Disaster Recovery and Business Continuity Are Not the Same: What You Need to Know
Best Practices for Developing an Effective Business Continuity PlanBest practices for developing an effective business continuity plan include:
- Form a team, including employees from various departments, to develop a living business continuity plan.
- Obtain buy in from your executive management team to ensure this is a priority for the company.
- Be proactive in identifying risks and watch for new, potential risks on a regular basis.
- Understand how those risks will affect your day to day business operations, as well as specific groups including employees and customers.
- Put measures in place to mitigate those risks.
- Identify people and procedures needed to alert employees, customers, vendors, and other key stakeholders that a disaster has occurred.
- Regularly test your procedures to ensure they can be implemented efficiently, effectively and quickly.
- Examine your plan quarterly or at an interval determined by your team to review the procedures and ensure they are still current.
What is Disaster Recovery?Disaster recovery is one critical component of the larger business continuity plan. Although it is not solely focused on IT, it is often the IT department that takes over responsibility. It becomes your backup and recovery plan—the way in which you will maintain, store, and restore your data, files, software applications, servers, and other equipment so that you are up and running again in the shortest amount of time. Ask yourself, how frequently do we currently backup our data and can the company function without critical data for any period of time? Are additional servers and other equipment readily available to us to quickly rebuild our network infrastructure? Is there another secure location within a reasonable distance of our office where we could restore our network if the current server closet or server room is no longer usable? If business continuity is about mitigating risk before anything ever happens, disaster recovery is about quickly and efficiently implementing your plans during and after the disaster has occurred.
Best Practices for Developing an Effective Disaster Recovery PlanBest practices for developing an effective disaster recovery plan include:
- Understand what impact the previously identified risks could have on your IT assets.
- Decide how you will replace equipment if that should be necessary.
- Know how many additional servers and other pieces of equipment you have in stock which could be installed immediately after the outage.
- Implement a procedure for obtaining any new parts which you may not have in stock.
- Identify the level and type of support/notifications you will provide to employees, customers, vendors and others during the outage. For example, a help desk, call tree, automated push notifications or conference bridges.
- Determine your Recovery Time Objective (RTO): The target time you need to recover your IT and business activities after a disaster has struck. Knowing how quickly you can actually recover your IT infrastructure and how quickly the business needs to recover to prevent catastrophic loss, will help you decide on the preparations you need to put in place to make sure that those two numbers are in sync.
- Determine your Recovery Point Objective (RPO): The window of time in which data loss is acceptable for your company. Put simply, it is the amount of time between required data backups. Could your company still operate, virtually unaffected, if you were unable to access the last three days of data? If not, you may want to consider daily backups or even real-time backup.
- Decide on your recovery failover procedures and system restart procedures.
- Preselect a local data center provider whose colocation or cloud services you would be able to utilize in the event that your facility is no longer usable or accessible to ensure that rapid restoration of business operations is possible.