Let’s face it, most businesses don’t have comprehensive disaster recovery plans in place.
Have you got a plan for the evacuation and relocation of your business in case of disaster?
Have you done an IT disaster simulation every quarter, half year, yearly?
Do you have plans to recover your critical services such as telephony and email in the case of failure?
It is the fiduciary duty for the directors of a company to have plans in place to recover from a disaster. One wants more than that though, it’s the smaller avoidable things not taken care of that could lead to a large disaster.
Here are seven key elements that must form the basis of a disaster recovery / business continuity plan:
1. Communicating plans to all people, communication during a disaster
It’s essential to plan for disasters, this is done by communicating within the organisation, understanding and defining risk profiles of the things that can go wrong and then creating plans firstly to mitigate the possibility of things going wrong and secondly to know what steps to take to recover when they do go wrong.
During a disaster situation it’s essential that the channels of communication are open, that communications can be sent to staff, that the people managing a disaster recovery plan are fully able to communicate with each other and know who is assigned to perform certain tasks in which specific order.
2. Knowing which equipment and assets you have and how to protect or use these in a disaster
It’s essential to understand which equipment is critical for your business to operate. Document all your assets from a risk point of view and create plans to check and maintain operations on an ongoing basis. Build plans for the spares required and how to recover equipment with minimum downtime in the case of a disaster.
3. Understanding your vendors and who can provide support and services
Your vendors and service providers are a key part of your disaster management. Ensure you have adequate service level agreements with them, ensure your disaster recovery systems have all the required contact details and documentation of your critical vendors. Understand the role they play in each of your disaster recovery plans: are they consultants, do they perform actual recovery actions, have they been involved in simulation exercises?
4. Ensuring you can maintain the core services required to keep your business alive
The core services required by a modern organisation to continue functioning vary across industries, but all include:
- Internet connectivity
- Access to applications and data
- A place of operation
Ensure you understand how your business manages all these services, who the vendors are, which assets you need to keep these operational and how you’ll recover these or replace them temporarily in the case of a disaster.
5. Having defined disaster recovery plans and scenarios
A single disaster may affect a number of areas of a business, so it would need to activate a number of different disaster recovery plans.
You need to define all possible scenarios and put into place the required plans to recover the separate areas of business.
For example, if your premises caught on fire, you’d need to evacuate and relocate your staff and ensure your telephony and business systems were activated in the new location.
6. Verification of server backups RPO and RTO
For any organisation the data it holds is one of its most critical and valuable assets. It’s mind-blowing that some organisations neglect the basics of data management.
We recommend the use of a full IT disaster recovery service which entails backing up your physical or virtual services to a different location, ensuring your backup schedule gives you an adequate recovery point object (RPO – the time of the last backup of a server that can be recovered from) and that your service provider provides a service level agreement giving you an expected recovery time objective (RTO – the time it’ll take to have your servers up and running in the new location).
7. Simulating a disaster to ensure plans are valid
If you haven’t simulated your disaster recovery plans in a nice controlled environment, how are you going to recover when the proverbial s*%t is hitting the fan?
It’s critical to perform simulations of your disaster recovery plans at least bi-annually and for IT services it should be done quarterly.
In conclusion, every modern organisation must have disaster recovery plans in place for scenarios they’ve defined. They must also attempt to make recovery easier for themselves by simplifying their operations as much as possible, this includes:
- Hosting your servers in a virtual private cloud. If this is not possible, virtualise your physical on-premises servers for easier recovery.
- Moving to VOIP telephony with a hosted PBX.
- Ensuring some redundancy from power utilities by using solar power or a generator.
- Using laptops for your staff with optional external screens and keyboards.
A robust and resilient organisation is possible with forethought and planning, and by simplifying operations and having backups for critical functions.