Disaster Recovery and Business Continuity: How to plan for the disruption
Studies indicate that upwards of 43% of unprepared companies who experience a major data loss close immediately, an additional 50% never fully recover and cease operations within two years. We have all seen our most crucial data move out of local file shares to digital stores and up to the cloud. We have also seen threats to this data increase in quantity and sophistication.
How much does your organization lose per hour of downtime? The number is likely surprising and sobering. It has never been more important to have an actionable and tested Disaster Recovery plan in place at your organization.
Where Disaster Recovery (DR) deals with IT assets being restored Business Continuity (BC) revolves around making sure all critical business activities can continue. Technology plays a major part in both DR and BC respectively. This post explores basic concepts in planning for a disruption–whether it be a cyber-attack, natural disaster, social unrest, pandemic etc.
The main motivator for allocating resources to generate DR & BC systems and protocols is risk reduction. It is vital to know what to expect and how to proceed when disaster strikes.
When the worst happens stakeholders and key personnel are racing against the clock to implement the plan and resume critical operations quickly with minimal customer impact. Early in the process of enacting your DR plan, communication is first priority. Building Business Continuity features into phone systems and other communication mediums is of utmost importance.
-Regular Maintenance and Testing
The plan should be updated and tested on a regular basis. There should be full confidence that operations may continue when backups and contingency features are put in use. Scheduled backup is not a viable DR strategy. The plan needs to be updated every time a new technology or process is adopted. Furthermore, DR should be part of the decision-making process when selecting new technology.
-Ready Plan Stakeholders
Everyone who has a part in implementing the plan should know and have documentation on how to play their part. This goal is achieved with training, planning and proper communication.
-Satisfy Compliance Regulations
Many industry professional organizations require a continuity plan. Fines and penalties for mishandling consumer or otherwise regulated data can be severe.
Where to Start
Meet with department heads and compile a list of possible interruptions to normal business operations. Cyberattacks, natural disasters, power outage, are the most common and have multiple layers and degrees of interruption. Now is also the time to determine which threats are most likely to occur. These should take priority when making decisions on where to allocate resources in the plan.
IT personnel should maintain a list of all technology, both hardware and software. It is also important to note what function they serve and their connection to company operations. As technology changes, always maintain up to date documentation. Your IT department or vendor should have and maintain this documentation. It’s important to keep them in the loop with departmental technology decisions as well.
What operations are most crucial to resume and in what order? In meetings with department heads there should be a clear order in which to resume operations. Operations with highest importance and threats with the highest likelihood of occurring should take priority in the DR plan.
How long can your server or primary data repository be down? The answer to this question will determine backup strategies. Near instant recovery times are possible for enterprises with the requirement.
Where will employees work if the location becomes inaccessible? There needs to be plan that allows staff to collaborate and ensure that the access is secure and reliable.
It’s important to be sure that employees have a similar experience while continuity systems are active. Their experience needs to be as unchanged as possible. Users need to be educated on the continuity experience in advance and know what to expect.
Disaster Recovery and Business Continuity can be daunting. It’s a formidable task to define and maintain, straining internal technical staff. Consider DRaaS (disaster recovery as a service) to make your business resilient to the unexpected. Many IT departments are maxed out and adding an additional team member may not make financial sense. Find a competent and well referenced vendor to help with this critical aspect of your IT strategy. A backup is not enough—employ DR and Business continuity to keep your business running.