By Caroline Blivet
Share

Building a Disaster Recovery Plan that Works

February 03, 2020

In today’s interconnected and highly digital world, technology is critical for almost all business activity. Technology disruptions can cause serious havoc, with just a few hours of downtime likely to affect business continuity and result in significant financial losses. Not only that, but downtime and data loss can damage your reputation and affect your growth for years to come.

According to Gartner, the average cost of IT downtime is $5,600 per minute or more than $300,000 per hour. For large organizations, that number tops half a million dollars.

With numbers like this, businesses around the world can't afford to ignore the importance of data integrity and disaster recovery. A well-designed and effectively maintained disaster recovery plan will substantially increase your ability to recover lost data and return to normal operations. Much more than an added extra, disaster recovery is an essential part of data integrity, business continuity, and reputation management.

What is a disaster recovery plan?

A disaster recovery plan is a document that helps your organization react effectively to a significant disaster. Whether dealing with a natural disaster, a power outage, or human error, a recovery plan needs to be formulated before the event so you can mitigate risk and recover effectively. Depending on the specifics of the disaster, immediate action is often needed to prevent ongoing damage and implement normal operations.

IT disaster recovery is a subset of disaster recovery which focuses on the technology aspects and implications of the disaster event and recovery process. An IT disaster recovery plan establishes the tools and procedures needed to make this happen, with quick decisions and definitive actions essential. From minimizing server downtime and database access through to securing employee workstations, fast response time and organization is critical during the early stages of a disaster.

Regardless of the size of your organization, it's important to bring critical systems back online quickly to avoid ongoing problems. From immediate internal recovery strategies through to cloud systems and external networks supported by vendors, robust planning and management is the key to every successful recovery.

Understanding business continuity

IT disaster recovery is best understood as a subset of overall business continuity. In order to ensure data integrity and organizational stability following an impact, it's important to secure IT infrastructure and ensure ongoing access to critical IT services. A number of adverse events can affect IT and overall business operations, including disruption to servers, desktops, databases, applications, and other important infrastructure.

In order to be effective, an IT disaster recovery plan should be developed in conjunction with an overall business continuity plan. Priorities and recovery time objectives for IT should be developed during a wider business impact analysis. Technology recovery strategies should be developed to restore hardware, applications, and data the right way.

The following steps will help you develop the right strategy in alignment with your overall business goals.

1. Conduct an asset inventory - Successful recovery strategies demand planning and foresight. Before you begin, it's important to carry out an inventory of all assets, including hardware infrastructure, databases, and relevant software services.

2. Identify critical assets in context - Understand how individual assets are used and measure their overall importance to your business. Classify assets as high impact, medium impact, or low impact based on their ability to disrupt regular business operations.

3. Perform a risk assessment - A risk assessment helps you to identify any specific threats your business is likely to face, along with specific assets that are likely to be affected. Interviewing the staff who work on critical systems is a great way to uncover the most likely causes of disruption.

4. Define recovery objectives - Consult with senior management and operations staff to understand the potential impact of specific disruptions to each critical system. Define impacts by scale and scope, from one minute on one computer through to global downtime across your entire network.

5. Determine tools and processes - Once you have a good idea what's at risk, it's important to research vendors and their specific disaster recovery processes. Along with backup solutions, you also need to look into website recovery, data recovery, and service recovery. You can automate much of the recovery process to improve efficiency and reduce errors.

6. Create a working budget - Despite the mission critical nature of disaster recovery, you are likely to have a limited budget. Present several options to management, each with a progressively higher price tag but better support, along with enhanced recovery point objectives (RPO) and recovery time objectives (RTO). Allow management to decide on the right balance between risk and cost.

7. Get management approval - Once you have presented all the facts, you can put together an agreed draft of your disaster recovery plan based on advice and feedback from the management team. As soon as they sign off on the plan, it's time to put all your research into action.

8. Communicate the plan - Even the most comprehensive disaster recovery plan is useless if no-one follows it correctly. Once you have management approval, it's time to create working documents and circulate them to the disaster recovery team. Separate documents may be required for team members and senior management depending on recovery objectives and procedures.

9. Test, review and update - Disaster recovery is not a one-time deal, and ongoing feedback and iteration is needed to refine your objectives and security stance. You should always revisit your plan and test it out by conducting disaster drills based on specific scenarios. Learn from each test, modify the plan accordingly, and stay up-to-date with the latest threats and security issues so you can make adjustments when needed.

Softlanding provides professional and managed IT services and disaster recovery solutions. We are a Microsoft partner specializing in the direct implementation of leading Microsoft security and backup solutions. If you want to upgrade your security stance with a managed disaster recovery plan, we can analyze your current risk levels and offer you new solutions to ensure data integrity, business continuity, and long-term performance.

Get a Security Workshop to help you understand how to best protect your organization.

Loading Conversation