Without a proper disaster recovery plan your enterprise is at exceptional risk of loss. Nothing is worse than having your enterprise network and data access knocked out without warning. Your disaster recovery (DR) plan can extend your business continuity potential until the disaster has been properly handled. By doing this you can keep your customers satisfied, at same time being assured that the disaster is only temporally.
Both the large and small scale successful enterprises have effective disaster recovery solutions, they also regularly review them to see if any changes need to be taking place.
Disaster recovery includes performing DR drill test at least once in a year stimulating a live scenario. By doing this drill test we can identify any security and back up issues. So the question is: what does your DR plan look like?
What is an IT disaster recovery plan?
Building a disaster plan is not as simple as writing a document. You need to do research to understand the needs of your organisation and the risk it faces. You also need to carefully coordinate the plan with all stakeholders, test and update it to make sure it stays relevant.
Although an IT DR plan may not be able to completely eliminate downtime. It should serve to ensure mission-critical functions are maintained, including the protection of sensitive customer information.
The following are the components which included in the IT DR plan:
Inventory list of critical production systems that are necessary to conduct business, backup tape retention policy, Offsite backup tape facility and time to deliver tapes at DR site, steps to restore servers, secure offsite location, employee training for DR practices, validity of the data restored, user testing of the new DR environment, quick detection of the unauthorised users, making provision for the local area network, restore mainframes along with their backups, software repository which contains approved production OS images and application software with relevant updates.
IT DR plans include the following steps:
- Map out your assets: Identify what you need to protect including network equipments, cloud services, software, hardware and critical data. Also identify its physical or virtual location, vendor and version, networking parameters and relation to other assets.
- Fault finding and context: Identify how your virtue is used and their important to your business. Classify it in to high, medium and low impact.
- Risk assessment: Identify which threats are likely to face. Interview the staffs who work in critical system and ask them what are the most causes of service interruption.
- Define recovery: Identify and consult with the senior staff to understand what would be the impact of interruption to each system. Use this information and follow the right and adequate steps.
- Disaster recovery setup and tooling: The asset to be protected, risk and recovery plan, envision your final disaster recovery setup. Select the software and hardware and cloud services to help you to achieve the required setup.
- Budgeting: Present a limited budget disaster recovery plan to your management according to their requirement.
- Approval: keep an agreed draft of your disaster recovery plan and get the final sign off.
- Test and review: Test the plan by performing a practical disaster drill. Lear from the drill and modify the plan and procedures accordingly. Review the plan at least every 6 months for ensuring it still relevant.
- Implement new solutions: Create an implementation time line that outline your plan to incorporate those new solutions in to an effective disaster recovery plan.
How often to update an IT DR plan?
Your IT Disaster recovery plan should be tested at least once a year. If you have a large organisation having above 150 employees then you should test it at least once every quarter. Any time a test is performed and issues are noticed then your IT DR plan needs to be updated.
Conclusion
Without a DR plan your IT department can’t assure you that your data will be secured at all time. A good IT disaster recovery plan can be act as the backbone of your company. When it comes to the first class disaster recovery activities adequate testing will ensure you have the protection you deserve.