Disaster Recovery Planning Best Practices
If there’s one thing organizations learned over the past few months, it’s to expect the unexpected. With entire workforces working remotely and preparing to return to the office soon, now is the time to update or create a Disaster Recovery Plan (“DRP”).
The fact is, a disaster with the potential to wipe out your business is more likely to come from human error than a fire, explosion, earthquake or power outage.
Disaster Recovery involves a set of policies, tools and procedures that enable the recovery of vital technology infrastructure and systems following a natural or human-induced disaster.
Follow our best practices to keep your systems, data + personnel protected, and your business operation ready in the event of an emergency or disaster.
1. Create A Disaster Recovery Team. Designate different members of your team as the “Emergency Squad.” Clearly define their responsibilities with the purpose of thinking through the scenario of losing access to your primary data source. Make certain that, in the event of a disaster, everyone knows what to do, who to call and what steps to take to get the business operating as quickly as possible. Keep all employees informed and part of the solution that protects critical data.
2. Identify Risks. Every business has unique circumstances that contribute to their risk for data loss. Identifying and understanding these risks allows better preparation and response. Some of the most common risks are:
Unexpected Updates & Patches
Fire or Flood
Understanding the risks to data helps define the response to protecting it.
3. Identify Critical Hardware & Software. Knowing the software and systems you rely on most allows the creation of redundancy and a further step toward elimination of single-points-of-failure. Organize your software and systems into different tiers.
Tier 1 contains the mission-critical systems & applications the business can’t function without. What good is a data backup if you don’t have application to use the data? A good example is e-mail and phone systems.
Tier 2 contains software and systems needed within eight-to-ten hours of a disaster. They are deemed essential, but not required immediately to conduct business. These may include accounting software.
Tier 3 software and systems are part of the business historical record and necessary for the business, but not immediately needed, such as bank statements or prior year’s tax returns.
4. Review Backup & Restore Procedures. Assuming a backup is in place, examine where it resides. If it’s in the same physical space as the primary data, then it’s probably a good idea to separate the two. If your back up is in the cloud, what are the procedures to target to the data if the Internet connection goes down? Close examination of the backup procedures and plans allows clear understanding of what to do and when. In the midst of a disaster the last thing a business can afford is figuring out where the data is and how to get to it.
5. Conduct Tests. The only way to know for sure that a disaster recovery plan will work is to test it. Testing validates that all critical data is accessible when the primary data source is unavailable.
There are several ways to test your backup and recovery plan, which range from, review of a checklist of steps to a full-blown simulation. The full-blown simulation is the most thorough test, though the most difficult to execute, as it has a direct impact on business operation – and it should! Verify compete backups are performed on all critical systems. Verify that the backup data is located and is readable. During the test, record the time required to complete key steps as well as any problems encountered during file restoration or application restarts.