, templates, or related graphics contained on the blog post. Any reliance you place on such information is therefore strictly at your own risk.
Shorey IT is not in any way affiliated with or partners of Ready.gov, Southern Oregon University, Adams State College, Smartsheet or the National Institute of Standards and Technology.