In this post: Learn how to develop a disaster recovery plan for your organization after a virtual attack.
From natural disasters – like Hurricane Sandy in October 2012 – to issues such as human error, malicious attacks, data corruption and storage failures, there are many “villains” seeking to harm your organization’s valuable data.
But businesses don’t have to live in uncertainty as to whether they’ll be able to ensure business continuity and access to critical information in the event of a disaster. To be the hero of your corporate data when calamity arises, a disaster recovery plan needs to be in place.
The following nine steps will aid you in developing your disaster recovery plan, which will help protect critical IT assets from the multitude of threats that could harm them.
- Conduct an asset inventory.
Every hero needs something to fight for. For you, that would be your data. Before developing your disaster recovery plan, conduct an inventory of your IT assets to know what needs to be protected. This is necessary to untangle the complexity of an IT environment. Items to be inventoried include all assets under IT management, such as servers, storage devices, applications, data, network switches, access points and network appliances. Next, map where each asset is physically located and which network it operates on. - Perform a risk assessment.
After you have a complete inventory of your IT assets, go through and list the internal and external threats to each asset. This step is for you to identify who the “villains” are. Be thorough, and imagine worst-case scenarios, from natural disasters to mundane IT failures. - Define the criticality of applications and data.
Now that you know what IT assets you have and the potential threats to each, classify the data and applications according to their criticality. This exercise should be done by working closely with business colleagues and support staff to determine the criticality of each application and data set. Assets that have commonalities should be grouped together according to their criticality to the business. You don’t want to apply a different technique to every individual application or data set you have. Grouping data into classes with similar characteristics will allow for a less complex strategy. - Define recovery objectives.
Once you’ve classified your assets by their criticality, you’ll want to set recovery objectives. Note that different assets – like a critical e-commerce database – may have more aggressive recovery objectives because an organization can’t afford to lose any transactions or be down for long. A legacy internal system, on the other hand, may have less stringent recovery objectives. For this step, be sure to involve business line managers to align recovery objectives and know which IT assets require more immediate attention over others.
- Determine the right tools and techniques.
Now it’s time to choose what tools and techniques to use in your disaster recovery plan. For low-impact data, it may be sufficient to conduct nightly backups to protect that information. High-impact data and applications may call for continuous data protection solutions that provide comprehensive backup and data replication.Or perhaps the critical component of the disaster recovery plan is offsite protection. If that’s the case, make sure your data is sent to a location that is far enough away so that it’s not in the same geographic risk zone.Another important consideration is to automate and streamline the recovery process as much as possible. In the event of a disaster, key IT staff may be unavailable. Plus, automation can reduce the risk of human error. - Get stakeholder buy-in.
As you go about planning your disaster recovery plan, involve key stakeholders, including application owners and business managers. Their input is essential in the planning phase. Remember: a hero isn’t always just one person, but could be a community of individuals working towards a common goal. It’s also important to consult with strategic partners and vendors to make sure you’re getting the most out of your disaster recovery solutions and services. - Document and communicate your plan.
A disaster recovery plan needs to be documented so the organization knows how to activate it quickly and efficiently following an incident. The document should also be written for the people who will be using it. Additionally, the plan should be communicated clearly to various stakeholders in the company. This is essential in case an individual with familiarity of the plan is unavailable during a disaster. Be sure to store the plan in a location where it can be accessed during a disaster. Ideally, it should be printed and posted in multiple locations.
- Test and practice your disaster recovery plan.
Once a disaster recovery plan has been created, it needs to be tested and practiced frequently. Practicing the plan will help you find and correct problems. In addition, you’ll become more comfortable with the plan and start executing it faster and more accurately. Everyone who has a role to play in the recovery effort should attend practice sessions. - Evaluate and update your plan.
Your disaster recovery plan needs to be evaluated and updated constantly to account for changes in your environment. For example, key personnel may go on leave or terminate their employment. IT might move to new hardware or operating systems. The company might acquire another business. Regardless of what happens, your plan needs to reflect the current state of the organization at all times.
While disasters may be unpredictable, your response doesn’t have to be. By having a well-documented and tested recovery plan, you can be the hero that your company’s data needs. Not only will you save your critical information – but you will save your company time, aggravation and money.
To learn more about building a business-oriented disaster recovery plan, please visit Dell Software.