Community

Is Your IT Disaster Recovery Plan Good Or Great?

Disaster recovery plan concept
Image from Bigstock

It’s a normal workday, and then suddenly the fire alarm goes off in the back of the server room. Amidst the chaos, do the IT staff know what they’re supposed to do besides call 911 and make sure everyone is safe? A comprehensive IT disaster recovery (DR) plan is your playbook. It defines the IT infrastructure and how to restore and resume critical IT functions minimizing the impact on the business including downtime, data loss, and reputational damage.


Start by performing a risk assessment identifying key threats and vulnerabilities to your IT infrastructure including hardware/software failure, cyberattacks, natural disasters, and major power outages. What is the likelihood of each incident and the subsequent impact (enterprise-wide, regional, department-specific, etc.) for your organization? Now you can prioritize your recovery efforts accordingly.

Next, create a comprehensive DR plan that includes the who, what, where, when, why, and how details. For example:

  • Who = What are the main roles and responsibilities including identifying any essential IT staff? For example, did you have any IT staff turnover? You’ll need to notify stakeholders such as management, vendors, and suppliers so you need the correct contact information.
  • What = Which systems are mission critical, essential, and non-essential? Criticality will define the order of recovery and ensure that the most critical systems are restored first.
  • Where = Do you have global data centers or IaaS? A hot site or an alternate cloud-based infrastructure for temporary operations?
  • How = Step-by-step procedures for recovering systems, identifying which processes need to be done in a specific order.

Backup And Recovery Strategy

Data recovery concept

Image from Bigstock

​You need a solid backup and recovery strategy. Perform regular backups including software, configurations, and data. Backups can be onsite, offsite, cloud-based, or a combination depending on the business needs. For mission-critical systems, it may be beneficial to implement redundancy (e.g., deploying backup systems, or redundant hardware) to minimize the impact of an incident.

The IT environment and the business are continually changing so the DR plan needs to be kept current too. Make sure you regularly review, update, and refine the plan to make sure it reflects any changes in your environment. Did you implement a new ERP system or relocate your data center? Or did you have any technology changes that improve the recovery process or enhance the resilience of your systems? If so, you should take the time to update your DR plan.

Testing Your DR Plan

Business meeting to talk about disaster recovery plan

Image from Bigstock

Make sure you regularly test the DR plan which will validate recovery procedures, identify gaps, and ensure data such as stakeholder contact information is correct. There are multiple ways to test including tabletop and scenario-based simulation. Tabletops are good, but simulations including recovery are better. It’s key to test on a regular basis...with the business (that takes your plan to the next level)! The frequency of your testing may vary depending on the criticality of the systems or any regulatory requirements so stay up to date with any regulation changes that may impact your DR plan requirements. Make sure you document lessons learned (including from any actual incidents) so that you can identify any areas for improvement.

It’s critical to ensure your DR plan is aligned with the business continuity plan. Within the DR plan, there should be a communication component. When an incident occurs, you need protocols to notify and continually update the stakeholders so that they can respond appropriately.

Encourage a culture of continuous improvement. Encourage and solicit feedback for the DR plan. Although IT is responsible for disaster recovery, it affects the entire business continuity plan. Have a comprehensive and current DR plan that aligns with the business needs, and which is tested regularly. It enhances your readiness for the next disaster and minimizes the impact of disruptions to your IT infrastructure as well as minimizing the impact of potential disruptions.

For more information on taking your DR plan from good to great, follow me on LinkedIn!


Featured