Sapphire Cloud Solutions stays ahead of the trends to provide you with the resources needed to build and maintain strong business continuity plans. This blog provides you with new insights on DR processes and procedures. If you need any assistance with them, let us help you!
SMB disaster recovery isn’t always easy, but following some key disaster recovery best practices is a good start. SMB IT managers may feel they can easily recover from outages because they have smaller IT environments and excellent IT teams. However, even the best IT managers can under estimate the complexity of building successful disaster recovery strategies. Sometimes this mindset leads to either an incomplete DR plan or no plan at all. If you intend to build a DR plan, you need to follow the essentials for disaster recovery planning.
1. Determine Impact
The most important and difficult step in disaster recovery planning is understanding how an unplanned outage affects your organization. Unplanned outages are any unforeseen events that interrupt normal business operations such as an IT systems failure, fire, power loss, or a natural disaster. Performing a thorough Business Impact Analysis (BIA) is the first step towards a successful DR plan. Without a BIA, it becomes very difficult to know what type of disaster recovery strategy you need. Depending on the interruption, your organization can lose revenue and sales opportunities, suffer reputational harm, or in the worst case, go out of business.
A thorough BIA is performed by identifying your organizations most critical business activities and applications and predicting what would happen if they were interrupted. This analysis is where many inexperienced planners make a mistake: Often they will take analysis shortcuts and go directly to developing a solution. DR planners should not assume there is a workaround or contingency available when a critical application is interrupted. A good rule of thumb is to plan for the worst and hope for the best.
A primary DR goal is to set a Recovery Time Objective (RTO) or how long a critical process can be down, and a Recovery Point Objective (RPO), or how much data you can safely lose. Often, the age of your data defines its RPO, not its size. For example, an accounting firm must be able to recover immediately up to the time of the crash while an auto repair shop may be able to lose 12 hours’ worth of data.
When performing a BIA, the planner must determine and rate on a scale from 1 – 5, with 5 being most critical:
– The financial value of the organizations functions and applications and how much revenue will be lost if this function is interrupted. The organization’s financial team must play a vital role in this step of the BIA.
– The operational value of the organizations functions and applications and how much productivity will be lost if the function is interrupted.
– The reputational value of each application and how it will affect customer satisfaction and future business growth.
– Last but not least, it is critical to identify the IT infrastructure required to the implement the DR plan.
2. Understanding Risk
Once the BIA has been completed, a thorough Risk Assessment (RA) of your organization must be performed. Typically, the RA is tightly bound to the results of the BIA. Functions and applications with a critical rating of 4 and 5 should be assessed first. Non-critical applications can typically be brought online as needed and do not need the same level of understanding and planning as critical applications.
Risk is complicated and its underlining factors make it easy to get bogged down while performing an RA. Therefore, keep your assessment criteria simple and be realistic about the risks your organization could face including specific threats tied to your organization’s geographic location, weather patterns, power and communications, and the transportation infrastructure.
3. Developing a Recovery Strategy
Once the DR planner has identified critical applications and assessed how outages will impact their business, it is time to develop a recovery strategy that will get their organization online quickly and mitigate its losses.
While developing a recovery strategy, be sure to consider existing contingencies or redundancies already in place. For example, if a critical application is hosted offsite or is managed by a provider, be sure to include them in your planning. Including all internal and external parties in your recovery strategy could greatly increase the resources on hand to assist in your DR activities.
As previously discussed, the key factor behind an effective DR strategy is determined by the critical nature of the application, how long critical applications can be down, and the acceptable amount of data loss for each application. Defining a clear path to procuring replacement equipment, retrieving your backup data, and establishing a recovery location is the foundation of executing your recovery plan.
Quite often improvements to an organization’s operating environment are discovered during the business and risk analysis activities. Any changes to operating environments should be defined and implemented as part of the recovery strategy process. Testing your DR plan on an annual basis will ensure it works and will also highlight areas in need of improvement.
By nature, all disasters are unforeseen, unpredictable, and unique, thus making it impossible to write a perfect plan. Testing your plan is the best way to make it as effective as possible.
4. Documenting the Recovery Plan
The final, and perhaps most important, part of your recovery plan is documenting it. Keep it simple: Smaller businesses should not attempt to develop an enterprise class DR plan. Very detailed disaster recovery plans take time to develop and are hard to maintain. At a high level, the disaster recovery plan should outline the priorities for system recovery, the recovery time objective, recovery procedures, as well as the location of data backups and the contact information for key recovery personnel. Testing the plan frequently will help identify weaknesses which is much better than discovering them during a DR event. Every time you test a recovery procedure, you will discover where the gaps are and what improvements you can make to ensure you achieve a mature and comprehensive DR plan.
We hope you found this information useful. If you have any questions or would like guidance with your business continuity plan contact me (naum.lavnevich@sapphirecloudsolutions.com). If you would like more information about Sapphire Cloud, check out our offerings page at www.sapphirecloudsolutions.com