What is a Disaster Recovery Plan?
Let's face the fact: Disasters occur.
There can be floods, fires or cyclones. There can even be a cyber attack or a ransomware attack. Organizations can't afford to be non-operational because of regional power outages, cyber attacks or hardware failures. Every minute applications and systems are down translated into lost revenue. For example, economic loss due to disaster accounted for $306 Bn in 2017!
You might not be able to prevent disasters from happening, but with a solid disaster recovery plan in place, you can be ready for them when they hit and ensure the least amount of impact to your business.
So, what is a disaster recovery plan?
A disaster recovery plan ( DRP) is a documented process or set of procedures to execute an organization's disaster recovery processes and recover and protect a business IT infrastructure in the event of a disaster.
It is "a comprehensive statement of consistent actions to be taken before, during and after a disaster". (Wikipedia)
IT disaster recovery plans provide step-by-step procedures to recover disrupted systems and networks, and they help organizations resume normal operations. The goal of these processes is to minimize any negative impacts on company operations.
How will a disaster recovery plan help me?
With an effective disaster recovery plan at hand, it minimizes the number of interruption to your business as well as reduce the economic impact of these interruptions. An effective plan helps your organization to be prepared in advance, with established alternative means of operation in advance. Trained personnel help you out with emergency procedures, and provide for smooth and rapid restoration of service.
A good DR plan should account for as many potential disasters as possible and lay out clear tactics that ensure critical systems are not only protected but kept online and that revenue loss is kept to an absolute minimum. So,
What are the components of an effective Disaster Recovery Plan?
- Performing a risk assessment
The planning committee for disaster recovery prepares a risk analysis and a business impact analysis (BIA) that includes a range of possible disasters. Each functional area of the organization is analyzed to determine potential consequences. For e.g., a risk assessment understands that fire may pose the greatest threat to that organization.
2. Establishing priorities for processing and operations
Once the risk assessment is performed, your critical needs of each department are evaluated and prioritized. Written agreements for alternatives are selected are prepared, such as-
- Details specifying the duration,
- termination conditions,
- system testing,
- cost,
- any special security procedures,
- procedure for the notification of system changes,
- hours of operation,
- personnel requirements,
- definition of the circumstances constituting an emergency,
- and other contractual issues.
3. Collecting data
This includes various lists (critical telephone numbers list, master call list, master vendor list, notification checklist), inventories (communications equipment, documentation, office equipment, forms, and insurance policies.
4. Documenting a disaster recovery plan
5. Developing testing criteria and procedures
The disaster recovery plan needs to be tested because it needs to be determined whether the DR plan is feasible or not. We also need to understand whether the plan needs revisions. Additionally, in-house personnel should be trained for the DR plan.
6. Final Step: Test The Plan!
You need to finally conduct dry runs so that your DR plan is up and running.
I hope this article provides a fair checklist the next time you're considering a DR solution.