Disruption to business operations can have a catastrophic effect on business finances and reputation. Not only that, but these disruptions can come from anywhere at any time. The longer your business is out of action, the greater the negative impact on your business.
Whether the result of a cyber attack, natural disaster or power outage, there’s simply no telling when disaster might strike. That’s why it’s so important to be prepared in case they do. You need to be up and running again as quickly as possible after disruption occurs.
The importance of a disaster recovery plan
A disaster recovery plan is a formal document outlining the steps to take to quickly resume normal operations after an unplanned incident. It sits alongside business continuity planning as an essential strategy for managing the risk of business disruption.
You can think of a disaster recovery plan as being like a form of insurance. It’s something that you hope you never have to use, but if the worst does happen, you’ll be glad you have it. The upfront investment you make in your disaster recovery plan can help protect you from much more costly scenarios should you be hit by unforeseen disruption.
What does a disaster recovery plan contain?
The aim of a disaster recovery plan is to help a business resolve data loss and recover functionality of their systems so they can get up and running again in the aftermath of an incident. Even if the business has to operate at its minimum viable level for a little while, the disaster recovery plan aims to minimise the amount of downtime and damage.
An independent assessment of business systems is needed to produce a disaster recovery plan that fits the unique needs of the business. The following list is not exhaustive, but includes some of the things that should be included in a disaster recovery plan.
Inventory of your assets
A disaster recovery plan begins with compiling a detailed inventory of company assets. This includes listing all of the following you have in operation within your business:
- Hardware. This includes all physical devices such as laptops, PCs, printers, servers, phones and wireless devices. List the model, serial number and who each piece of equipment is assigned to for maximum visibility.
- Software applications. List which applications your business uses and whether they are critical to business operation or if you could cope without them temporarily.
- Data. Keep a log of what data is critical for your business to operate, where it is stored, where it is backed up and in which storage mediums.
You must identify what is critical. For example, for each critical software application or data set, you will need hardware to run it. Having copies of program software available to reinstall if necessary and replacement equipment to run it on is a good idea.
Definition of tolerable downtime
Different applications within your business can tolerate different levels of downtime. Splitting up your assets by how much downtime you can tolerate can help you prioritise steps in your disaster recovery plan. For example, you could divide your inventory up as follows:
- Tier 1: These are business-critical applications you need back up and running immediately. An example here could be a global payment handling company which cannot do business without its servers. Here, every milisecond counts.
- Tier 2: These are applications which you need back up and running that day, perhaps within a timeframe of up to 24 hours.
- Tier 3: These are applications which are important to your business, but you can still conduct some level of business without them. A few days without them is acceptable.
Personnel and communications plan
Communication is critical in any business. Especially in times of crisis. All disaster recovery plans should set out a clear plan for who is responsible for what in the event of a disaster.
Practically speaking, this means you may want to include an organisational chart in your disaster recovery plan with clear instructions on who to contact and a list of roles and responsibilities assigned to each person. Contact details should be up to date and each person made aware of what their role in recovery is, with a backup in place in case they are unavailable for any reason.
Data recovery plan
Loss of data can cause significant business disruption. A data backup and recovery plan should be an integral part of your disaster recovery plan. It should identify what data stored on network servers, PCs, laptops or wireless devices is backed up, and where.
This data should be backed up with a recent version anyway and ideally stored in multiple places – from physical hard copies to cloud storage. Your disaster recovery plan should then set out how to recover this data and restore your system back to the way it was before.
Testing your disaster recovery plan
Your disaster recovery plan needs to be up to date. Regular testing is recommended to make sure your requirements and indeed priorities have not changed over time. You may even want to run simulated disaster drills to test how your systems and people would fare in the event of the real thing to spot any areas of weakness in your plan. The more prepared you and your business can be to handle whatever comes your way, the better.
About EC-MSP, your IT support partner
EC-MSP are one of the most trusted IT support providers in London. If you would like more help advice and support with technology for your business, contact us today to see how we can help.