Effective IT Disaster Recovery Planning and Management
For any company to develop an IT disaster recovery plan, then store it away on a shelf is as foolhardy as never having drawn up the plan in the first place. Keep your DRPs strong with periodic risk assessment and well-practiced testing.
An IT Disaster Recovery Plan (DRP) is part of a company’s Business Continuity Plan (BCP) – the overall procedures put in place during a disaster to insure that essential business functions continue and mission critical services and operations are protected. BCPs are agreed upon in advance by management, various departments and key personnel to help the company recover to a fully functional level as quickly as possible after any type of disaster occurs, whether it be local, regional, national or global; like fires, earthquakes, hurricanes, tornadoes, terrorist attacks or pandemic illness.
Those involved in the development of the BCP typically draw up a series of DRPs for specific departments that help in recovering technical operations, such as Information Technology (IT), a vital component of any modern company. These procedures are used for recovering access to all-important data, software and hardware needed to resume normal, critical business functions. The obvious answer to protecting the integrity of any IT department and its systems would be to have redundancy and other geographical areas listed and maintained as a backup. It is also beneficial for companies to include in DRPs contingencies for how to cope with the sudden loss of key personnel as well as how to recover data.
The key here is the benefit of advanced planning. Studies show a company could lose as much as 60% of its productivity within the first days following a disaster, and insurance covers only 30-50% of all losses. In addition, the estimated costs of a recovery from a disastrous event can be 15 times greater than if a properly executed BCP/DRP exists.
Typically, companies want to protect the following during a disaster:
- Assets including data and information
- Revenue and market share
- Stakeholder interests
- Legal obligations
- Auditor and insurance company document requirements
Savvy companies plan for disaster to help minimize loss and downtime while maximizing the fastest chance of recovery.
Steps to Develop & Implement BCP/DRPs
- Policy Statement – the goals, reasons and resources of the plan
- Business Impact Analysis – how a shutdown impacts the business financially and otherwise
- Identify Preventive Steps – measures that could avoid a disaster altogether
- Recovery Strategies – how and what must be recovered
- Plan Development – adaptable implementation procedures contributed by all stakeholders
- Buy-in and Well-Practiced Testing – all stakeholders accept the plan and are familiar with the specific actions they will need to take should a disaster occur
- Maintenance – continuous adjustments to the plan that reflect the current situation
With everything in place, it is essential to have all stakeholders participate in actual rehearsals of the disaster recovery plan to see what works and what doesn’t. In most cases it will be easy to see the results, and continue to test better, more effective methods for a well-coordinated and efficient plan.
Documented, well-practiced DRPs can provide:
- A quicker, more efficient recovery
- An increased likelihood of business survival
- A possible reduction in insurance premiums
- A possible improved credit rating
- An assist in securing key business contracts by being able to prove continuous supply of goods or services in the event of a crisis