Disaster Recovery Planning 101
When you hear “Disaster Recovery” you may just think it only has to do with natural disasters. In fact, much more likely are threats such as human error, hardware malfunctions, power failures, just to name a few. Today it is simply not an option to forego having an IT Disaster Recovery plan in place. This article will cover a high level view of the basics of Disaster Recovery planning to help you start formulating a plan if you haven’t already or evaluate your organization’s current plan.
Assess Your Overall Risk with a Business Impact Analysis (BIA)
At the core of disaster recovery, you’ll find the BIA. This analysis is the stage in which you explore the impact of a potential disruption to your organization. Included in this is the possible loss of business, negative effects on your reputation as a company, a loss of employees, and a loss of data.
The goal here is to identify your essential business functions and the ways in which a disruption to them will impact your organization. This offers a jumping off point for you to clearly define DR strategies.
Determine Your Risk Tolerance (RTO/RPO)
After completing a thorough business impact analysis, it is time to unlock your recovery objectives. This begins with the question… what is your risk tolerance?
- RPO (Recovery Point Objective): By looking at the time between data backups and the amount of data that could be lost between backups, you unlock your RPO. There are some important questions that need to be asked here. What is your company’s loss tolerance in relation to your data? How long can you afford to operate without the data before your business begins to suffer?
- RTO (Recovery Time Objective): This is in reference to the time that is required for you to get your IT and business activities up and running again after a disaster. How long can you afford to be down? RTO is all about your application rather than the actual data that is lost.
Fully Document Plan Policies & Procedures
It is critical that your plan is a detailed, living document that is updated regularly to ensure that everything remains current. Documentation includes a full equipment inventory that exists within your infrastructure, so that any new IT administrators that become involved have a bird’s eye view of what was put in place by previous IT professionals.
Where Will Your DR Site Be Located?
Location is extremely important when it comes to hosting. First off, the physical location of your DR site should live far enough away from your primary site. This separation ensures that the DR site will not be affected should a physical disaster harm your primary site. Access is also important here, as staff members should be able to get to the site as soon as possible in order to resolve any issues that might arise. Finally, it is important that your DR site is close enough to realistically achieve your established RTO and RPO objectives.
Appoint Incident Response Team
Having a team in place to respond to any disaster that might arise will make your DR plan much more effective. This team will likely have day-to-day responsibilities as it relates to your organizations IT operations, and should be fully integrated into your DR plan. The responsibilities of this team include monitoring networks, alerting and mobilizing for action, assessing issues and stabilizing threats, resolving the issues that arise, and ultimately reviewing the events to ensure they don’t repeat.
This disaster recovery planning process doesn’t end once the plan is in place. Test your plan regularly to ensure that it is effective. This requires a set testing schedule, and a continuous testing plan. Establishing this type of schedule helps you remain protected well into the future.
Every organization is different, but these preliminary steps are a great starting point for any company looking to establish a strong disaster recovery plan. If you’d like to explore what your RTO and RPO requirements are, and what your custom DR plan should look like, reach out to us today to talk to a security specialist.