Creating a Disaster Recovery Plan

Creating a Disaster Recovery Plan

"A chilling list" is what weather.com calls its list of the 5 cities that are most vulnerable to a "Hurricane Sandy-like" disaster.  Guess who is at the top of their list?  You guessed right...Hampton Roads, Virginia.

Bill Read, whose career includes 30 years at the National Weather Service and 4 years as director of the National Hurricane Center, predicts that our area is primed for major and serious coastal storm.  In developing his list he looked at factors such as population, infrastructure and time since a major disaster occurred.  Living in Hampton Roads we all know the congestion challenges of our highways, bridges and tunnels.  And the coastal nature of our community leaves many of us in flood zones which can be overwhelmed with a heavy rain.

In addition to weather forecasting, Mr. Read also is passionate about preparedness.  Short of a hurricane or major, widespread natural disaster, is your business prepared for an IT disaster that could halt your business infrastructure or communications?

While we all try to prepare for major disasters, keep in mind that having your IT infrastructure disabled--even for a short time--can be catastrophic to a business.  This includes both a loss of revenue as well as incurring overhead costs such as payroll expenses while the system is down or off line. 

 

And, not all disasters in our businesses are “natural”.  The reality is that 95% of operational IT disasters occur due to hardware failure, corruption of data, utility outage or employee error.  For most businesses, IT and technology outages that last 24-48 hours or longer are considered IT disasters.

A Disaster Recovery Plan is an internal document that details out for your particular business, what constitutes a disaster, who is responsible for what, and who needs to be informed along the way.  It can be as comprehensive as your company's infrastructure dictates.  You should ask your IT service provider if they have a template that you can follow or they might even be available to consult and help you formulate your company's plan.  However, there are some basic pieces of information that should be included in every plan.

Definition of a disaster.  For most business, a disaster is declared after 24 hours without technology.  For example, however, if you run a hospital, even just 5 minutes without your IT infrastructure might be too long.  Keep in mind that operational technology disasters as well as natural disasters should be considered and in what time frame without your IT infrastructure a disaster should be declared.

Who is doing what.  Each person who plays a role in your Disaster Recovery Plan should fall into one of the following categories:  Responsible Party, Accountable Party, Contributing Party, Informing Party.  Then each person is assigned their role based upon:  selecting recovery strategies, creating the disaster recovery plan, executing disaster recovery testing, maintenance of disaster recovery plan, disaster declaration process, overall disaster communication.

What your plan covers.  Your technology infrastructure can cover a lot of ground from telecommunications to your server to proprietary software which operates your business.  Your plan should be as specific as your business dictates.  It could solely cover your server and software or could detail out hardware, moving data from location to location or even accessing your data or software from a cloud based system.

After your team has created your Disaster Recovery Plan, your work is not complete.  It should be shared with all company stakeholders including participating vendors or supporting companies and employees who are tasked with executing and receiving information should a disaster occur. 

 

And, since practice makes permanent and technology is updated frequently, your plan should be executed in a test once a year.  The results of this “dry-run” should be incorporated as changes or updates to your company's plan. 

 

While it seems like a daunting task of organizing for a disaster that might never happen, the reality is that a Disaster Recovery Plan works like an insurance plan.  You might not need it.  But when you do, you are glad you have taken the time to plan. 


Martin Joseph has been an expert in the IT field for over 25 years and is the president of 360IT PARTNERS that serves Small and Medium Businesses.  He can be reached at martin@360itpartners.com or at 757-499-6761

Print
Archive