Although specific disaster recovery plan formats may vary, the structure of a disaster recovery plan should include several features: Show
Goals Recovery time objective or RTO refers to the acceptable downtime after an outage before business processes and systems must be restored to operation. For example, the business must be able to return to operations within 4 hours in order to avoid unacceptable impacts to business continuity. Personnel IT inventory Backup procedures Disaster recovery procedures Disaster recovery sites Restoration procedures Include not just objectives such as the results of risk analysis and RPOs, RTOs, and SLAs, but also a structured approach for meeting these goals. The DRP must address each type of downtime and disaster with a step-by-step plan, including data loss, flooding, natural disasters, power outages, ransomware, server failure, site-wide outages, and other issues. Be sure to enrich any IT disaster recovery plan template with these critical details. Create a list of IT staff including contact information, roles, and responsibilities. Ensure each team member is familiar with the company disaster recovery plan before it is needed so that individual team members have the necessary access levels and passwords to meet their responsibilities. Always designate alternates for any emergency, even if you think your team can’t be affected. Address business continuity planning and disaster recovery by providing details about mission-critical applications in your DRP. Include accountable parties for both troubleshooting any issues and ensuring operations are running smoothly. If your organization will use cloud backup services or disaster recovery services, vendor name and contact information, and a list of authorized employees who can request support during a disaster should be in the plan; ideally the vendor and organizational contacts should know of each other. Media communication best practices are also part of a robust disaster recovery and business continuity plan. A designated public relations contact and media plan are particularly useful to high profile organizations, enterprises, and users who need 24/7 availability, such as government agencies or healthcare providers. Look for disaster recovery plan examples in your industry or vertical for specific best practices and language.
Losing data is a company’s worst nightmare. Unfortunately, no one is immune as security breaches run rampant today. You not only have to consider the effects of human interference, but also what could happen in the wake of a natural disaster. Wildfires, hurricanes and earthquakes are all natural occurrences that could knock out your data centers and erase pertinent information without a human ever touching a computer. A comprehensive disaster recovery plan checklist is essential to getting a business back up and running following a disaster. In this blog, you’ll learn the goals of a disaster recovery plan and what to include on your checklist. Disaster Recovery Plan GoalsDisaster recovery is meant to help your business stay ahead of problems that could result in a loss of data. According to the National Archives & Records Administration in Washington, 93 percent of companies that lose data access for 10 days or more due to a disaster file for bankruptcy within a year. If you want to avoid financial loss, your disaster recovery strategy should provide the resources needed to:
What Should You Include on Your Disaster Recovery Plan Checklist?Here are eight key ingredients to include on your disaster recovery plan checklist: 1. Set Your Recovery Time Objective (RTO) and Recovery Point Objective (RPO)The first thing you need to do is determine your RTO and RPO. These data points refer to: The amount of time you need to recover all applications (RTO) Setting RTO and RPO goals requires input from multiple departments to best assess business needs. Your RTO and RPO will help you determine what solutions are necessary to survive a disaster or a data breach and keep your data recovery costs low. They help you determine which hardware and software configurations you need to recover your workloads. 2. Take Inventory of Hardware and SoftwareTake a complete inventory of your hardware and software. Categorize each application in one of three buckets:
By defining your most critical applications, you’ll know which ones you need to prioritize in the event of a disaster. You should revisit this list once or twice a year as you install new apps or remove old ones. Pro Tip: Make sure you have the vendor technical support information for each piece of hardware and application on hand so you can get back up and running fast. 3. Identify Personnel RolesBeyond your software and hardware needs, you also need to outline the roles and responsibilities involved during a disaster recovery event. Duties range from making the decision to declare a disaster to contacting party-vendors. Your disaster recovery plan should include a list of disaster recovery personnel with each person’s position, responsibilities and emergency contact information. Everyone from C-suite executives to help-desk reps has a role to play, and each person should understand their role in detail. You should also have a list of back-up employees in case someone is on vacation or no longer available. 4. Choose Disaster Recovery SitesAny good business continuity plan will also include using a disaster recovery site where all of your company’s essential data, assets and applications can be moved during a disaster. Whatever location you choose should be able to support your critical hardware and software. Disaster recovery plans typically use three sites:
These sites should automatically perform backups and replicate workloads to speed up recovery. 5. Outline Response ProceduresDocumenting your recovery strategy is the only way to guarantee your team will know what to do and where to start. Write down guidelines for everything, including:
You can’t be too detailed when it comes to documenting response procedures. The goal is to achieve full transparency and make sure each staff member understands the disaster recovery process from start to finish. 6. Identify Sensitive Documents and DataThinking beyond hardware and software, you also need a list of the essential documents and data that you cannot lose without disastrous effects. This includes sensitive information, such as Personally Identifiable Information (PII), and who will have access to that data in the event of a breach or disaster. 7. Create a Crisis Communication PlanNo matter the size of your company, you need a clear strategy for communicating with employees, vendors, suppliers and customers in the event of a disaster. As long as you keep customers and the media informed on the status of your data outage or breach, they will feel much better about how you’re handling the situation. Larger companies should create a crisis management media kit for reporters and customers. Include a statement that your PR team can publish on your website and across social media platforms that includes a number to contact for more information and an estimate on when things will be back up and running. 8. Run Continuous Practice Tests to Ensure Your Plan Is EffectiveThe last thing you want is to have your disaster recovery plan fail in your time of need. Test your plan at least once or twice each year and look for red flags, such as failed backup hardware or a slow internet connection that can’t restore your data in time. Any time you run through a practice test, you should also review your risk assessments, personnel lists and inventory to ensure everything is up to date. Get Expert Disaster Recovery Planning Assistance From KMicroToday, every company is likely to experience a natural disaster or human interference at one point or another. To keep your data protected, you need a foolproof disaster recovery plan. Reach out to KMicro to learn more about how we can help you create an effective disaster recovery plan that will get you back up and running in no time. |