Eight Steps For Planning Your IT Disaster Recovery Plan

Are you prepared if disaster strikes your company?  Along the East Coast and Gulf Coast, we’re in the middle of hurricane season. Before the next big storm, now is time to prepare your business with an IT Disaster Recovery Plan.

It seems every season, mother nature is always throwing a curve ball when you least expect it. From hurricanes to blizzards, and earthquakes to fires, it’s not easy to predict which one will affect your business. In fact, according to the  Federal Emergency Management Agency 40 percent of small businesses never fully recover from natural disasters.

The best course of action to combat these unforeseen events is to prepare your IT infrastructure with a solid IT disaster recovery plan. An IT disaster recovery plan will put your business ahead of the curve and protect your business from countless dollars in lost revenue and productivity.

As we have discovered through our work with many organizations, the more businesses grow increasingly reliant on high-performing networks and data assets to deliver value to clients, it’s imperative to have a disaster recovery plan in place before disaster strikes. Outlined in this post today, we will walk you through the top eight steps you should take on your journey to create your own IT disaster recovery plan.

1. Determine the Scope of Your Disaster Plan

The first step in your disaster recovery plan is to understand your end goals. Do you need your data immediately available after a disaster? Can you wait several hours to regain access? Several days? Also, what data is most important to recover? When? Knowing your recovery time objectives (RTO) and recovery point objectives (RPO) will help you to understand what your needs truly are in your disaster recovery plan.

In this first step, you will address how your company currently accesses data and applications as well as access to your servers.  For example, if your company has regulations that require your clients to access their records and files within a certain window of time, you will need to ensure that your disaster recovery plan allows for this to occur seamlessly. Your IT disaster recovery plan should focus on ensuring your proprietary information is kept safe and secure, and also that it can be quickly accessed in the event of a disaster. For most small and mid-sized businesses, this means exploring offsite data storage options like cloud storage and/or geographically redundant data center colocation.

2. Exploring your IT infrastructure Weaknesses

With your end goal in mind, the next step is to develop an understanding of your most glaring IT vulnerabilities. Let’s say for example your top weakness is that you house your server onsite at your office, where there is no redundant power or connectivity and limited battery backup. You will want to not only protect those servers from an outage, but also ensure that in the event of an outage, the data is accessible so your business is not severely impacted. Colocation hosting of physical servers can ensure proper redundancies in power, cooling, and connectivity and cloud storage can offer flexibility with backups to ensure data is protected in the event of failure of those devices.

In this part of the planning, you will need assess your hardware location/s and how your virtual environments (if any) are supported, and consider offsite and storage options for redundancy and better protection.

3. Conduct A Risk Analysis

Any plan you implement should also include a risk analysis the uncovers the direct cost of downtime. This cost can also help to inform the criticality of certain infrastructure and your desired RTOs and RPOs. In this step, you will want to determine the actual costs your business will incur not only in money but in loss of productivity by your staff. According to Gartner, the average cost for a minute of downtime is $5600!

The loss of files or applications can be very high as a result of regulatory penalties, customer turnover, and reputational damage depending on your industry.

Other costs associated with data loss don’t have a clear price tag. For example, if your business does not back up its digital information properly and then those repositories are destroyed in a manmade or natural disaster, however your business could suffer a tremendous loss in client trust and brand reputation that could set your business back immensely.

Determining where the risk is for loss and the costs associated is key to determining the proper disaster recovery strategy.

4. Identify Data Recovery Strategies

After a thorough risk assessment, it’s time to review your data recovery strategy. In this stage of the plan, you will want to review the current data recovery strategies and go into a role play of “real world” testing situations.

For the purpose of this portion of your planning, let’s say you’ve determined that your onsite data storage is your greatest vulnerability, you should map out the most efficient way to migrate your data to a public cloud or colocation center back into your system after disaster strikes. This is where understanding your RTO and RPO is key. Critical infrastructure will need to be available as quickly as possible, while less critical data and applications might not be available for several hours or even several days depending on your budget and pain tolerance. Your disaster recovery partner will be able to help you determine the proper strategy to keep your data protected in a way that meets your objectives and your budget.

5. Create Your Plan

This stage of planning will involve collecting the insights you’ve gathered and arranging them in an easy-to-understand, sequential guide.

For the purpose of planning, let’s say you’ve opted to entrust a cloud provider with the storage and management of your data. Your disaster recovery plan should clearly lay out the steps that need to be taken to contact the provider and get your IT environment back online after a critical systems failure. Your plan should include various levels of recovery for your IT infrastructure. Each level should be planned out for the level of anticipated loss.

6. Testing Your IT Discovery Plan

With your plan in place, you will need to run through your plan in “real world” conditions. You will need to see if the plan will work, and not wait until the real thing occurs.

The testing portion of your plan will allow you to tweak your plan and ensure success.

7. Train Your Team

Once you’re tested the plan to ensure its properly aligned, it’s now time to introduce it to your team. In an ideal world of planning, you have been consulting with your key personnel throughout the previous six steps. To ensure your plan works with precision, you must communicate your disaster recovery plan with everyone in your organization. This communication is key as your team will need know the plan and implement it in the event of a flood, hurricane, wildfire, or any other catastrophe.

In fact, bringing your employees into the loop is a great way to get your plan vetted by people with diverse viewpoints, who may be able to spot something you’ve overlooked.

8. Review, Revise Your Plan

IT disaster planning is not a one and done operation. It is recommended that you review your IT disaster recovery plan yearly. As your company grows, your IT infrastructure changes as does the personnel who will be responsible for implementing the plan should the need arise. It’s important to always keep your IT disaster plan fresh.

Need help creating or implementing a disaster recovery plan? Whether you need geographic redundancy, virtual backups, or a combination of the two, Data Canopy can help you keep your business running when disaster strikes.

Related Posts