A recent incident or natural disaster such as flodding may have made you think about your IT network and ask yourself if your Disaster Recovery Plan would work if your IT systems went down.If you don’t yet have a disaster recovery plan however it’s never too late to create one. Your disaster recovery plan should be reviewed after every major IT change; generally this is about once a quarter.
A simple step by step guide to how to create a disaster recovery plan:
1. Perform a risk assessment to outline how critical each of your IT services are. Assess the RTO (recovery time objective) and RPO (recovery point objective) of each service and make a list.
2. Develop your disaster recovery strategies – which ones would you want a managed service provider to look after, which ones can you risk being down for a few days, and are there any where you can’t afford to have any downtime with so you may need synchronous server mirroring? Your strategies should include technology, suppliers, people, data, processes and security to help you to meet the RTO and RPO outlined in your risk assessment.
3. Implement the strategies into disaster recovery plans. This will involve creating a pan for all of the above:
- Technology – designing and implementing internal infrastructure, maintenance and testing of it to ensure it’s fully functional.
- Suppliers – choosing suppliers, managing suppliers, testing your systems are regularly working.
- People – who your end is going to be involved in the day to day testing, maintenance and recovery exercises, and who has authorisation to invoke a recovery?
- Data – how often do you need to copy your data and is this a complete copy which can take lots of bandwidth or are you just copying new data to reduce bandwidth and improve efficiency? Where is your data stored and is restoration guaranteed? How often are you testing it?
- Processes – Are you all aware in the event of a disaster exactly who is responsible for what? Do you practice the processes and are they documented? An IT failure can be very stressful and in the middle of a crisis you don’t want to be unsure of the processes. How accessible is the process? There’s no point in having it on an IT system that has just failed………
- Security – The correct management of your data is critical. A dis-satisfied employee who has access to your DR processes and authorisation codes can wreak havoc. Ensuring that your data is managed by a provider with the correct certifications is important – look for ISO27001 from suppliers. Management of the authorisation codes also needs reviewing regularly, something which should be discussed with your provider who can give you strategies to keep it fresh.
Our free disaster recovery plan template is designed to give you everything you need to create your own DR Plan. Once created it’s important that you test it regularly and refine it.
By Tim Dunger
Pre-recovery. The best approach for IT disaster recovery. What is it and why should you have it?
Disaster recovery options – a guide to cost vs performance
The top IT budget overspends – why high availability shouldn’t be one of them
What you need to be ready for an IT disaster