Is Your IT Disaster Recovery (DR) Plan Good or Great?

It’s a normal workday, and then suddenly the fire alarm goes off in the back of the server room. Amidst the chaos, do the IT staff know what they’re supposed to do (once everyone is safe, and the fire is out)? A comprehensive IT disaster recovery (DR) plan is your playbook. It defines the IT infrastructure and how to restore and resume critical IT functions minimizing the impact on the business including downtime, data loss, and reputational damage.

Start by performing a risk assessment identifying key threats and vulnerabilities to your IT infrastructure including hardware/software failures, cyberattacks, natural disasters, and major power outages. What is the likelihood of each incident and the subsequent impact (enterprise-wide, regional, department-specific, etc.) for your organization? Now you can prioritize your recovery efforts accordingly.

Next, create a comprehensive DR plan that includes the who, what, where, when, why, and how details. For example:

• Who = What are the main roles and responsibilities (including identifying any essential IT staff)? For example, did you have any IT staff turnover? You’ll need to notify stakeholders such as management, vendors, and suppliers so you'll need current contact information.
• What = Which systems are mission critical, essential, and non-essential? Criticality will define the order of recovery and ensure that the most critical systems are restored first.
• Where = Do you have global data centers or IaaS? A hot site or an alternate cloud-based infrastructure for temporary operations?
• How = Step-by-step procedures for recovering systems, identifying which processes need to be done in a specific order.

Backup And Recovery Strategy

You need a solid backup and recovery strategy. Perform regular backups including software, configurations, and data. Backups can be onsite, offsite, cloud-based, or a combination depending on the business needs. For mission-critical systems, it may be beneficial to implement redundancy (e.g., deploying redundant hardware) to minimize the impact of an incident.

The IT environment and the business are continually changing so the DR plan needs to be kept current. Make sure you regularly review, update, and refine the plan to ensure it reflects any changes in your IT environment. Did you implement a new ERP system or relocate a data center? Or did you have any technology changes that improve the recovery process or enhance the resilience of your systems? If so, you need to take the time to update your DR plan.

Testing Your DR Plan

Make sure you regularly test the DR plan which will validate recovery procedures, identify gaps, and ensure data (e.g., stakeholder contact information) is correct. There are multiple ways to test including tabletop and scenario-based simulation. Tabletops are good, but simulations that test actual recovery procedures are better. It’s key to test on a regular basis with the business -- doing this takes your plan to the next level! The frequency of your testing may vary depending on the criticality of the systems or any regulatory requirements so stay up to date with any regulatory changes that may impact your DR plan. Make sure you document lessons learned (including from any actual incidents) so that you can identify any areas for improvement.

It’s crucial to ensure your DR plan is aligned with the business continuity plan. Within the DR plan, there should be a communication component. When an incident occurs, you need protocols to notify and continually update the stakeholders so that they can respond appropriately.

Encourage a culture of continuous improvement and solicit feedback for the DR plan. Although IT is responsible for disaster recovery, the DR plan will significantly impact the business. You need to have a DR plan that is current (aligned with the business needs) and is regularly tested with the business. It will enhance your readiness for the next disaster and minimize the impact of disruptions to your IT infrastructure as well as any potential disruptions to the business.

For more information on taking your DR plan from good to great,?follow me on LinkedIn!

?

Originally published on Work It Daily - https://www.workitdaily.com/disaster-recovery-plan