cyber security IT Security IT support small business Technology

Have a Disaster Recovery Plan in place

What is a Disaster Recovery Plan?

A Disaster Recovery Plan (or DRP) is essentially a business plan that is written down and put in place to ensure that work can be resumed quickly and effectively in the event of a major catastrophe.

Every business should ideally have one in place to allow your IT structure to get back up and running quickly.  It may mean that you immediately recover just enough data or system functions to resume working at a minimum standard, but it will minimise the downtime for your business.

Why you should have a Disaster Recovery Plan

The benefits of already having a DRP in place before you need it is so that there is minimal disruption to business, leading to less financial loss, less damage to reputation, and happier clients.

It is inevitable that there will always be a risk to business. Not only will this come from data security breaches, but also from human error, equipment failure, power outages, flooding, etc.  So, it is better to be prepared before you actually need it.

Include in you DRP your tolerance for downtime and data loss

This will vary greatly dependant on the nature of your business, however you should evaluate what is an acceptable Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for your business.  You need to have a clear guideline on what are the most important aspects of your business to get working first, and what can be put on hold.

Clarify what your main focuses are with regards to systems and applications.

  • Your initial focus should include all applications that you need immediately, the ones that are essential for the running of your business.
  • Your next stage will be to retrieve any applications that you will need by the end of the day or start or the next business day.
  • Lastly you can list the applications that non-essential for day to day business. The ones that you can probably last a couple of days without.

What you should include in you Disaster Recovery Plan

Backup solutions for data – Whether it be onsite backups, offsite, or in the cloud.  Ensure that you are backing up somewhere in different locations so that you are covered in the event of a physical disaster.  These will be down to your own specific requirements.

A disaster recovery team – Ensure that you have a choice of select employees who are either IT or Operations focussed, who know exactly what to do in the event of an emergency.  As obvious as it sounds, someone will need to take responsibility and be able to control the most efficient way to get the business back up and running.

A 3rd party contact list – Your DRP needs to contain all the relevant contact names and numbers of all necessary contacts.  This will be from ISPs, data centres, IT support providers, to hardware and software vendors.  As well as utility providers, etc.

Diagrams and directions – Map out all your equipment and locations, ensuring that all staff are aware of what they are and where they are.  This will save time if things go wrong, as staff will know exactly what they need to be checking. 

Be sure to run through it before you need it, giving you chance to adjust it where necessary.

Regular updates – Keep on to of updating you DRP every time you change a contact or procedure. 

An asset inventory – It is beneficial to have a full inventory of all hardware, workstations and equipment, so that you have a point of reference if you need a repair or replacement.  This will also help you in the event of loss of equipment. Photos or all equipment would also be useful, both front and back (which will help staff with plugging equipment back in).

The above is just a brief outline at the areas you should focus on to put a Disaster Recovery Plan in place.  If you feel this is something that you would like to advice with then please don’t hesitate to get in touch.