If you don’t want to be scrambling in the middle of a crisis, you need a plan. Here’s what to think about as you develop your disaster recovery plan to make sure you get out of the situation and back into normal operations fast:
There’s bound to be lots of confusion during an incident, but you don’t want there to be any confusion about who’s in charge. Make sure your plan identifies who decides to invoke the disaster recovery plan and how this will be communicated to everyone who needs to be involved in the recovery.
Scope of potential threats
Crises come in all sizes, from a single accidentally deleted critical file to a fire that destroys your primary data center. Spend time assessing a variety of possible situations and determine how you’ll match your response to the size of the outage.
Lists of systems and people
You’ll need a complete list of all hardware and software that your business uses, as well as network diagrams. Also create a list of all the staff you’ll need to help bring the systems back online, including their contact info. Include contact info for third parties, such as vendors and partners, that may need to make changes on their side to connect to your recovery site.
Priorities and targets
It isn’t possible to bring up all systems at the same time, and it usually isn’t necessary. Take your list of systems and evaluate the priority of each system so you know where you need to focus your effort. For each system, set a specific recovery time objective and recovery point objective, specifying how rapidly you need to restore that system to operation and how much data you can afford to lose. Once you know these numbers, you can craft a recovery strategy for each application to meet those targets.
Document the details of the recovery procedures for each application, including the complete details of the commands that need to be executed. Identify the other processes the application depends on in order to start up. Include validations that allow you to confirm the application is running properly in its recovery mode.
Once the disaster is over, you’ll want to resume operations in your normal production environment. Executing fallback processes can be as complex as the disaster recovery procedure itself, so document the process to the same level of detail.
Once your disaster recovery plan is complete, schedule a test to validate that it works. Then update the plan with any corrections, clarifications, or critical information that was missed the first time around. Because your infrastructure changes continually, your plan should be a living document. When you place new resources into production, you should also update your plan to include them. The entire plan should be periodically reviewed and tested, at least annually, to make sure there are no omissions and that it works with your current infrastructure.
Did you know three out of four small businesses have no disaster recovery plan at all? Learn more in Why a Business Continuity Plan is Essential.