How to create an effective disaster recovery plan for your business

Creating a disaster recovery plan for business continuity — well, it’s not easy. There are way too many factors to even attempt a summary here. Right from enlisting all the risks to choosing the location to host your disaster recovery applications and systems — every decision will test you.

It’s probably because of this that many business organizations find it difficult to start or improve their disaster recovery plan. You won’t have to search much before bumping into case studies of organizations whose first attempts at disaster recovery came when the crises had struck.

We don’t want your organization to add to the list of such lamentable case studies. Yours must be the happy story, of the organization that let saw storm arrive, watched in confidence, let it pass, and resumed work with nonchalance. Here’s everything you need to know and do to make that scenario happen.

Take stock

You can only recover what you know is disrupted. Disaster recovery consultants swear by the practice of taking stock — for hardware as well as software. It’s ideal that companies create self-defined categories to classify these assets and to organize them in an order of priority, such that the most important ones are secured first.

While you do this, it makes sense to mark technical support and contact information close at hand for each asset. Don’t risk a situation where you know something is wrong, but don’t know what all it might have taken down.

Define tolerance levels

Of course, different kinds of businesses have different levels of tolerance for system downtime and data loss. If you’re a local cake delivery service, you can afford a few hours of downtime. If you’re a cab-hailing service, your app can’t afford to be down for more than a few seconds.

Recovery time objective (maximum time you can wait before resuming access to affected systems) and recovery point objective (maximum amount of data loss you can afford due to a disruption, expressed in units of time, going back from the moment of disruption) are the two pillars on which your disaster recovery plan will stand. Ideally, the answer to both questions would be — a few milliseconds. But then, the costs, viability, and achievability will determine the values you truly settle for.

Experts advise that businesses should organize systems and applications in three or four categories, from Tier 1 (applications that must be recovered immediately) to Tier 4 (applications that can be recovered conveniently in a few days). The success of every disaster recovery plan depends on this.

The 3-2-1 rule for data backup

System uptime is one goal, and prevention of data loss is another. To achieve the latter, experts swear by the 3-2-1 rule. It says there should be three copies of your data, on at least two different media, and one copy must be located offsite. The logic is clear enough; the plan should achieve redundancy, geographic separation, and must avoid known risks associated with specific media. If data stored in a traditional medium (disk, drive, etc.) deteriorates, the offsite location (which is mostly a cloud-powered storage service, for modern businesses) will keep things secure. This also means that even in a situation as bad as a city-wide natural disaster, your offsite data (located in a server thousands of miles away) will be safe.

Get into the nitty-gritty

After you’ve decided the RTO and RPO for different applications, it’s time to write down the disaster recovery plan in detail. Rather than getting into aimless discussions about preparing a template for the plan, we recommend you make it as practical, clear, and crisp as possible. That’s because people who will refer to it won’t really have the time to pour themselves an espresso shot and recline on a rocking-chair to read it.

Focus, instead, on clearly answering the questions people will have at the time; such as:

  • What exactly could go wrong for the enterprise?
  • How will your network be impacted, and what could the results be?
  • When, how, and what will you communicate to immediately affected stakeholders?
  • What are the different steps of the recovery process?
  • Who is responsible for what?

Once done, make sure the plan is easily accessible to people responsible for dealing with disaster situations. Also, devise a mechanism for revisiting the plan every three or six months, based on the sensitivity of your business. Newer threats (ransomware, for instance) require alterations and additions in the master disaster recovery plan.

Have a communication plan in place

The key source of chaos in businesses when a disaster strikes the IT infrastructure is the lack of clarity on who communicates to whom, and in what language. This calls for businesses to add a clear and comprehensive communication plan in their disaster recovery plan. The key points to cover in the communication plan are:

  • Which leaders take up the responsibility of communicating the news to internal and external stakeholders
  • Who plays the role of managing the news media, should such a situation arrive?
  • How will you communicate with internal and external stakeholders and the media if email, instant messaging, and telephone are not available?

Test it

It’s naïve to prepare a disaster recovery plan and then not test it to a reasonable degree of detail and practicality. It’s almost guaranteed that you will face surprises, and you will realize that you:

  • overlooked important systems and didn’t include them in the scope of the plan.
  • are not able to achieve the RTO because of any number of reasons.
  • your backup technology is not taking server snapshots with the frequency you thought.

The more surprises you face at this moment, the better your disaster recovery plan will become (provided you draw insights from your testing and translate them into improvements).

The real disaster: Not having a disaster recovery plan

Disaster recovery is hefty. It’s tiresome, and in most cases, it’s expensive. However, it’s only after putting a robust disaster recovery plan in place that the business leaders can afford to sleep with their mind at ease about being prepared to combat a volatile situation.

Featured image: Pixabay

Rahul Sharma

Rahul Sharma is an accomplished copywriter/blogger who likes to create content that compel people to comment, share, and discuss. He has written content for blogs, websites, forums and magazines. His work is published on some popular websites like Android Authority, Tweakyourbiz and etc. You can contact follow him on Twitter @Im_RahulSharma.

Published by
Rahul Sharma

Recent Posts

Contactless payments are hot, but are they secure?

The trend to contactless payments has accelerated as retailers and consumers adjust to COVID-19 realities.…

8 hours ago

Season’s fleecings: CISA warns on holiday shopping scams

The U.S. Department of Homeland Security is warning that online holiday shopping scams may be…

11 hours ago

Azure DNS: Using Azure DevOps to protect public DNS zones

This in-depth tutorial shows you how to use features available in Azure DevOps to boost…

14 hours ago

Report: Baidu Android apps had potential to expose data

Two apps from Chinese tech giant Baidu that had been available in the Google Play…

1 day ago

Shining a light on the dark shadow cast by shadow IT

Employees who don’t have the tools to get their jobs done sometimes turn to the…

2 days ago

Microsoft 365 troubleshooting: Diagnostic tools at your fingertips

Many Exchange Server troubleshooting tools don’t work with Microsoft 365. Fortunately, Microsoft has a bunch…

4 days ago