We have discussed disaster recovery plans several times before. However, it’s important to look beyond backups and explore the other aspects of disaster recovery planning. This means looking into the process of designing disaster recovery plans and processes – what it involves, what you need to consider, and more.
There’s a number of outlines out there detailing various disaster response plans and their components, including this one. However, all disaster planning comes down to one question:
“What if?”
Murphy’s Law dictates that whatever can go wrong, will. Disaster recovery planning is at its core planning for things to go wrong, and having an established process for how to move forward. This will be different for each individual organization and industry, meeting individualized needs, but there are some common themes:
What if you lose access to critical systems, or critical systems break?
Ransomware, acts of god, or simple maintenance failures. Any of these can interrupt access to critical systems, whether those systems are encrypted or you’ve simply lost power.
What constitutes a disaster?
To start with, there needs to be a consensus what events should be planned for and what criteria need to be met to actually trigger a response. Disaster recovery planning is fundamentally a fairly extreme reaction – does your organization have a system for determining what counts? For that matter, have you done risk assessments and figured out what events are most likely?
Who knows what to do next?
Disaster recovery planning includes having clear procedures for foreseen issues – and these procedures have to be accessible. Where are they written down? Who knows what steps you should be taking? For that matter, who has the authority to say “start the disaster recovery process” and what happens if they’re out of commission?
Steps to take when designing your disaster recovery
- Do a thorough risk-assessment on your business and your situation
- Identify roles and responsibilities based on the most likely events
- Establish a clear hierarchy so that someone can take over if a given manager is unable to communicate or fill their role
- Establish a plan, including
- Where the plan is recorded
- What steps need to be taken in what order
- What assets are to be used
- Practice executing the plan! Switch off systems, close access to data and make sure the plan is functional and your employees can execute on it
- Report incidents and iterate on the plan – learn from your mistakes!
Your Data In Your Hands – With TECH-ARROW
