Most companies rely heavily on their internet connections. The impact of an outage can be detrimental to infrastructure and applications, which makes operations struggle to continue.
In 2016, 72% of businesses experienced an internet failure. This downtime cost UK companies around
£12 billion in lost productivity and extra overtime.
It's vital to have a quality disaster and recovery system in place, as the failure to recover from a prolonged IT outage could put you out of business.
What is a disaster recovery plan?
A disaster recovery plan (DRP) is a crucial part of any business continuity strategy. It's a documented set of procedures to protect and recover a business IT infrastructure in the event of a disaster. The step-by-step plan consists of detailed precautions to minimise the impact of any disaster on the company.
Disaster can strike due to a number of reasons, such as natural disaster, technological failures, human error, terrorism or intentional sabotage by hackers. According to the ''
ESG Research Review Data Protection Survey'' from Enterprise Strategy Group, 53% of businesses can tolerate less than an hour of downtime.
With an effective disaster recovery plan in place, data should be secure and accessible to all employees. This means a business can continue operating or act quickly in order and resume operations as usual.
You'll need to consider issues such as budgets, availability of resources, costs versus benefits, regulatory obligations, and human and technological constraints.
How do you structure a disaster recovery plan?
The global standard for IT disaster recovery states, “Strategies should define the approaches to implement the required resilience so that the principles of incident prevention, detection, response, recovery and restoration are put in place.”
The plan should define the roles of the disaster recovery team leaders and outline the procedures that they need to take. It needs to the specify the incidence response and recovery details. These objectives must be realistic, as procedures which take weeks to complete are not going to be efficient in getting your business up and running again.
The document will probably end up being a lengthy one, but it's important that you cover all possible risks and objectives. These 5 sections can help you structure an effective plan:
- Introduction
Summarise all the objectives of your DRP, including your recovery point objectives (the maximum age of a backup before it becomes useless) and recovery time objectives (the maximum amount of time that should be allowed to elapse before the backup is implemented and normal services resume).
This part of the plan should identify priority order for resource recovery, what your company's key dependencies are, and take them into account when documenting the recovery processes.
- Roles and responsibilities
Your team are going to be your most valuable asset in the case of a disaster. You'll need both IT and operations-focused employees, all briefed and prepared. It's important to keep in mind that if anyone leaves, you may be missing a part of your plan.
A third-party contact list is also necessary for a complete plan. Your DRP needs to include a thorough list of all necessary contacts outside of your organisation, including hardware and
software vendors and data centres.
Although time-consuming, you should go over the plan occasionally with your employees so they're clear about their responsibilities.
- Incident response
You need to consider at what times and in which situations you're going to trigger the DRP and involve the disaster recovery team. This is where the situation will be quickly assessed to determine the level of severity, attempt to control the incident, and then notify the key stakeholders.
It’s after these incidents that you’d decide whether to proceed with disaster recovery procedures.
- Disaster recovery procedures
The set of procedures for each affected IT service are described in-depth. The more detailed the plan, the quicker operations will resume as normal after the incident.
There are 3 types of different procedures to consider:
- Emergency response procedures: The appropriate response to fire, technological disaster, or any situation where lives may be at risk.
- Backup operations procedures: To ensure that essential data processing operational tasks can continue.
- Recovery actions procedure: To restore the data processing system as quickly as possible following a disaster.
- Appendixes
The DRP should have appendixes with any other documents which are relevant to the plan; e.g. alternative work locations, application inventories, contracts, system inventories and insurance policies.
Your plan should account for the IT services which you provide, the people, suppliers, locations, testing and training.
Maintaining your disaster recovery plan
Your DRP should not be a static document, and you should be carrying out regular reviews. This means that improvements can be made so you have the most robust disaster and recovery plan going. It may be tempting to skip testing the plan in its entirety, but this is the only way can be confident that all the processes run smoothly alongside each other.
Once exercised, you will be able to determine whether the plan will recover and restore IT assets effectively.
You should allocate resources to training staff on the steps of the plan, and their roles and responsibilities in case of an IT disaster. As your business grows, the plan will need to accommodate new employees and IT systems.
The biggest mistake that companies make is to wait around for the disaster to occur. Have a solid plan in place to protect your business, before things go south.
If you need help with your disaster recovery plan, don't hesitate to
get in contact with our expert team – we'll help you out.