Depending on the type of business you’re in, losing data can either be an inconvenience or a very serious matter. Either way, it isn’t a scenario any organization wants to be faced with. Yet the majority of new or smaller businesses have no idea what to do if disaster strikes. That’s where a disaster recovery plan comes in. Not just for when the power goes out or the server room floods, they should be able to cope with anything, including data loss.
It doesn’t matter what you do or what size your business is, you need some kind of plan to handle external factors. Whether that is a storm, hack attack or act of God, you need a plan to help you cope. Fortunately, we have a little experience in disaster recovery (DR) planning so here are what we think are some essential ingredients of a good DR plan.
Assess risk
The first part of any plan is to assess what kind of disaster could befall your organization. You should cover the usual, power loss, flood, fire and earthquake but also the not so usual. A good DR plan will also need to cover hardware failure, hack attack, DDoS attack and data loss.
Risks assessments are never fun but they are necessary to ensure your disaster recovery plan does what you need it to do. Can you cope without power? What systems can you work without for a few hours? How long do systems have to be down before you lose productivity? Can your staff work from home during a disaster recovery situation? What would they need to be able to work from home? Those are just some of the many questions you need to ask to get a feel for what you could potentially face.
Start the plan
Once you have a handle on the risks you can begin the plan to mitigate them. The DR plan may be as complex or as simple as you like but it must contain the basic elements that will help you continue working while dealing with a situation. You should consider system dependencies, interoperability, data backups, offsite backups, hardware audits, floor plans, backup utilities, security requirements, staff responsibilities and that kind of thing.
There will also be lots of industry-specific concerns and concerns related to how your particular business is set up. Make sure these are covered in the analysis.
Don’t forget the people
We often see disaster recovery plans that cover every conceivable risk and outcome. Plans that audit every piece of hardware and software in the inventory and what the company would do in every conceivable situation. Only to forget about the most important asset of any business. Staff.
Everyone in your organization needs to know what to do, where to go and how to work in a DR situation. Allocating responsibilities is a key part of disaster recovery planning. Each staff member should be comfortable taking on extra responsibilities during a DR situation and know exactly what is expected of them during that time.
Depending on how many staff you have, you may like to create DR teams that can work together to achieve certain goals. Provide clear roles and responsibilities, adequate training and the equipment to do the job and each member should pull their weight.
Inventory and streamlining
Disaster recovery planning can have far reaching benefits outside of a situation. Hardware auditing can highlight older systems, incompatible software, legacy platforms and opportunities for improvements. All these things will benefit your DR plan but can also make day to day operations easier and more cost-effective.
For example, bringing all systems up to current standards ensures a level playing field. Introducing a unified communications solution enables productivity while on the road and compatibility with office systems. The introduction of cloud solutions can reduce capital spend on physical servers and also work in a disaster recovery scenario. Offsite data storage as alongside tape or digital backups not only prevent data loss but can save huge amounts of money over self-storage.
Testing, testing
Any West Point graduate will tell you that no plan survives the first minute of implementation. You could have the best looking, most comprehensive DR plan in the world but if it is untested it is worth nothing. Disaster recovery testing can be expensive and time consuming. But nothing is as expensive as not testing it.
If you don’t test and evaluate, your plan has already failed. There may be flaws in your plan and you would have no idea. A system might not work with a particular type of encryption, an employee’s internet service may not work with VPN or be fast enough for work applications. Cell phone signal may be weak at your DR location or there may be a single point of failure in your backup solution.
Any number of issues can go unnoticed when putting together a plan. Until you turn theory into practice, you would never know. Plans always need refining and adapting and testing is the perfect time to do it.
Effective disaster recovery planning can do so much more than prevent data loss. As long as it isn’t regarded as just a paper exercise it can have productivity benefits in the day to day running of your business too. I have covered just a few examples where rationalizing your technology can be cost effective in daily life and they are far from the only ones.
Unified communications and cloud computing offer some major cost savings but also have the added benefit of being accessible from anywhere at any time. Using Office 365 instead of installed Office 2016 is just one way that can benefit your DR planning while also helping you reduce costs and increase efficiency during your daily work. So yes, DR planning is resource intensive but it can save money.
That’s without adding the potential cost of lost production or reputation damage should something untoward happen. The old saying ‘plan for the worst, hope for the best’ isn’t around hundreds of years later for no reason!
