What is a Disaster Recovery Plan?

A DR plan contains several parts or sections to it and in today’s information-dependent society, every business requires an IT Disaster Recovery Plan. Downtime for any business, regardless of size, is costly and eats into the bottom line. A Disaster Recovery Plan or DRP is a written plan which outlines how a business will respond to a variety of disasters that lead to technology downtime.

The DRP develops strategies for timely restoration of hardware, data, and applications to meet the needs of the particular business, prioritizing restorative actions and assigning personnel to specific roles or tasks. Essentially, installing a backup system for business continuity, pending recovery.

When developing a Disaster Recovery Plan, you will conduct a Business Impact Analysis in order to understand what impact a particular disaster will have on the business. The Business Impact Analysis determines the likelihood of potential risks, then evaluates steps that can be taken to avoid or mitigate the perils, prioritizes responses, and estimates the financial impact to the business.

See Also: (Live Webinar) Meet ServerMania: Transform Your Server Hosting Experience

What Situations Should Be Considered in a DRP?

A Disaster Recovery Plan does not need to be limited to catastrophic data failures such as an entire data center going offline due to a natural disaster. It can also encompass prolonged DDoS attacks which cause critical customer systems to go offline, equipment failure, and any other situations which can cause an emergency for the business. The more detailed the DRP and the more scenarios that are explored, the less likely it affects business operations.

The central study underpinning any DRP must be the Business Impact Analysis that takes into account all potential perils to the data or hardware such as:

  • Data Loss
  • Hardware failure
  • Network outage
  • Power outages
  • Water leaks
  • Prolonged cyber attacks
  • Natural disasters

Does a Disaster Recovery Plan Only Focus On Responding to Disasters?

An important aspect of Disaster Recovery planning is also an investigation on how to avoid the disasters outlined above, or how to mitigate their damage in the event that they do occur. There are a range of mitigation efforts for data protection, however, the best would be a data backup strategy. The data backup and disaster recovery strategy starts with the identification of the most essential data to be preserved, followed by selection and implementation of backup procedures. The scheduling and effectiveness of routine backups should be verified periodically to ensure no data loss.

DRP Tip: Are You Hosting Servers On Premises?

Most businesses are not equipped with the proper infrastructure to securely store servers. This includes physical security with 24×7 security monitoring, redundant network / power / cooling, and fire suppression. Servers that are stored in an environment without these protections in place are at a significant risk of failure.

Moving servers to a secure data center that is designed to store servers and monitored 24×7 is one of the best ways a business can mitigate server downtime in DRP planning.

 Disaster Recovery Plan Steps

To make the job easier, DRP Templates exist online to help organize the disaster response process. Although several templates are readily available, IBM has developed a particularly useful disaster recovery template, which can be copied or reproduced for your business.

The following steps can help guide you in developing your own Disaster Recovery Plan:

Step 1: Outline the DRP’s Primary Goals

Goals that are generally important to any business include those listed on the IBM DRP template, which are:

  • To minimize interruptions to normal operations.
  • To limit the extent of disruption and damage.
  • To minimize the economic impact of the interruption.
  • To establish alternative means of operation in advance.
  • To train key personnel with emergency procedures.
  • To provide for smooth and rapid restoration of service.

Step 2: Take an Inventory of All IT System Hardware and Applications

As part of your disaster recovery solution, you should maintain an up-to-date inventory of the most critical systems: hardware (equipment) and software (applications). This should include the necessary specifications available to begin the repair, including vendor support contact information as well as the vendor’s emergency and daytime contact numbers. The inventory should include the name of the hardware manufacturer, model and serial numbers, cost, and lease or ownership status.

DRP Tip: Contact your ServerMania Account Manager to receive a detailed inventory of your servers with us.

Further reading: How Does the Data Center Tier System Work?

Step 3: Conduct a Thorough Risk Analysis of Your Company’s Systems

A good disaster recovery plan includes reviewing all potential risks from data loss to cyber attacks, to a natural disaster.

Accompany the inventory of hardware and applications used throughout the business with an assessment of potential hazards that could impact the operation of each IT asset. (Some hazards may be location-specific, such as possible water leaks.) Analyze electrical and other factors. Determine an acceptable recovery point objective (RPO) and recovery time objective (RTO) for hardware failure, and for each set of applications and data.

Step 4: Establish the Budget

Your business continuity plan involves a practical evaluation of potential and actual costs for mitigation and disaster recovery, with decisions made by upper management in conjunction with the IT and accounting departments.

If your current server environment does not provide disaster recovery solutions, you will want to allocate a budget on an ongoing basis for practical service providers that can help alleviate business loss and help you resume business processes with a rapid recovery. Developing a crisis management team can include personnel from within your company, however, you may wish to consider hiring or retainer experts to provide leadership in critical areas.

Many organizations benefit from disaster recovery services. Known as DRaaS (Disaster Recovery as a Service), these companies provide an array of offerings that will shorten your recovery time. A third-party provider can arrange for a “Hot Site” for your data storage. Hot sites take the data from your primary data center and create backup sites that replicate your existing network environment, in real-time. Often they come as cloud services with the goals of maintaining your business operations and provide data protection.

In the event of a disaster, they will be there to assist with the recovery process to resume normal operations. They can often help you restore data that may have been corrupted, recover lost data, and provide crisis management. Prices vary depending on your level of service.

Learn how ServerMania can protect your data.

Step 5: Develop and Prioritize the Disaster Recovery Plan in Three Tiers

The first tier of the DRP should focus on hardware, applications, and data that have been assessed as being absolutely crucial to business operations and most immediately required. The second recovery tier involves hardware and applications that are also essential, but without which the business can exist for a period of 10-24 hours. The third tier, then, are the remaining hardware assets and applications which the company needs to be efficient, but which can be restored within as many as several days without appreciable impact.

Step 6: Focus on Disaster Recovery Team Personnel

An organization chart should be included with the DRP. It’s necessary to build a Recovery Team that is highly trained and capable of responding rapidly to any disaster, with assigned roles and responsibilities, plus total familiarity with the recovery script outlined in the DRP. Your team can be made up of personnel within the organization, as well as outside experts who are capable of leading in critical areas.

Because you don’t know what kind of disaster may strike, backup personnel should also be trained to step in should the disaster take place at a time when team members may be ill, on vacation, or affected by the disaster. The DRP should define key roles, and assign specific responsibilities to each individual on the team. A solid understanding is necessary regarding steps to be taken once a disaster is declared by the Recovery Team Leader, the sequence of those steps, and the manner in which team functions and responsibilities are interrelated. A clear picture of ‘who is responsible for what’ is absolutely critical; it engenders a universal comprehension of the recovery plan and promotes its effective execution.

Step 7: Develop A Communication Plan

As important as having an organized approach to disaster recovery, fostered by a well-thought-out DR plan, a published communication plan is vital for the use of team members to ensure business continuity. In a disaster, normal methods of communication may be disrupted, and Recovery Team members must know how to communicate with one another by alternative means, from initial notice and periodic updates to the wrap-up of the recovery process.

You will want separate DR plans for how you are going to communicate with your clients. Depending on the size of your organization, you may require multiple means to reach your clients. If they are not accessing your service, every minute you are down is costing you revenue. Therefore, this plan should also include information on who and how customers will be contacted and kept up to date during the outage.

Step 8: Incorporate Information Regarding a Backup Worksite Location

Instructions should be included in any well-devised DRP to allow employees to gather at an alternative site during the crisis and continue to be productive while the system is down. A predetermined alternate site like this is referred to as a ‘cold site’. An alternative site could also mean employees working from home until recovery has reached a point where equipment and communications are once again available.

Maintaining the Disaster Recovery Plan

Having and investing in a plan is the right decision to make for any business, and regular testing of the DRP is recommended twice per year.  Testing should also follow upon making any changes to the plan or the replacement of personnel with vital roles in its execution.

Upon completion and testing of your DR plan, be sure to keep several original copies of the document in an off-site location that is both safe and accessible. You would be wise to also keep them in both electronic and physical forms (you never know when disaster will strike and in what form).

A working copy should be utilized for periodic testing and personnel drill, to ensure that the plan works effectively, that the process of restoration can be completed within the necessary time frame, and that all personnel are prepared to respond rapidly and appropriately in the event of an actual disaster. Test results should always be recorded, and the DRP should be updated to address weakness in any area. Test frequently, and keep fine-tuning the results.

Next Steps

When developing the DRP, you may discover that the risks associated with keeping servers on-premises would be better suited for either server rental or colocation in a Server data center. If that is the case, you should consider contacting our team for an expert server consultation. We can review your server inventory and DRP in order to develop server solutions that are less prone to disaster in our secure data centers. We can also review your server backup procedures to determine if ServerMania Cloud Backup may be a good fit for you.