Disaster Recovery (DR)
A disaster is anything that puts your organisation in Danger, slows down production or impacts revenue. It can range from a small cyber event to a flood, fire or earthquake.
There are 2 important measurements when it comes to a disaster. What are the recovery points and how long is it going to get there.
A backup is the first process. Once you have a backup you need to evaluate the time to recover and what data is important. a file backup maybe important for recoveing data in a file structure, but most organisations have a management system, based in a database and will need additional components to recover to get back to business as normal.
This is a risk decision based on the organisation's priorities. The risk management process should be completed by the organisations but guided by an expert in the field (Internal or external).
A disaster recovery plan is designed to give a structured approach to the organisation to recover critical infrastructure and systems. Any negative impact on the organisation needs to be addressed in the risk management strategy and incorporated into the DR Plan.
What is a DR Plan?
A DR Plan includes the following:
- A statement of policy.
- A DR Plan overview.
- The main recovery points of the Plan.
- Key personnel with contact information
- Emergency response Actions immediately after implementation
- Diagrams, Maps and drawings on systems and locations.
- Documentation on recovery site (if available)
- Recovery documentation of all software, hardware and cloud based components
- Media tips, insurance information, legal and financial processes.
- Forms and policies to make it all work.
How do you achieve it?
The DR plan is a comprehensive process to ensure a business / organisation can get back to business as normal.
to create a comprehensive DR Plan the following should be done:
- Meeting with shareholders, stakeholders, management and staff to establish the scope and focus of the DR Plan
- Gather all documentation relating to network, infrastructure, hardware and software.
- Identify the most serious threats and vulnerabilities
- Review the history of outages and disruptions.
- Identify critical business assets and determine recovery times
- Designate teams and personnel to the plan
- Review the plan via management and board
- TEST THE PLAN
- review and audit test results. Constant improvement.
What has to change?
We all have this attitude that it will not happen to me. As an organisation or a business, contingency plans need to implement on the principle of "just in case".
Any disruption to business will have an impact. The bigger the disruption the bigger the impact on revenue, profit and business capability.
A Disaster Recovery Plan can be as little as a piece of paper with relevant information all the way up to a fully fledged 100 page document. It depends on your risk appetite.
A Disaster Recovery plan has to have one very important feature - it has to be written. It is no use inside someone's head!