How to Build a Disaster Recovery Plan
Disaster can strike at any moment, and its effects can be devastating to businesses. The UK's Department of Trade and Industry estimates that 70% of businesses that suffer a major data loss go out of business within a year. With such consequences, it's critical to have a solid disaster recovery plan in place in case the worst should happen.
A good disaster recovery plan can be divided into three parts: Planning, Storage, and Recovery. Each part is equally important, and each one should have a thorough plan of its own. In this article, we'll go through and help you build a disaster recovery plan to handle any eventuality and be back in business as soon as possible.
A solid disaster recovery plan requires everyone involved to know their roles and be ready to execute them at a moment's notice. At the very least, your business should designate someone to oversee that all preparations are laid out and that all critical data is backed up on a regular basis. Ideally, this person will be someone other than you, since you as the business owner will want to go back and double check their work for redundancy.
This is the second key aspect of planning for disaster recovery - always make sure that there are redundant channels and oversight. In case the worst should happen, the channels of communication need to be set up so that everyone knows who to call as a primary, and who to get in touch with in case the primary contact person is unable to be reached. Make sure that everyone knows who the person to contact is in case of a major IT issue, and who the alternate contacts are. Maintaining a strong chain of communication can mean the difference between a temporary outage and a major business disaster.
Storing your data securely for a post-disaster recovery is as important as planning. The first step to storing and protecting your data is choosing a backup and storage method and provider. There are many options available for both backup and storage, and choosing the right one is based largely on the needs of the business.
Larger companies with more involved data needs can opt for an in-house solution using their existing IT staff. Smaller companies, or those with more generic data needs, should instead look at one of the cloud backup services or managed backup providers. Whatever option you choose, it's important to make sure two requirements are met:
Your recovery data should be kept in multiple physical locations separated by some distance. Most cloud and managed backup providers already guarantee this level of duplication and redundancy by distributing your stored data across multiple different data warehouses in multiple locations. However, if you go with an in-house or custom solution, it is important to make sure that backups are not all located in the same datastore, and certainly not in the same building as your offices.
Your recovery data should also be stored on physical media somewhere in another location, in case a recovery is necessary and an internet connection cannot be established. Magnetic tapes or USB drives are the best form of backup due to their longevity and ease of storage, but DVDs or CDs can work for short term storage.
The process of recovery begins with a good policy of detection and monitoring. Make sure that whatever disaster recovery plan you create accounts for carefully keeping track of your data in case of less obvious disasters - things like fires when you are out of the office, malicious intrusion (either physical or cyber), power outages and the like. The faster you can learn that your data is in danger, the quicker you can react and the easier the recovery process can be.
As mentioned earlier, everyone on your staff should know who to contact in the event of a major disaster. Make sure to inform your staff that their safety is the top priority - if you've been backing up your data properly and storing it offsite, losing your equipment in a disaster is only a temporary setback. Make sure you know where your data is and how to retrieve it. Practice full recovery drills several times a year so that everyone on your staff knows what to do - you don't want to have to add learning an unfamiliar system to all the other post-disaster stress.
Make sure you have a plan about what needs to be recovered first, where all your priority information is, and how to get to it. For many businesses, this will be customer-facing data - websites, client login portals, and any information that needs to be accessed by your customers. It should also include your most sensitive business information.
Having a disaster recovery plan can make the time between disaster and recovery much shorter than it would be without one, and the work required to implement one is minor compared to the risk of losing your business. Don't be one of the over 50% of businesses that don't make regular backups - plan for the worst, and you will be able to weather any storm.
About the Author
Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.
Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.