Is your company’s data safe from disaster ether man made or by nature? It is not a question of if disaster will strike, but when will it strike. Most businesses cannot afford nowadays to go without their data with their heavy reliance on customer databases and financial transaction systems. So how can a company’s data, information and knowledge be protected in the event of a disaster?
IT disasters come in many forms from man made like hackers, viruses, and just plan IT stupidity to natural disasters like fire, lightning, earthquake, and flooding. Most of these events can be mitigated by having good plans in place to recover from such events. In the IT world there are two types of plans that you should develop and implement to protect your business. The first plan you should develop is a “Disaster Recovery Plan” (DRP). The second type is a “Business Continuity Plan” (BCP) which is focused on getting employees working aging and as such is not focused on IT, but both are closely linked. All BC/DR plans need to encompass how employees will communicate, where they will go and how they will keep doing their jobs. The details can vary greatly, depending on the size and scope of a company and the way it does business (CIO, 2013).
What is a DRP, “it is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such a plan is ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster (Wikipedia, 2013). It is “a comprehensive statement of consistent actions to be taken before, during and after a disaster” (Wold, 2013). It should be noted that a DRP exist for, the purpose of restoring IT assets in the event of a disaster.
There are 10 steps in developing an effective DRP. First, obtain top management commitment. Your organizations management team must support and be involved in the development of the disaster recovery planning process. They should be responsible for coordinating the disaster recovery plan and ensuring its effectiveness within the organization (Wold, 2013). Second, you should establish a planning committee to oversee the development and implementation of the DRP. The planning committee should include representatives from all the businesses functional areas. The committee also should define the scope of the DRP (Wold, 2013).
Next, your committee should perform a risk assessment that includes a range of possible disasters, including natural, technical and human threats. Each functional area of the organization is analyzed to determine the potential consequence and impact associated with several disaster scenarios. The risk assessment process also evaluates the safety of critical documents and vital records (Wikipedia, 2013). After the committee completes the risk assessment, they need to establishing priorities for processing and operations. Identify the critical needs of each department within the organization are evaluated in order to prioritize them. Ask each department what is the minimum amount of IT resources they need to function.
At this point, you need to determine recovery strategies. Look at all aspects of the organization including facilities, computer hardware and software, communications links, data files and databases, and any other processing operations. Find alternatives for all your critical systems and techniques to recover or replace them, these my include: hot sites, warm sites, cold sites, reciprocal agreements, the provision of more than one data center, the installation and deployment of multiple computer system, duplication of service center, consortium arrangements, lease of equipment, and any combinations of the above (Wikipedia, 2013).
In the next phase, data collection takes place. Collect information like critical telephone numbers, vendor contact list, notification checklist, IT inventories, distribution register, software and data files backup/retention schedules, temporary location specifications, any other such other lists, materials, inventories and documentation for IT system recovery (Wikipedia, 2013). After gathering all this information, you need to organize and document a written plan. You can save a lot of time at this point by following on of the many templates provided free on the internet (Windel, 2012). During this phase that the written plan is developed in its entirety, including all detailed procedures to be used before, during, and after a disaster. The procedures include methods for maintaining and updating the plan to reflect any significant internal, external or systems changes. Identify procedures allowing for a regular review of the plan by key personnel. Specify responsibilities that are assigned to the appropriate teams for each functional area. ID teams responsible for administrative functions, facilities, logistics, user support, computer backup, restoration and other important areas in the organization (Wikipedia, 2013).
After your DRP is documented, you need to develop testing criteria and procedures and test the plan. Set objectives for your test like, recover servers with no noticeable down time to your users, or how to continue operations in the event of fire. DRP testing should be performed on a regular basis, the exact frequency very much depends on your own organizational needs. However, it is usual for ‘full deployment’ tests to be performed, as a minimum, on an annual basis (Bradbury, 2007). Lastly, have management and all the stakeholders approve the plan. As it is ultimately management’s responsibility that the organization has a documented and tested plan.
A DRP is more than just off site backups and one off recovery techniques used to restore your data. It is a comprehensive methodology to systematically reduce risk in the event of a disaster. By conducting risk analysis and identifying your organizations critical information and implementing a plan to restore that information, you bring peace of mind to your users and employers.
Works Cited
Bradbury, C. (2007, 11 20). The IT disaster recovery plan. Retrieved from Continuity Central: http://www.continuitycentral.com/feature0524.htm
CIO. (2013, 12 14). Business Continuity and Disaster Recovery Planning Definition and Solutions. Retrieved from CIO: http://www.cio.com/article/40287/Business_Continuity_and_Disaster_Recovery_Planning_Definition_and_Solutions
Wikipedia. (2013, 12 14). Disaster recovery plan. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Disaster_recovery_plan
Windel, A. (2012, 03 08). A Microsoft Word Document Template For Disaster Recovery Planning. Retrieved from Microsoft TechNet: http://blogs.technet.com/b/mspfe/archive/2012/03/08/a_2d00_microsoft_2d00_word_2d00_document_2d00_template_2d00_for_2d00_disaster_2d00_recovery_2d00_planning.aspx
Wold, G. H. (2013, 12 14). Disaster Recovery Planning Process. Retrieved from Disaster Recovery Journal: http://www.drj.com/new2dr/w2_002.htm