7 Steps to a Thorough Disaster Recovery Plan
Do you have a thorough disaster recovery plan in place? Most businesses neglect this very important process and will wait until after they been victim to an incident to make any formal process. This leaves them vulnerable, just waiting for something to hit them and have a detrimental effect on their business before they spring into action.
What is it?
A disaster recovery plan is a documented, structured approach with a step by step guide of how to respond to unplanned incidents. These steps seek to minimise the effects of an incident and keep the business running as smoothly as possible.
7 steps to create a Disaster Recovery Plan:
1. Analyse your current business processes and perform a business impact analysis (BIA) and risk analysis (RA).
The risk assessment should focus on: loss of access to premises, loss of data, loss of IT function, and loss of skills. You should construct a table of what events may lead to these main risks and what is the likelihood they will happen, and how much impact that would have on your business. A BIA serves to relate these risks to their potential impact on the business as a whole, including its operations, financial performance, reputation, employees and supply chains. The objective of this is to establish recovery time objective (RTO) and recovery point objective (RPO) in order to prioritise and set a timeline for your plan.
2. Consider any factors that may impact your plan
- Budget – how much will the plan cost your company, and how much do you need to have at your disposal if the plan was called into action.
- People – who will be in charge of what, a representative needs to be assigned to every process who will have the competency to lead everyone else in what to do.
- Technology – what systems do you currently have and how would they handle this incident, do you need to invest in new technology?
- Data – Where is your data stored and backed up? Do you store it physically in drives or tapes as well as online?
- Suppliers – If you do outsource, have you consulted your suppliers about this? They need to be aware and approve any plan so they can best help you in the case of an incident.
- Management Approval – Who has requested this plan and who will approve it? Every decision or revision of this plan will need to be approved by a manager and detailed in your plan.
3. Develop Disaster Recovery Strategies
Once you have gathered this information, you can begin to establish strategies. Put together a list of critical systems relevant to your business, adding their RTO/RPO and threat. Then start to plan a prevention strategy, response strategy and recovery strategy. For an example see these tables constructed by Computer Weekly:
4. Translate this data into a Disaster Recovery Plan
This information can then be evaluated and translated into a recovery plan, adding response action steps and recovery action steps in place of the proposed strategy:
5. Edit this plan into a final draft approved by the whole team
These steps can then be passed to all members of the team and drafted into a simple, easy to follow guide. This part is very important as this plan must be approved and understood by everyone. The lack of editing and clarity of these steps could add extra time or risk in the event of a disaster. Moreover, the draft should have managerial approval so it can be deemed an official process.
6. Testing and training
Once this plan has been finalised, it is time to test out how this plan would work. This can be done through staff training, offering a session running every member of staff through the plan and seeing if they would be easily able to follow steps in a disaster. If not, it may be necessary to make some revisions to the plan to make it more accessible.
7. Regularly review and update
This plan, once finalised and tested, should be reviewed and updated on a regular basis. The regularity of this is entirely up to your business, we would suggest bi-annually to be extra secure, but it can also be part of your annual audit. Making it a part of your internal process means that it will never be neglected or left to become outdated.
If you are worried about your plan, or lack thereof, then get in touch with us. We have a lot of expertise in these processes and can advise you on what would work best for your business, regular backup checks and 24/7 system monitoring are an integral part of our managed IT support. Let us show you how we can help to make you prepared for any eventuality.