What is a Disaster Recovery Plan?
A disaster recovery plan (DRP) is a formal documented policy and/or process created for an organisation containing detailed instructions on how to respond to unplanned incidents. This could be natural disasters, power outages, cyber-attacks, or any other disruptive events.
The purpose of the plan is to strategize ways to minimise the effects of a disaster should it occur so the organisation can continue to operate, or at the very least, resume key operations needs.
Disruptions to any business can vary in terms of the scale of their impact but will likely cause these most common outcomes:
- Lost revenue
- Brand damage
- Customer dissatisfaction
- Regulatory penalties
Additionally, the longer the disruption, the greater impact to your business/organisation as a whole and therefore longer-term damage to your business.
A clear and effective disaster recovery plan will limit the level of disruption and therefore enable a more rapid road to recovery.
“If you fail to plan, you are planning to fail” – Benjamin Franklin.
Unsure how to approach setting up your own Disaster Recovery Plan or keen to utilise a different point of view? Information Solutions can help with our consultancy services. Find out how here.
What are the key steps to creating a disaster recovery plan?
Mitigation of disruption should be the driver behind your recovery plan to work to minimize the effects of any disaster event. Though some scenarios may seem outrageous to highly unlikely, the purpose of plan is to account for any type of disaster no matter the scale to ensure as an organisation, you are prepared.
Top Priorities – first step is to outline the key priorities of the disaster recovery plan.
Personnel – who are your data processing personnel? Include a copy of your organisation chart as part of the plan contents to ensure all key points of contact are identifiable and contactable. This is particularly beneficial for larger scale business split across geography.
Applications – identify and list all your business applications and business critical level. Also identify if fixed against a location or asset.
Inventory – not just helpful for insurance purposes, a full inventory of your IT resources by manufacturer, make, model, serial number, initial cost/value and even if the item is owned or leased is essential. This will help account for what you have, remain in possession, or have sadly lost in light of the disaster event.
IT back up procedures – with a clear log of back up procedures and timings, your organisation can identify its position in terms of data which can impact steps for your recovery and likelihood of data lost.
Disaster recovery procedures – for any disaster recovery plan, there are three core procedures to have in place and ensure clearly referenced:
- Document your appropriate emergency response procedures to situations such as fire, natural disaster, or other similar disaster event with a view to limit damages and protect lives.
- A breakdown of operations backup procedures. With a clear procedure, your organisation can identify essential data processing needs which can be resumed after the cause of the disruption.
- Recovery action procedures to enable rapid restoration of any data processing systems following a disaster to ensure operationally active
Location specific considerations – as the nature of the disaster event could impact a standard place of work in a range of scales, to enable plans for potential location changes for mobile or hot site.
Mobile site plans are designed for a more transient plan and should include a communication disaster plan (including the wiring diagrams) and an electrical service diagram.
Hot site plans will support a full “backup” alternative temporary location while the original site is re-established.
Restoring the entire system – the main goal for any organisation is to return your system back to how things were before the disaster. This plan will be a full breakdown of backup and recovery seeing to recover from a full system loss.
Testing your plans – to ensure your plans are effective, testing regularly is essential to evaluate the effectiveness of your plans now and in the future. As time passes, people, equipment and the world keeps changing and so it is essential to ensure your plans are still relevant, will work if necessary and all concerned as aware of their contents.
Time to rebuild – by the organisations management team, it is this stage to full assess the damage and begin the reconstruction of a new data centre.
Disaster site rebuilding – in the event the disaster does impact your organisations “home” or data centre location, it is essential to ensure clarity on what you had to ensure you can recover and rebuild for what you still need. This can include consideration of square footage of the data centre space, hardware needs, power requirement and security requirements.
Record of plan changes – ensure your organisation has a clear process to ensure everyone is aware if your plan changes and who is responsible for actions. A typical area for change is the organisation change. Members of your organisation may change, so ensure this is reflected in the plan.
How often should I test the plan?
It is recommended by most leading experts that testing should take place annually at a minimum.
It is strongly suggested to test following any changes. This is to ensure any changes made do not hinder plans and enable to assess any areas of improvement.
Looking for expert help to create, test and review your Disaster Recovery Plan? Speak to Information Solutions today.