Disaster Recovery refers to the planning and implementation of emergency measures to restore an organisation to a minimum level of operation after a “disaster” has affected their critical systems.
What Is Meant By A “Disaster”?
A “disaster” is anything that puts the activities of your organisation at risk, from a ransomware attack to a power cut, to a hardware failure or even an extreme weather event like a flood or blizzard which prevents you from entering your premises.
For this reason, it is wise to envisage and prepare for as many potential disasters as you can reasonably conceive of. Consider your industry, previous disasters you have faced, anecdotal accounts from peers and common sense observations when developing a disaster recovery plan.
What Are The Core Elements of a Disaster Recovery Plan?
Every organisation’s plan will be different depending on their industry, the technologies used and the circumstances under which they operate. However, there are some basic elements which all disaster recovery plans should contain, including…
- A statement of the main goal of the plan.
- Assigned roles for key personnel.
- A comprehensive network diagram.
- A “recovery site” to work from if your office is unavailable.
- A list of all essential software used by your staff.
- Any relevant insurance information.
- A Recovery Time Objective (how long the recovery should take).
- A Recovery Point Objective (how much data you need to restore).
What Is A Recovery Point Objective (RPO) and What Is A Recovery Time Objective (RTO)
The RPO and RTO will be two of the most important factors to consider for any modern business when they are developing their disaster recovery plan.
RPO stands for recovery point objective. This is the maximum age of files from which you need to recover in order to continue operating. Your RPO will determine the frequency of your data backups. So, an organisation with and RPO of five hours would need to implement a backup solution which backed up at least once every five hours.
RTO stands for Recovery Time Objective and refers to the maximum amount of time it should take following a disaster to recover your data and (if required) set up your staff at either a secondary office or to work from home. If your RTO is three hours, you will need to be able to complete your entire disaster recovery plan within three hours of choosing to implement it.
It is important to be realistic when setting both your RPO and RTO times as the more demanding your targets are the more costly the potential solutions are likely to be.
How To Start Building Your Disaster Recovery Plan
Preparing for every eventuality can seem overwhelming. So, we’ve broken it down into the essential steps. If you would like Carden IT Services’ help developing your own plan, please contact us and learn more about our disaster recovery planning services and our real-word experience of implementing DR plans. If you wish to continue planning your own disaster recovery, or want to learn more about what it entails, follow these steps.
- Meet with the head of your IT department and establish the goals and scope of the plan.
- Brief your senior management on the plan and get approval to put it into action.
- Complete a detailed network diagram.
- Identify the most serious threats that your business faces, both physically, technologically, and circumstantially.
- Consider previous disasters you have faced. What lessons can be learned? Factor the answers into your DR plan.
- Identify the maximum amount of downtime your organisation could sustain. This will inform your choice of Recovery Time Objective.
- Identify the minimum amount of historical data your organisation requires. This will vary wildly depending on your industry. A clothes shop may not require any historical data whereas a law firm or accountants may need months’ worth of data to work effectively.
- Develop a procedure for backing up your data and restoring it within the Recovery Time Objective parameters.
- Identify key roles for certain members of staff during a disaster. Just as you would assign a fire marshal during fire drills.
- Once a draft of the plan has been completed, have senior management review it.
- Set a schedule to test each element of the plan regularly.
- Review your plan if/when business circumstances change.
A disaster recovery plan should be considered a “living document” and not something to “set and forget”. Circumstances can change quickly, especially for a start-up or growing business. New cyber threats emerge every day and what was once state of the art quickly becomes outdated. An incomplete or out of date disaster recovery plan is not much more use than not having one at all.
What Are The Benefits of a Disaster Recovery Plan?
As businesses and other organisations have become more digitally connected, they have also become more dependent on technology and as such, their tolerance for downtime has been significantly reduced. If your entire business is based in the cloud then no power, or no internet connection, means no work.
A disaster is never pleasant for any business, but the better prepared you are the more likely your business is to survive it. Data loss can be particularly damaging for a business on both a financial and reputational level and many businesses which suffer an unexpected data breach or ransomware attack will fail shortly thereafter.
What Is Disaster Recovery as a Service (DRaaS)?
One of the most popular options for today’s businesses is disaster recovery as a service (DRaaS).
DRaaS is the replication and hosting by a third party of physical or virtual servers for recovery in the event of a disaster.
As it is highly unlikely that the provider will be affected by the same disaster at the same time, it allows them to implement the disaster recovery plan immediately.
What Are The Benefits of DRaaS?
As the services as cloud-based, they can be accessed from any location with an internet connection. This makes transitioning to a secondary site, or working from home, much easier to achieve within the RTO.
DRaaS is normally more cost effective for small and medium businesses as they can take advantage of the shared infrastructure of cloud providers. Like all cloud services, DRaaS is highly scalable and can grow with your business.
Does Your Business Need DRaaS?
We hope this has been a useful guide to the essentials of disaster recovery. If you would like to know more, please visit our Disaster Recovery page or get in touch and speak with one of our Disaster Recovery team about a free consultation.