Disaster Recovery

A 12 Step Guide to Build Your Disaster Recovery Plan

Chaz Hager October 06 2020

It can be frightening to even think about. What would happen to your business if you suddenly lost access to your data and applications?  Even for short periods, this can cause significant problems. Extended delays could be catastrophic.

Whether it’s a natural disaster, hardware failure, human error, or you’re a victim of cybercriminals, having a disaster recovery plan is essential.

To create an effective disaster recovery plan, follow this 12-step process.

Step 1: Impact Assessment

Disaster recovery planning requires a commitment from your organization’s leadership. Important decisions have to be made, so you’ll need to involve the right stakeholders to get an agreement on your plan.

This includes determining the impact of downtime, how long your organization can tolerate downtime before it has a financial impact, and what level of risk exposure is acceptable. The answers to these questions will help you build your plan, set priorities, and establish your objectives.

Step 2: Establish Objectives

Your impact assessment can help frame discussions about Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).

RTO is a measure of the amount of downtime you can have before full recovery occurs. RPO estimates the maximum downtime and data loss before it has a catastrophic impact on your business. 

Image of three succesful business people using a tablet during at meeting

Step 3: Identify Resources

In case of an incident, you should already have a documented list of internal and external resources that are required to help you re-establish operations. This should contain:

  • Staffing
  • Contact information
  • Responsibilities

Communication is crucial in disaster recovery. You should also detail who will handle communications during a disaster. Remember that you may need to notify those outside your organization, such as law enforcement or media.

Step 4: Document Infrastructure

Document your hardware, configurations, and infrastructure to help in case a rebuild is required. In a disaster, you may not need access to every piece of data you had stored. 

Set priorities and list applications by priority level.

Step 5: Choose Data Storage/Recovery Methods

This is one of the biggest decisions you'll make: changing your back-up strategy from what is likely on-premise and moving it to the cloud. The method you choose for data storage will impact your recovery process

We'd recommend you store your data backups in the cloud, or by using a cloud-based Disaster Recovery as a Service (DRaaS) provider. Spending time on a robust DR strategy will position your business and your assets for future growth.

Step 6: Define Incident Criteria

Incidents vary greatly. From a power outage to a natural disaster, you’ll want to define which events and criteria trigger your disaster recovery plan based on your RTO and RPO tolerances.

You should put in place automated alerts and ensure your staff knows what actions should trigger manual alerts.

Step 7: Document Procedures

For optimal efficiency, document automated and manual processes, along with those responsible for initiating. You don’t want to have to remember the steps to take in case of a disaster. You want to be able to grab a checklist and start working on your priority list.

Step 8: Initiate Backup Failover

When an incident has occurred and it will last beyond your tolerance levels, it’s time to activate your backup failover site. Hopefully, you have mirrored your data and set up your failover protection to allow employees to work as closely as possible to the normal environment.

You should quickly verify the data is synchronized and critical functions work as required.

Step 9: Return to Normal Operations

Your disaster recovery plan should include estimates of the time required to return data and applications to normal operations. Once returning to normal operations, you’ll also want to validate the data integrity.

Some cloud providers offer automatic failback when your primary site is back online to avoid service interruptions during recovery.

Step 10: Testing

Testing can uncover gaps in your disaster recovery plans and surface problems with your infrastructure or processes. This information can be used to help determine IT priorities in the future or when it’s time to budget. After testing, conduct a thorough review of performance, plug any gaps in your plan, and update your disaster recovery plan.

Regular testing also uncovers limitations in your existing plan as your organization grows and evolves.

Step 11: Set Review Schedule

Disaster recovery plans should be updated regularly to take into account organizational changes. Establish a formal review schedule that works for your organization. This might be an annual review, quarterly, or monthly depending on your risk tolerance.

If there are significant infrastructure changes, staff re-organization, new applications, or merger/acquisition/divestitures, you probably need to review when these occur. External events should also trigger a review, such as a change in compliance regulations, vendors, or third-party relationships.

young business people group have meeting and working in modern bright office indoor

Step 12: Partner with Experts

When creating your disaster recovery plan, you’ll want to partner with experts that can analyze and assure your plan will protect you in case of a disaster. The stakes are high for your business if you ever need to enact your plan. If you missed steps or failed to account for critical needs, it can be catastrophic. Working with a company that has deep experience in the business continuity and disaster recovery space can give you peace-of-mind that your business is protected. 

Mitigate the Damage to Your Organization

Whether it’s a natural disaster (fire, flood, tornado, hurricane), a power outage, or a cyberthreat (ransomware or malware), you need to be prepared to act quickly and appropriately.

The faster you can return your organization to operational mode, the less damage that will occur to your bottom line.

Guide

A CFO's
Guide to

Disaster Recovery Planning

Download the Guide

Take a Page from Our Playbook

Latest Posts