10 Tips for Developing a Disaster Recovery Plan (DRP)
1. IDENTIFY THE RISKS
Begin developing your disaster recovery plan by identifying the potential risks to your IT infrastructure. Possible dangers may include events like hardware failure, power loss, cybercrime, fire, or flood. In some cases, the type of risk will dictate the appropriate DRP action. If you identify hurricanes as a risk, for example, your DRP would need to include a provision for moving your operation to an alternative, unaffected site.
2. DOCUMENT ALL YOUR IT RESOURCES
You will need to make a full inventory of all your IT resources. This inventory should include all your hardware, data, and applications. You will also need to know which skills will be required to recover each of these resources should they be lost. When you are preparing your inventory of resources, it is imperative to be thorough. Even a small application or data file could be a critical element of your overall IT system.
3. PRIORITIZE THE RECOVERY
The next step in your disaster recovery planning should be to prioritize the order in which you will need to bring your computer systems back online. This prioritization will be based on how critical each application is to your business. You will need to consider any interdependencies between your various applications. It’s helpful to create a timeline for getting each system operational again.
4. ASSIGN A DISASTER RECOVERY LOCATION
Should your business premises become unusable, you will need to procure an alternative location. It would be best to identify a suitable place to run your business from, before you need it, as a part of your DRP. If you already operate your business from multiple locations, you could consider designated space in your existing premises as a disaster recovery location. Or, if you work from a single site, you could investigate the option of taking up a short-term lease in a local serviced office facility.
5. PLAN THE ACQUISITION OF REPLACEMENT HARDWARE
A large company may maintain a full suite of hardware off-site as a part of its DRP strategy. However, a smaller enterprise will probably need to acquire new hardware in the event of a disaster. Speed will be of the essence when you are recovering from an IT disaster. So, include in your DRP several reliable sources of replacement hardware.
6. CREATE A DATA AND APPLICATION BACKUP PLAN
A crucial part of any disaster recovery plan is the backing up of data and applications, and, of course, ensuring that backups are held off-site. Your inventory of IT systems will have identified all the critical data that needs backing up. Your DRP will need to document the order in which systems and data will need to be restored. Backups of essential data should be taken on a grandfather-father-son basis, a backup rotation system that uses different media for each backup to guard against data corruption.
7. APPOINT A DISASTER RECOVERY TEAM
To ensure a smooth recovery from a disaster, you will need to appoint personnel to a disaster recovery team. Each team member should know their role and be fully versed in the recovery plan. If you can, it would be best to designate backup members for each of the team’s functions to cover for employee absences. You will also need to document the lines of authority and communication in your DRP.
8. WRITE A DETAILED DISASTER RECOVERY PROCEDURE
Your disaster recovery plan should include detailed procedures for the restoration of your IT systems. It is not sufficient to have an action point of “Restore Finance System,” for example. A DRP needs to include instructions on how the system is to be restored. Documenting procedures in detail will ensure that critical systems can be brought back online, even if key employees are absent from work.
9. TEST YOUR DRP
What looks good in theory may not work in practice. So, you need to test your DRP regularly. Carrying out frequent tests of your disaster recovery plan will help ensure that systems will be fully restored within the targeted timeframe. Testing will also provide employees with the opportunity to practice their disaster recovery roles.
10. KEEP YOUR DRP CURRENT
Finally, last year’s disaster recovery plan is unlikely to meet your needs in the coming years. So, someone will need to be appointed to keep your DRP up to date. The DR manager will need to be notified of all new hardware and software added to your IT resources and of any changes to the location and setup of systems. Risks to your IT infrastructure will need to be regularly reviewed and documented as well.
Some of the above steps may be overkill for a small business. However, the principles contained in each point can be scaled to fit smaller organizations. The crucial point is that, regardless of business size, having an up-to-date disaster recovery plan will help minimize the disruption to business that an IT disaster can cause.