As well as a business continuity plan – which every business should have, by the way – you should also document a disaster recovery plan to protect you in the event of data loss.
Disaster recovery is an important aspect of business continuity. It’s all well and good having your data backed up in the cloud, but if there’s a failure in your IT infrastructure, that cloud storage and back-up will only be part of getting you back up and running. In other words, you need your hardware fully operational and a clear action plan for your employees to be able to use that data again.
To help, we’ve created a simple seven-point checklist for creating the disaster recovery plan that best suits your needs…
1. Conduct a disaster recovery risk assessment
You need to detail and document the full range of potential threats and scenarios, including the implications of each, within a disaster recovery risk assessment. This should cover your cloud storage and backups alongside your IT infrastructure. Add to this the likelihood of each threat affecting you – and in doing so, note any simple changes you can make straight away to reduce that likelihood.
This will give you an invaluable overview of some common threats, and how they apply directly to your unique set-up and requirements.
2. Determine the disaster recovery objectives
What does your business need to prioritise in order to recover fully from any of the scenarios you identified in your risk assessment? And how long should these processes take? The answers to these key questions will determine your:
Recovery Time Objective (RTO)
The time it takes to recover all systems and applications, ready for restoring data from a cloud backup.
Recovery Point Objective (RPO)
The amount of data you risk losing access to during a disaster recovery process, and the corresponding amount of time to regain that access.
Depending on the size of your business and the nature of your operations, it could be worth prioritising some aspects of disaster recovery procedures accordingly. ‘Business as usual’ might depend on having some systems and data recovered ahead of others. Now is the time to make that clear in your future-proof disaster recovery policy.
Many small businesses, for example, can afford to have their server down for a day and just work on some important files. But for larger companies running complex databases, it may cost them tens of thousands of pound of lost revenue per hour.
3. Consult your disaster recovery plan for communication and backup procedures
Once you’ve documented your risk analysis and discussed your IT disaster recovery plan and cloud backup restoration priorities, it’s time to document it in full and share it with everyone. This way, the team will know exactly what to do – and in what order – if your disaster recovery plan needs to kick in. It should be clear about individual and departmental responsibilities, plus procedures and likely timescales to help you avoid unnecessary delays and potential loss of business and reputation.
Written guidelines should cover everything from implementing disaster recovery procedures, to monitoring each step of the process and ensuring you haven’t overlooked anything crucial. Again, make sure everyone knows who’s doing what and where, and how they can contact and collaborate to best effect. Also, appoint and make a note of who will inform employees, customers, partners (and possibly media) about any IT infrastructure failure – and discuss how they can do this most diplomatically! And don’t forget to also let the relevant parties know when you’re fully recovered. Sounds obvious, but you’d be surprised how often this is overlooked.
4. Identify a Disaster Recovery Site
This is where you move all critical data held in applications and physical assets (such as desks, servers, phones, external drives) if a disaster strikes that demands relocation or ‘switching over’ to other locations where data is already backed up and the technology is there to use it. Make sure this ‘temporary accommodation’ keeps you connected and supports – at very least – active communications through business-critical hardware and software. If your business supports remote working, this is often a good way to maintain continuity.
Disaster recovery or ‘DR’ sites are often described as ‘hot’, ‘warm’ or ‘cold’. What does that mean? Well, a hot site performs to all intents and purposes as a functional data centre, replete with the required hardware, software, personnel and customer data to operate ‘normally’. A warm site gives you access to all your critical IT applications, but not your customer data, while a cold site is basic storage for IT systems and physical backups, with no technology available until your disaster recovery procedures are fully underway.
A comprehensive disaster recovery solution will trigger automatic backups and replicate critical workloads at several sites for swift recovery, and this can be integral to a full business continuity plan. Executed properly with the appropriate tech and expertise, this can keep business disruption to an absolute minimum, and ensure data security.
Business telephone systems are often forgotten in a disaster recovery scenario. Modern VoIP based phone systems make it trivially easy to integrate into an effective DR plan.
5. Recover data from your disaster recovery/backup service provider
Now that you’ve dealt effectively with the ‘disaster’, you can focus on recovering your data. Assuming you have a decent cloud backup system in place, this should be quick and painless. It may be complex if you have multiple sites and permissions to consider, but a comprehensive disaster recovery plan and the right cloud backup provider will give you full peace of mind and ensure everything can be back to ‘normal’ quickly. And what a relief that will be!
6. Re-evaluate your disaster recovery plan
Phew! You hope that never happens again – but you should also assume that it will. While the experience is still fresh in everyone’s mind, take the time to document and assess it, and consider how you could do things differently. Note down and learn from any mistakes. Maybe you prevent it by looking at what caused the failure and taking it out of the equation. Maybe you allocate people and resources differently to recover more quickly. Maybe you outsource some of the support to expert providers. A de-brief can help you iron out any issues and enjoy the reassurance that if there is a next time, you’ll be ready.
7. Create a business continuity plan to avoid future risk
Business continuity and disaster recovery clearly go hand in hand, so if you don’t have a cohesive business continuity plan in place already, hopefully this article has made it a priority for you. Find a provider that understands your needs and can provide the appropriate solutions. It’s more than a box to tick and forget about – it will poise your business to deal effectively with whatever the future holds and leave you to focus on making it a success.
BackupVault’s InstantData allows your business to combine a high quality cloud backup solution with a robust Disaster Recovery feature, helping you to reduce the impact of a disaster on your business operations. For more information, please contact us.