One of the most significant, if not the most significant function within any secure business is that of risk management. Risk management equates to having a set of policies and procedures in place that are designed to mitigate losses caused by a myriad of circumstances including natural disasters (floods, tornados, hurricanes, etc.).
It is incumbent on business owners and management to be prepared for the threats from the fore-mentioned types of disasters. Risk management and Disaster planning, in general, is concerned with minimizing the impact on the company’s operations and IT functionality caused by disaster.
As Search Disaster Recovery notes, a disaster can be anything that puts an organization's operations at risk, from a cyberattack to equipment failures to natural disasters. The goal of Disaster Recovery is for a business to continue operating as close to normal as possible. The disaster recovery process includes planning and testing and may involve a separate physical site for restoring operations.
In addition, a disaster recovery plan provides a structured approach for responding to unplanned incidents that threaten a company's IT infrastructure, including hardware and software, networks, procedures and people. The plan provides step-by-step disaster recovery strategies for recovering disrupted systems and networks to minimize negative impacts on company operations. A risk assessment identifies potential threats to the IT infrastructure; the DR plan outlines how to recover the elements that are most important to the company.
As this disaster recovery report observes, an IT Disaster Recovery Plan (DRP) is created to ensure a business and more specifically their technology department can recover quickly and efficiently should they lose their data centre or have a major IT software or hardware failure. Prior to developing an IT DR plan, it is critical that a Risk Assessment and Business Impact Analysis is carried out. These two prior phases will clearly highlight where a potentially disastrous event may occur and also establish important factors such as the time frame and recovery order in which the business needs to re-establish its systems.
According to Yatsish Mishra: “Ninety four percent of businesses that suffer a large data loss go out of business within 2 years”
As this disaster recovery report further observes:
Preparing for a disaster requires a comprehensive approach that encompasses hardware and software, networking equipment, power, connectivity and testing that ensures DR is achievable within targets. While implementing a thorough DR plan isn't a small task, the potential benefits are significant.
Note the following elements to an effective disaster recovery plan published by CIO:
1. Let employees know where to go in case of emergency – and have a backup worksite.
“Many firms think that the DR plan is just for their technology systems, but they fail to realize that people (i.e., their employees) also need to have a plan in place,” says Ahsun Saleem, president, Simplegrid Technology. “Have an alternate site in mind if your primary office is not available. Ensure that your staff knows where to go, where to sit and how to access the systems from that site. Provide a map to the alternate site and make sure you have seating assignments there.”
2. Make sure your service-level agreements (SLAs) include disasters/emergencies.
“If you have outsourced your technology to an outsourced IT firm, or store your systems in a data center/co-location facility, make sure you have a binding agreement with them that defines their level of service in the event of a disaster,” says Saleem. “This [will help] ensure that they start working on resolving your problem within [a specified time]. Some agreements can even discuss the timeframe in getting systems back up.”
3. Include how to handle sensitive information.
“Defining operational and technical procedures to ensure the protection of…sensitive information is a critical component of a DR plan,” says Eric Dieterich, partner, Sunera. “These procedures should address how sensitive information will be maintained [and accessed] when a DR plan has been activated.”
4. Test your plan regularly.
“Your plan must include details on how your DR environment will be tested, including the method and frequency of tests,” says Dave LeClair, vice president, product marketing, Unitrends, a cloud-based IT disaster recovery and continuity solution provider. “Our recent continuity survey of 900 IT admins discovered less than 40 percent of companies test their DR more frequently than once per year and 36 percent don’t test at all.
In short, when it comes to preparing an effective DRP and executing it with success, always err on the side of being over-prepared.