When it comes to disaster recovery, a lot of businesses start to cringe. It’s a policy that we all know we need in place, but it’s surprising how few businesses actually have one in place. It doesn’t matter if you are a one-man band or a 100 strong business, it’s still important to plan for the worst. To help you understand what a disaster recovery plan is, we’ve put together this mini guide, showing the sections that should be included in every disaster recovery plan.
Before you can start putting plans in place, you first need to identify what risks there are to your business. According to the ISO/IEC 27031 (the global standard regulation for IT disaster recovery) strategies should “define the approaches o implement the required resilience so that the principles of incident prevention, detection, response, recovery and restoration are put in place.” To get started on this, first make a list of your critical systems. This could be your manufacturing system, banking, client info, ordering systems, any system that is directly involved in the running of your business. The next step is identifying what the main threat to that system would be. So for your accounting systems, a server failure would be the primary risk, for manufacturing processes, the failure of machinery would be a threat. The next stage is to identify 3 separate strategies for each system – a prevention strategy, response strategy and recovery strategy. It’s easiest to manage this by putting all the information into a simple table so it’s quick to access and view.
Translating Strategies Into Plans
Once you have a clear idea in your head of the risks and strategies, you need to do something with it. At this stage you are ready to translate them into plans. This involves identifying a response strategy and action steps as well as recovery strategies and steps. Response and recovery are the pillars of a disaster recovery plan, so it’s essential these elements are thought through. Take each system in turn, and identify how you would know if something went wrong with this system. Once you now something is wrong, what would your immediate response steps be? Often this is the stage where you get your systems up and running on their backup servers or systems as quickly as possible so that operations can carry on as usual. Once the systems are running on a temporary basis, you can now focus on recovering the original systems and recovering any data. Write every step and stage down in detail, including who would be responsible for each action. You may have several different methods for dealing with one incident, and that’s ok – write them all down!
Incident response is crucial to an effective disaster recovery system, and it’s essential it be handled correctly. You should put policies in place to ensure you are notified of an incident as quickly as physically possible, so that you can deal with it quickly. This section of the process should address the early stages of the incident, and outline the exact stages to be taken to rectify the problem. This usually flows through incident management, emergency management of the problem, disaster recovery implementation and eventually full restoration to running order.
Once you have a series of plans laid out, it’s now time to decide which plans should be launched, and how. Implementing some of these plans might require new equipment, retraining of staff or the testing and implementation of new systems, so it’s important to consider how you are going to implement your strategy. Sometimes this can be done in stages, and others all in one go, depending on the complexity of your plans.
Procedures & Documents
Once your plans have been implemented, it’s important to get them filed into documents and accessible to all staff members. The more detailed your plans are, the more likely your business is to get up and running again quickly, so don’t skimp on writing up anything.
These are the most basic requirements for any disaster recovery plan, and are not specific to any one industry or business type. As you work through this plan you will start to see areas that apply more to your business, or points that aren’t relevant. A disaster recovery plan needs to be very personal to your business, so it’s important to shape it this way. These points are a great starting point, and if you have any questions or want to discuss your options, get in touch for your free disaster recovery consultation.