How to Create a Basic Businesses Disaster Recovery Plan in 4 Steps
Data loss is a major problem for every type of organisation.
This is not a problem your organisation wants to have. This problem can be avoided with the correct preparation. Natural disasters can create havoc just look at the Brisbane Floods about 7 years ago or the Christchurch earthquakes. Many businesses were simply not prepared. However, it doesn’t take such large events to cause a business to lose important data. It can be as simple as dropping a laptop to the floor, or a power surge that results in burning out a server or a storage device. If you don’t have your crucial data backed up, even a small situation can turn into a disaster. That’s when having a business can help.
Be very aware that the term Backup – means having a copy of your data off-site.
The term Disaster Recovery Plan (DRP) – means not only having a copy of your data off-site but how quickly can you get things back up and running.
RTO = Recovery Time Objective
RPO = Recovery Point Objective.
Both of the above need to be clearly articulated in your DRP.
Natural disasters and data loss are way down on the list as the leading causes of data loss – and that the chances of it happening to you are pretty slim. A study by Strategic Research Corporation of the leading causes of business continuity and disaster recovery incidents shows the following:
- Hardware Failures (servers, switches, disk drives, etc) 44%.
- Human Error (mistakes in configurations, wrong commands issued, etc) 32%
- Software Errors (operating systems, driver incompatibility, etc) 14%
- Viruses and Security Breach (unprotected systems are always at risk) 7%
- Natural Disasters 3%
What about malicious activities? These exist as well. Safeguarding your data is another topic for later.
Establishing a disaster recovery plan can be done in the following 4 steps:
1) What is your potential risk inventory?
Make a list of every potential cause of data loss and the solutions to each. Your list should include losses that won’t affect the business very much, and those that would shut the business down temporarily or permanently. Information Technology experts can assist you with creating the potential risk inventory – as they will have the knowledge and experience to identify possibilities that you are not likely to think of but need to plan for all the same. These IT experts will also be able to discuss preventative solutions to guard against each type of potential data loss.
2) How do you Rate each of your potential data loss situations?
How likely is it for each of the items on your risk inventory to occur? Rating them in order of importance and likeliness to occur will help you determine where to focus your disaster recovery plan efforts.
3) Develop your disaster recovery plan.
Go through each of your potential risks and their solutions, and determine how long it would take you to recover from the loss of data for each risk. Could your business be offline for 24 hours? A week? Depending on the nature of your business, being offline for even just 24 hours could result in your losing customers to your competition. Look at ways to reduce the length of time it would take you to recover from each type of data loss risk.
4) Put your disaster recovery plan to the test.
Once you’ve created your plan of action for recovering lost data, you should test your solutions. A disaster recovery plan is just a plan until it can be tested and proven.
We have been involved with many DRPs and tests and there is a lot to know. Experience is an excellent educator.