Disaster recovery focuses on technology and technical operations. It refers to the coordination, processes and tools companies use to restore disrupted systems and data in an organized and predictable manner.
What is a disaster recovery plan?
A disaster recovery plan is a key component of any business continuity plan. It’s often a shared repository, containing the steps necessary to restore disrupted systems and data. Disaster recovery plans are like “runbooks.” They instruct various groups on what to do to recover company resources during a disaster.
Why a disaster recovery plan important
Data and brand reputation are among a company’s most valuable assets. Losing data significantly impacts your business, especially if that data is customer information or financial records.
There can be real consequences to not having a disaster recovery plan, including:
- Revenue loss
- Not meeting compliance or regulatory standards
- Productivity loss
Creating a disaster recovery plan
The first step in creating a disaster recovery plan is to inventory and understand the moving parts of your IT infrastructure.Â
Look at the risks to your organization’s IT footprint. This will help you determine what to include in the plan’s first iteration. This plan will evolve, so start with the most critical pieces. Your disaster recovery plan should be tailored to your specific business needs and risks. To assess the risks, consider both external and internal threats. External threats include natural disasters, cyberattacks and power outages. Internal threats include human error, hardware failure and software issues.
The goal isn’t to have a standby of every service built in the cloud, but to have coverage within a list of your most impactful and interdependent services. Once you identify critical points, prioritize them, develop your plan and communicate it throughout your organization. These are the core list of services that would interrupt the business.
When creating a disaster recovery plan, you should:
- Identify your threat vectors
- Identify what is an acceptable recovery time objective
- Track your validated recovery time actual
- Identify your organization’s recovery point objective
- Classify impact types for the various services based on immediate impact, cross-departmental dependencies
This will help you identify:
- High-priority systems
- Required internal/external services
- Data that needs protection
- Who will be involved and how to reach them
- Internal/external communications and when to send them
- Cross-departmental reliance on services
- Processes tailored for your specific teams
- A time to review and test your disaster recovery plan
- Scheduling to revise your disaster recovery plan
Common mistakes made when creating a disaster recovery plan
- Not testing the plan regularly. It’s important to test your disaster recovery plan periodically to ensure that it will work as intended and that all team members know what to do in the event of an actual disaster.
- Not keeping the plan up to date. Data sources, supporting services and operational procedures can change. As a business changes and grows, your disaster recovery plan should as well.
- Not reviewing the plan on a routine schedule. Revisit disaster recovery objectives every three-to-six months, as focus and momentum can wane. It can be difficult to pick up after an entire year. Aim for progress and participation, not perfection.
