SAP GRC access control and process control are automated tools that manage an internal security…
When it comes to disaster recovery planning, most organizations cross their fingers and hope for the best. Many are using hopelessly
outdated tape backups in bare cold DR sites, with inadequate DR planning and little to no testing. It’s easy to understand why — traditional DR services with good RPO and RTO don’t come cheap, and it’s easy to convince yourself you’ll never need it.
But the threats to your computer network are growing from every corner — from manmade disasters like cybercrime and terror attacks to increasingly violent storms. In reality your systems and IT environment are more vulnerable to everyday issues such as user error, misconfiguration and power outages. The good news is that affordable, high performing cloud disaster recovery means companies no longer have to choose between controlling risks and controlling costs. Here’s how to create a disaster recovery plan that will keep your company safe.
How to Create a Disaster Recovery Plan
1. Assess Your Disaster Risks. DR planners need to decide on the “what” before getting to the “how.” To create a disaster recovery plan, you’ll need to brainstorm possible threats and assign each a probability and impact (on a scale of 0 to 1) and a risk rating (probability x impact.) Then, come up with a recommended action for each scenario, such as mitigation, DR planning, transferring risk to a 3rd party or acceptance.
2. Use Business Impact to Create DR Plan Objectives. Inventory all business systems down to the individual components, and map each to the business processes it supports. Calculate the hourly costs of an outage in each system, including both primary costs (e.g. lost sales), and secondary costs (e.g. fines). Rank each based on its criticality, and set objectives, such as RPO, RTO and maximum tolerable downtime.
3. Choose Your IT Disaster Recovery Technology. Disaster recovery and high availability technologies range from old-school offsite tape backups to next generation enterprise cloud disaster recovery. A consultant can explain the technologies and help you understand how to create a disaster recovery plan that fits your needs.
4. Assemble Your Team and System Recovery Plan. Successful disaster recovery requires a qualified team, and detailed procedures. You’ll need a contact list (including both team members and your hosting or disaster recovery provider, if applicable), an emergency communication plan to coordinate your efforts and a plan to restore your systems.Your disaster recovery plan must spell out and assign every task, from declaring a disaster to resuming normal business operations. Redundancy is key; your team should have alternates, and your IT disaster recovery plan should have backup contingency procedures.
5. Test Your Disaster Recovery Plan. Disaster recovery depends on everyone working as a team through a potentially terrifying event. That requires regular practice and refinement — particularly if your company is just learning how to create a disaster recovery plan. Factors to consider include:
- Testing frequency
- Planned vs. ad-hoc tests
- Active vs. passive tests
Ad-hoc DR tests simulate real world scenarios better than planned, since no one but the leader knows about the test ahead of time. Similarly, active DR tests (where production is rolled over to backup systems) are preferable to passive tests (where production remains online).
The tradeoff is disruption. Suddenly taking your team away from their jobs and taking production offline obviously affects productivity. Organizations need to carefully consider how to create a disaster recovery plan testing program that maximizes readiness while minimizing business impacts.
How to Create a Disaster Recovery Plan the Easy Way
Successful IT disaster recovery requires flawless planning, an experienced team and a carefully calibrated testing program. Download our free disaster recovery planning workbook to learn what in-house DR takes. Or, if you prefer contact us to learn how Symmetry can ensure your organization makes a quick recovery from any disaster.