Digital workflows significantly improve business agility but they require heavy reliance on infrastructure availability. What’s more, corporations increasingly manage large volumes of critical data, which in the wrong hands could be devastating. It may not take much more than a power outage, human error or technology corruption, through to serious cyber attacks or a DDoS to bring business operations to a halt, with costly consequences. Proactive businesses have a robust disaster recovery (DR) procedure for such situations.
he right digital tools are an essential part of disaster recovery, but ultimately in the face of a crisis a set of recovery technologies will only be as effective as the plan they are based on. Despite this, 75% of companies lack a basic incident response plan.
Ensure your business is fully prepared with this guide on implementing smart disaster recovery.
Consider all business applications
There is a huge array of potential crises, so rigorous disaster recovery planning should cover all aspects of your business processes, systems, software and connectivity. Your plan should anticipate the loss of any of the following:
- Physical environments (computer rooms and server spaces, including climate control and power supply)
- Hardware (networks, servers, machines, devices)
- Service provider connectivity (wireless, cable, fibre)
- Software applications (data interchange, email, internal systems, resource management and office platforms)
- Data and information (recovery and restoration)
Essential DR plan elements
In order to consider how the loss of any of these systems may impact operations, and how to deal with the consequences, an effective disaster recovery plan should be mapped. This should include the following essential elements:
- A DR policy statement with an overview and key objectives
- The core accountable DR team with contact information
- Clear and concise list of actions to follow immediately after an incident
- A visual outline of the network and recovery site
- A holistic list of all software and systems included in the recovery
- Sample outlines and templates for technology recovery documents including vendors
- Media handling tips and best-practices
- Summary of insurance coverage
- Financial and legal action plan
- Pre-created, ready-to-go forms for completing the plan
Once a DR plan has been ascertained, its existence alone is not sufficient. Robust end-to-end testing of the procedures and disaster recovery processes will identify potential gaps and assess impact on applications and workflows.
A full rehearsal of the processes in the result of crisis, and assessing speed, agility and potential errors will ensure your plan is workable and fit for purpose.
If, however, a full test is simply not possible due to budget, time or resources, assemble all the key team members and disseminate the DR documentation, and perform a process walk-through. While this approach may still miss technology failings, it will highlight obvious potential pitfalls.
Finally, be realistic
Setting goals and outlining objectives is one of the essential components of a thorough disaster recovery plan. While it’s good to be optimistic, in the moment of crisis goals should be achievable, considering the available manpower and expertise.
Keep it simple by focusing on the outcome of business-critical or high impact applications, so goals set will be attainable. Achievable goals, as a result, will provide motivation and credibility to the core disaster recovery team for the next emergency situation.
With a number of high profile cyber attacks in the media, and more emphasis on data protection with the upcoming GDPR, businesses of all sizes and processing volume have identified the gravity of insufficient disaster recovery planning. While no CIO wants to be a prophet of doom, vulnerabilities are very real. With luck, your business will never find out the effectiveness of your crisis plan. But your company cannot afford to be without one.