6 Points Not to Leave Out of Your IT Disaster Recovery Plan
Security Analyst II, BCDR, W.W. Grainger, Inc.
How to develop an IT disaster recovery plan that will keep your business running and avoid becoming one of the 43 percent of facilities that never reopen after a major data loss.
Losing data is a big deal for businesses of all sizes and across all industries. According to IBM, of the companies that had a major loss of business data, 43 percent never reopen, 51 percent close within two years, and just six percent will survive long-term.
“Enterprise networks and data access can be knocked out without warning, thanks to natural and man-made disasters,” CSO reports, pointing to hurricanes, tornadoes, earthquakes, fires, floods, terrorist attacks, and cyberattacks as some of the threats that could impact a business at any time. To offset the negative impacts, companies need a solid disaster recovery (DR) plan that addresses a variety of “what-if” scenarios.
Here are six points to include in your company's DR plan:
- Factor in hardware, software, data, and connectivity. Without one component of the “system,” the system as a whole may not run the right way. To ensure that all critical systems are addressed, the Department of Homeland Security (DHS) tells companies to consider all of these system components when developing a disaster recovery plan:
- Computer room environment (secure computer room with climate control, conditioned and backup power supply, etc.)
- Hardware (networks, servers, desktop and laptop computers, wireless devices and peripherals)
- Connectivity to a service provider (fiber, cable, wireless, etc.)
- Software applications (electronic data interchange, electronic mail, enterprise resource management, office productivity, etc.)
- Develop a reliable backup data system. “While you may have on-site redundancies in place for your company’s files and information, it is now considered a necessity to have an off-site cloud backup solution in place, as well,” according to CSO. Such solutions address security concerns while also helping to make data recovery easier (e.g., by using the web to restore systems) in the case of emergency or disaster.
- Put together a cross-department disaster recovery team. A DR plan will only be as effective as the team you put behind it. That means you should assemble a team of IT- and operations-focused employees who are briefed and ready to act when called upon. “In addition to ensuring knowledge and understanding of the plan and their designated roles by this team,” CSO advises, “also include and communicate all relevant emergency contact information of those team members within the plan itself.”
- Do regular data backups. A reliable system will be worthless if your company isn’t doing regular data backups on a scheduled basis. Determine which files need to be backed up, where those files are located, which files/systems hold the most critical data, and who will be responsible for doing and/or overseeing the backups (e.g., the system administrator or IT department). Other key points to consider are: When, where, and how the backups will be performed, and where the files will be restored to in case of emergency (i.e., to the system where they came from, or to a different system?). Don't forget to include a safe "hot spot" or secondary recovery spot for your data, preferably somewhere more than 100 miles away from your home base.
- Leverage vendor-supported DR strategies. Some vendors provide “hot sites” for IT disaster recovery. These sites are fully-configured data centers with commonly-used hardware and software products, DHS explains. Subscribers may provide unique equipment or software either at the time of disaster or store it at the hot site ready for use. “Data streams, data security services, and applications can be hosted and managed by vendors,” DHS adds. “This information can be accessed at the primary business site or any alternate site using a web browser. If an outage is detected at the client site by the vendor, the vendor automatically holds data until the client’s system is restored.”
- Regularly test and update your disaster recovery plan. Disaster recovery isn’t a “set it and forget it” project. Your business is dynamic, growing, and continually being exposed to new threats. In the IT Disaster Recovery Planning for Dummies Cheat Sheet, Wiley tells companies to structure DR testing by:
- Determining how frequently you should perform each type of test.
- Testing the individual components.
- Noting any discrepancies, and then passing the plan back to the original authors for updating. “This process improves the quality and accuracy of the DR plan,” Wiley notes, “which increases the likelihood that the organization will actually survive a disaster if one occurs.”
- Performing wider tests of combined components.
- Testing the entire plan.
Start Developing Your IT Disaster Recovery Plan Now
It’s no secret that businesses of all sizes and across all industries are creating and managing large volumes of electronic information or data—much of which is critical to their operations. “Some data is vital to the survival and continued operation of the business,” DHS points out. “The impact of data loss or corruption from hardware failure, human error, hacking, or malware could be significant. A plan for data backup and restoration of electronic information is essential.”
Joe Raab joined Grainger in 2017 as a Business Continuity and Disaster Recovery Analyst. He works with Grainger team members and its subsidiaries to create business impact analysis reports. Additionally, Joe’s responsibilities include training plan writers and automated notification system administrators, as well as helping to test and exercise these plans. He is constantly striving to improve Grainger’s readiness in the event of an emergency.
The information contained in this publication is intended for general information purposes. No representation is made that the information or references are complete or remain current. Click here for Grainger's full legal disclaimer.