Whether a disaster is man-made or of natural origins, if you don’t react quickly then it’ll get worse. Jennifer Bridges, PMP, shows you how to make a disaster recovery plan.
Here’s a screenshot of the whiteboard for your reference.
In Review – How to Make a Disaster Recovery Plan
Disasters happen, Jennifer said, but recovery must be planned. Just like any plan, a disaster recovery plan is made up of pieces.
Disaster Recovery
Jennifer outlined what a disaster recovery plan is and what it should consist of:
- It involves a set of policies, tools and procedures.
- It enables the recovery and continuation of critical technology, infrastructure and systems.
- It’s invoked following a natural disaster (such as a hurricane, tornado, fire, flood, etc.) or a man-made one (such as errors, breaches, sabotage, etc.).
- It focuses on the information and/or technology systems of supporting critical business continuity.
- It involves keeping all essential business aspects functioning despite significant disruptive events.
- It’s considered a subset of business continuity.
Why Do We Care About Disaster Recovery?
The answer to this question should be obvious by this point, but just in case there was any confusion, Jennifer mapped out the many reasons why a disaster recovery plan is so important:
- IT projects, systems and data are increasingly critical to companies and countries.
- Before that, the demand for rapid recovery is high.
- Companies with a major loss of data, according to research conducted in 2015, often don’t fully recover: some never reopen (43 percent) and others close within two years (29 percent).
- An article published in 2018 stated that downtime of just one-hour costs small companies $8,000, mid-sized companies $74,000 and large companies $700,000.
Why do you care? Because, at a high level, a disaster recovery plan is helping to backup data systems on a regular basis to avoid loss and testing to make sure these procedures are running as planned. Then when a disaster occurs, and it will, a plan is laid out about how to recover and rebuild what has been lost.
Related: IT Risk Management Strategies & Best Practices
What to Consider in a Disaster Recovery Plan
When creating the plan, take these things into consideration:
- Have emergency contacts for staff and external contacts, including developing a notification network to reach out effectively.
- Try and figure out what the scope of the recovery will be.
- Get a disaster recovery team and note each member’s responsibilities. This will include having a team leader and a management team responsible for the process—that includes teams that are responsible for network, server, application, data and backups, restoring IT functionality, IT systems and networking equipment.
Best Practices for Disaster Recovery Plan
Before signing off, Jennifer offered these three suggestions in terms of what best practices looks like when developing a disaster recovery plan:
- Practice recoveries, so when the real disaster hits, you’re prepared.
- Review this process regularly.
- Always backup and confirm.
Pro-Tip: It’s always a good idea to make a contingency plan, basically a backup to your backup in case the disaster doesn’t play out as expected. It starts with identifying and prioritizing, taking into account risk, and making sure the plan is shared among all parties impacted.
Take it Further: Need help understanding risks and issues? Read all about the risk management process.
Thanks for watching!
Transcription
Today, we’re talking about how to make a disaster recovery plan. Well, for those of us who are in IT, information technology, this topic becomes more and more important every day.
No matter what region you are in in the world, you can see examples of either natural disasters or human-induced disasters. So let’s take a look at what disaster recovery really is.
Number one, it involves a set of policies, tools, and procedures.
It enables the recovery or continuation of critical technology, infrastructure, and systems.
It’s invoked following either a natural disaster or human-induced disasters. Some natural disaster examples are hurricanes, tornadoes, fires, floods, so different areas of the world are hit by these on a periodic basis.
Also, you’ll see human-induced disasters, which can be human error, things like maybe there’s a software or hardware technology upgrade and just human error causes a problem.
There can be also breaches like security breaches, or even sabotage. Sometimes when employees leave or get upset, if they have access to the technology, they can sabotage it.
Well, disaster recovery also focuses on the information and/or technology systems supporting critical business continuity, and it involves keeping all essential business aspects functioning despite significant disruption.
And it’s considered a subset of business continuity, but it’s a little different than business continuity.
So why do we even care?
Number one, IT systems in data increasingly is critical to companies and, I would submit, countries.
Also the demand for a rapid recovery is increasing. Any kind of downtime can be catastrophic.
So research from 2015 shows that companies with a major loss of data 43% never were able to recover and reopen, 29% closed within two years.
Also from 2018, there’s an article, “The importance of disaster recovery,” and it suggests that downtime lasting for an hour can cost a small company approximately $8,000, a mid-sized company around $74,000, and a large company up to $700,000. So you can see that can be a pretty big impact.
So what are we talking about at a high level? So we’re talking about backing up data and systems, we’re talking about once we back it up, on a periodic basis, we have to test it to make sure that that approach and everything works.
Then when an event occurs, we have to recover and then we have to rebuild. So that’s at a high level.
So what are some of the things we need to consider?
So first of all, if an event occurs, if a disaster occurs, who is the emergency contact? Who gets the call? Who’s the first notification? Who are any other external contacts? And then the notification network. So once this happens, all the important players need to be notified so action can begin to be taken.
Also understanding the scope of what the recovery looks like, and the disaster recovery teams, and responsibilities. So when it is invoked, every member on the team needs to know specifically what they’re responsible for, so they can take action.
Also, it’s important to know who is the disaster recovery lead, because they are actually leading this effort to the recovery.
We also need to know the disaster management team. They are responsible for keeping the approaches, the processes, and all of this up to date.
We also need to know the network team, the server team, applications team, and the data and backup recovery team. So who are the team members? And again, what’s their responsibilities?
So when we talk about data and we talk about backups, we also want to know what is the frequency? Depending upon some data, some data is backed up continually real time.
So they’re capturing the data and they’re backing up real time. And then we need to know the retention periods. How long do we keep the backups? Then we need to know the restoring, the IT functionality. What are the levels? What are the layers?
And what’s the process in order that we restore. We also need an inventory of all the IT systems that may be impacted as well as the network equipment. So this can be very expensive and this can be very detailed. So this is just a high level look at all the aspects that we need to consider.
So here are just a few best practices to remember.
Number one, practice the recoveries.
Number two, review the whole process on a regular basis to ensure that it’s up to date.
And number three, backup and then confirm that the backups did work properly.
So if you need a tool that can help you with your disaster recovery plan, then sign up for our software now at ProjectManager.