Most organizations don’t have a solid plan for how to recover operations when disaster strikes. Natural disasters such as hurricanes, tornadoes and snow storms can take out a building at any time. Would your organization be prepared to get back to work quickly even if there was no building to return to?
When building a Disaster Recovery Plan (DRP), it is important to include several elements in your plan. Here are five critical pieces that should be included in the DRP.
- A prioritized list of assets and inventory – Create a full list of your organization’s physical and digital assets and inventory as part of your DRP, and categorize them into 3-5 levels of criticality. The list should be prioritized based on what assets have the greatest impact on your organization, so seek management buy-in on categorization. When disaster strikes, this list will help determine which applications should be recovered first.
- Define RTO and RPO for each criticality level – Recovery Point Objective (RPO) and the Recovery Time Objective (RTO) are a critical part of a good Disaster Recovery Plan as they directly pertain to how quickly you can retain your data. The RTO is the amount of downtime your organization can tolerate when a disaster occurs. The RPO refers to the point at which you recover data from a backup. If you back up your data every 30 days, is this an acceptable point in time for you to recover your data? Or do you need to recover from something more recent? In any case, you should outline what your RPO and RTO are in your DRP. In most organizations it does not make sense to have the same RPO/RTO for critical and non-critical applications.
- A DR team – When disaster strikes, it affects every part of your organization. Compile a team of trusted individuals who all have a specific role in how they handle the disaster. Obviously, your CIO or Director of IT has a critical role in recovering your data and getting your network back up and running. But there are others who should be involved in helping recover from a disaster. For example, you would likely include your head of Marketing to coordinate communication with clients. Everyone on the team should be a trusted individual who will be able to respond quickly.
- Communication policies/response procedures – Communication is key in any situation, especially when disaster strikes. You should have documented response procedures for everyone in your organization, your clients, and anyone else impacted by the disaster. The response procedures should be implemented in a timely manner when a disaster occurs.
- Test often by leveraging automation and sandbox DR environments – A DRP needs to be tested regularly to ensure it functions and still aligns with the needs of the business. We have observed that a DRP that is not easy to test will not be tested regularly. Regular tests will increase confidence in the plan and if disaster strikes, your DR team can rely on automation for deterministic outcomes while focusing their attention on post-recovery tasks.
For more information on building a DRP, contact us today.