COVID-19 has forever altered how we view, develop, deploy, and value business continuity planning.
This global health crisis has created unprecedented change and challenges across enterprises, industries and countries. It has sounded an alarm for preparedness, and every surviving private organization or government agency must respond with immediate and long-term business continuity plans to keep moving forward.
A sound business continuity strategy that builds operational resilience and mitigates risk for an unpredictable future has never been more important.
What is Disaster Recovery?
Disaster recovery is an organization’s method of regaining access and functionality to its IT infrastructure after events like a natural disaster, cyber attack, or even business disruptions related to the COVID-19 pandemic.
A variety of disaster recovery (DR) methods can be part of a disaster recovery plan. DR is one aspect of business continuity.
How does disaster recovery work?
Disaster recovery relies upon the replication of data and computer processing in an off-premises location not affected by the disaster. When servers go down because of a natural disaster, equipment failure or cyber attack, a business needs to recover lost data from a second location where the data is backed up. Ideally, an organization can transfer its computer processing to that remote location as well in order to continue operations.
To make Disaster Recovery work, all the technical and non-technical aspects must be documented in a timely fashion.
What is a disaster recovery plan?
A disaster recovery (DR) plan is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events.
The plan contains strategies on minimizing the effects of a disaster, so an organization will continue to operate – or quickly resume key operations.
Why is a disaster recovery plan important?
The business impact of outages or unplanned downtime can be extremely high, more so in a hybrid multicloud environment.
Key reasons why a business would want a detailed and tested disaster recovery plan include:
- To minimize interruptions to normal operations.
- To limit the extent of disruption and damage.
- To minimize the economic impact of the interruption.
- To establish alternative means of operation in advance.
- To train personnel with emergency procedures.
- To provide for smooth and rapid restoration of service.
- To meet today’s expectation of continuous business operations, organizations must be able to restore critical systems within minutes, if not seconds of a disruption.
What are the key steps of a disaster recovery (DR) plan?
The objective of a disaster recovery (DR) plan is to ensure that an organization can respond to a disaster or other emergency that affects information systems – and minimize the effect on business operations.
Below is a sample template to produce a basic disaster recovery plan. The following are the suggested steps as found in the DR template.
Once you have prepared the information, it is recommended that you store the document in a safe, accessible location off site.
Step 1: Major goals – The first step is to broadly outline the major goals of a disaster recovery plan.
Step 2: Personnel – Record your data processing personnel. Include a copy of the organization chart with your plan.
Step 3: Application profile – List applications and whether they are critical and if they are a fixed asset.
Step 4: Inventory profile – List the manufacturer, model, serial number, cost and whether each item is owned or leased.
Step 5: Information services backup procedures – Include information such as: “Journal receivers are changed at ________ and at ________.” And: “Changed objects in the following libraries and directories are saved at ____.”
Step 6: Disaster recovery procedures – For any DR plan, these three elements should be addressed:
Emergency response procedures to document the appropriate emergency response to a fire, natural disaster, or any other activities in order to protect lives and limit damages.
Backup operations procedures to ensure that essential data processing operational tasks can be conducted after the disruption.
Recovery actions procedures to facilitate the rapid restoration of a data processing system following a disaster.
Step 7: DR plan for mobile site – The plan should include a mobile site setup plan, a communication disaster plan (including the wiring diagrams) and an electrical service diagram.
Step 8: DR plan for hot site – An alternate hot site plan should provide for an alternative (backup) site. The alternate site has a backup system for temporary use while the home site is being reestablished.
Step 9: Restoring the entire system – To get your system back to the way it was before the disaster, use the procedures on recovering after a complete system loss in Systems management: Backup and recovery.
Step 10: Rebuilding process – The management team must assess the damage and begin the reconstruction of a new data center.
Step 11: Testing the disaster recovery and cyber recovery plan – In successful contingency planning, it is important to test and evaluate the DR plan regularly. Data processing operations are volatile in nature, resulting in frequent changes to equipment, programs and documentation. These actions make it critical to consider the plan as a changing document.
Step 12: Disaster site rebuilding – This step should include a floor plan of the data center, the current hardware needs and possible alternatives – as well as the data center square footage, power requirements and security requirements.
Step 13: Record of plan changes – Keep your DR plan current. Keep records of changes to your configuration, your applications and your backup schedules and procedures.
A good disaster recovery plan document will be detailed, kept up-to-date with current information, and accessible by anyone who needs to refer to it in the case of a disaster. The elements will vary according to your company’s structure, the type of business you have, and what services you have supported by partners.