Organizations of all sizes depend on information technology as an essential part of their everyday operations. Since data accessibility is a top necessity, the need for companies to assemble a comprehensive disaster recovery plan is fundamental.
Research conducted by Info-Tech Research Group, however, validates that nearly 60% of North American businesses do not have a disaster recovery plan in place in case of crisis – a recipe for potential business failure. Below are some tips to help organizations plan for a disaster.
Nine Tips for Disaster Recovery Planning
1. Formulate a disaster recovery plan
IT disaster recovery planning can be an overwhelming task, with numerous situations to investigate and various alternatives to pursue. To start, establish what is essential to keep the business running – i.e., email and application access, database back-up, computer equipment – and the “recovery time goal” or how rapidly the organization needs to be up and running post-disaster. Other key plan factors to contemplate are establishing who inside the organization affirms the disaster, how personnel are notified that a disaster has taken place, and the best method of communication with clients to reassure them that the organization can continue to assist them with their needs.
2. Oversee implementation
Once a disaster recovery plan has been created, it is important to monitor the plan to make sure its components are executed successfully. A disaster recovery plan should be seen as a living, breathing entity that can and should be updated as often as possible, as required. Also, proactive continuous monitoring and remediation of practices, for example, back-up data storage and data replication, results in less IT issues and less downtime should a crisis take place.
3. Test disaster recovery plan
The Disaster Recovery plan needs to be tested on a regular basis to ensure the organization can recover the operation effectively and in a timely manner. Disaster Recovery testing is a major challenge for most IT departments, but if recovery has not been tested all the way to the application level, it is quite likely that issues and problems may take place.
An under-tested plan can often be more of an impediment than having no plan in place. The ability of the disaster recovery plan to be valuable and effective in a crisis or emergency situations can only be measured if thorough testing is completed one or more times per year in realistic conditions by mimicking circumstances that would be material in a real crisis. The testing phase of the plan must have essential verification activities to empower the plan to be able to withstand the most disruptive occasions.
4. Perform off-site data back-up and storage
Any disaster that jeopardizes a business is liable to make access to on-site data back-up impossible. The primary concerns for data back-up are security during and ease of access ensuing a crisis. There is no advantage to making a back-up file of valuable data if this information is not transferred via a secure method and stored in an offsite data storage center with foolproof protection. As part of creating a back-up data solution, each organization needs to decide its “recovery point objective” (RPO) – the time between the last available back-up and when a disruption could conceivably take place. The RPO is founded on tolerance for loss of data or re-entering of data. Every business should back-up its data at least once daily, but should strongly consider more frequent back-up or “continuous data protection” if necessary.
5. Back-up laptops and desktops
Even though many organizations have policies and procedures necessitating personnel to store all data on the company’s network, it is not practical to assume that the policy is being adhered to. Users often store important files on local systems for a host of reasons, including the need to work on files while traveling and the necessity to protect sensitive data. Backing up laptops and desktops protects this critical data in the event of a lost, stolen or damaged workstation. Utilizing an automatic desktop and laptop data protection and recovery solution is ideal.
6. Be redundant
Instituting redundant servers for all critical data and offering an alternate way to retrieve that data are important parts of an organization’s disaster recovery planning. Making sure these redundant services are in place at a secure, offsite location can bring disaster recovery time down to minutes instead of days.
7. Install regular virus pattern updates
IT infrastructure is one of those realities of business life that most organizations underestimate. Businesses often do not focus on email security until an incipient virus, spyware or malware wreaks havoc on employees’ desktops. Organizations need to secure its data and systems by installing regular virus pattern updates as part of disaster recovery planning, which may even help prevent an emergency from taking place.
8. Consider employing a managed services provider
For small to medium-sized organizations, it is often cost restrictive to realize a sound disaster recovery plan. Oftentimes these organizations lack the technical professionals to achieve this. Managed services providers (MSPs) have surfaced in recent years to perform this role. MSPs have the technical workforce to plan, execute and oversee complex disaster recovery projects. Also, MSPs have the server, storage and network infrastructure in place to manage a true disaster recovery plan. To maintain costs manageable and make disaster recovery services, such as data storage and redundant servers, accessible to small- to medium-sized organizations, MSPs build shared, multi-tenant IT infrastructures that host multiple businesses on the same hardware and network equipment which helps keep costs reasonable and advantageous for its clients.
9. Disaster recovery budget consideration
Data protection and recovery requirements may seem too expensive and Disaster Recovery is viewed as a particularly overwhelming cost, one that many organizations have a great deal of trouble absorbing. It comes back to the gap between the ideal and the practical. Having the capacity to address the IT cost for Disaster Recovery is an issue of integrating Disaster Recovery into standard operations as much as possible. Preferably, the Disaster Recovery resources and equipment are not seen as technologies that are sitting idle. Newer technologies are emerging that make this more cost effective. Regardless, Disaster Recovery needs to be treated as an investment. It is an insurance policy.
Every business is susceptible to experiencing a serious incident, preventing it from continuing normal business operations at any time. Outside terrorist threats, less disastrous events such as a lost or stolen laptop, and various presently unforeseen possibilities can result in substantial business interruptions. Anticipating disaster and preparing seems both prudent and advisable, as does regular testing of IT services and back-ups.