Key Components of a Business Plan
Every existing and aspiring business owner will tell you that they have a business plan. However,...
Disaster Recovery Planning and developing a Disaster Recovery Plan (DRP) is a vital part of a Business Continuity Plan. A DRP ensures that all of your systems, data and personnel are protected. It makes sure your business continues to operate in the event of an emergency or disaster– be it hurricane, hacking, or the hindering high-jinks of 2020.
At this point in the business continuity planning process, you will have identified risks in a risk assessment. You will also have investigated who and how will be impacted in business impact analysis. Your DRP should include strategies to restore hardware, applications, and data in a timely fashion to meet the needs of your business continuity plan. A DRP seeks to aid an organization resolve data loss and recover system functionality so that it can perform in the aftermath of an incident.
As cybercrime and security breaches become more complex and sophisticated, it is important for a business to define its data recovery and protection strategies. The ability to pivot quickly in the event of an emergency can reduce downtime and minimize damages to an organization’s finances and reputation.
A disaster recovery strategy should begin at the business level and determine which applications are most important to running the organization. The Recovery Time Objective (RTO) describes the target amount of time a business application can be down, and is typically measured in hours, minutes, or seconds. The recovery point objective (RPO) describes the age of files that must be recovered from backup storage for normal operations to resume.
Recovery strategies will define how an organization plans to respond to an incident, while disaster recovery plans will describe the how. A recovery plan flows from a recovery strategy.
When determining your organization’s recovery strategy, the following should be considered:
All strategies should align with the organization’s overall mission and goals.
Disaster Recovery Plans can be specifically tailored for a given environment or business. Some specific examples for DRPs include:
A DRP can range in scope from basic to comprehensive.
A DRP checklist includes identifying critical IT systems and networks, prioritizing the RTO, and outlining the steps needed to restart, reconfigure, and recover systems and networks. The plan should at least minimize any negative effect on business operations. All employees should know basic emergency steps in the event of an unforeseen incident.
How to Build your Disaster Recovery Plan
The DRP process involves more than simply writing the document. The DRP takes into account the previous steps in the business continuity planning process, such as the Risk Assessment (RA) and the Business Impact Analysis (BIA). The RA identifies threats and vulnerabilities that could disrupt systems of operations. The BIA identifies the impacts of disruptive events and is your starting point for identifying risk within the context of disaster recovery. It also generates the RTO and RPO.
A good disaster plan is a constant evolution, a living document seeking the input and wisdom of all stakeholders.
Another component of the DRP is a well thought out crisis communications plan. The crisis communications plan should detail how both internal and external crisis communication will be handled. Internal communication includes alerts that can be sent using email, overhead building paging systems, voice messages or text messages to mobile devices. Examples of internal communication include instructions to evacuate the building and meet at assembly points, updates on the progress of the situation and notices when it’s safe to return to the building.
External communications are even more essential to the business’s continuity plan and include instructions on how to notify family members in the case of injury or death; how to inform and update key clients and stakeholders on the status of the disaster; and how to discuss disasters with the media.
An effective disaster recovery plan defines the roles and responsibility of disaster recovery team members and outline the criteria requires to put the plan into action. The plan should then specify, in detail, the incident response and recovery activities.
Testing your DRP identifies weakness and opportunities to fix problems before they occur. An easily recognizable example of this is a fire drill. Students know where to stand on the ball field because they have practiced it and stragglers can be identified and coached through the process. Testing can also offer proof that the DRP is effective and hits RPOs and RTOs. Because IT systems and technologies are constantly evolving, testing also helps make sure your DRP is up to date.