With IT becoming necessary for the delivery of almost any business operations, having a strong disaster recovery plan is vital. It is equally important to ensure that it is fit for purpose, properly tested and quickly deployable. Doing so can make the difference between significant losses of revenues and productivity at a stressful time, and a smooth transition that enables your workforce to keep working.
The key to a good disaster recovery plan is assessing the risks, understanding the key systems and users and analysing the cost of any part of these failing. Ensuring no single supply dependencies and strong documentation of deployed IT systems are important elements.
We can work either to build and implement the support systems needed for your IT disaster recovery plan or test and evaluate your current plan, looking for areas to be streamlined and at feasibility for deployment.
A disaster recovery plan should cover everything from a single server failure to the loss of a supplier to complete system loss. We look at what systems and procedures are in place for this, and where needed we help to refine and implement a plan.
If you have an existing DR plan we can work with you to assess and test its suitability. We work to ensure documentation, procedures and processes are clear. By definition, the time you need the plan is the time things are stressful. Keeping the plan easy to follow and being well drilled in its implementation helps relieve this pressure.
Identify key systems and components to identify who needs access to them to do their job.
Assess the likelihood of failure at each stage, the impact on other systems/components and the cost/impact of each failure.
Build a disaster recovery plan around these assessments and regularly test its implementation for speed and viability.
Key Elements of a Disaster Recovery Plan
Who will it impact and how will they access services?
Identifying key user groups, be that customers accessing your e-commerce site, fulfilment teams or HR managers accessing payroll services, and the systems they really rely on to do their job should be the basis of any IT disaster recovery plan. We work to identify those systems and then to understand how they operate and how they could be redeployed in an emergency. We find out how quickly corrupt data could be restored, if any data would be lost and whether the systems could be run off-site.
How users interact with the system and whether their interaction can be remote help narrow down the available options for disaster recovery.
Are data backups viable, tested and really available off-site?
Most businesses know that backups are important and run them regularly. However, fewer regularly test their backups to ensure they work. Will they recover all of your data or can you recover just the missing bits? How long does it take to get a backup to your site? Do you require special hardware or licences to use it? Can you access your data if you cannot access your premises? These questions should be addressed in your plan and, where possible, mitigated for in advance.
We look independently at these processes, without any preconceptions, and help to challenge any assumptions. We also help to identify and implement suitable off-site solutions, from multi-data centre deployments to simple cloud-based backups.
Does the plan create any security vulnerabilities?
Is the cost of the solution proportionate to the risks?
Who will put the plan into action?
As well as having a disaster recovery plan and processes, identifying who will implement these is important. The plan must consider both what skills are available in-house (or through contractors) to respond to emergencies and what happens if the disaster involves key personnel.
Single points of failure focused on individual people are often the weak points in an otherwise strong disaster recovery plan. What happens if your head of IT is unwell or the contractor’s documentation is poor? Can the CEO’s data be accessed by someone if something happens to him? Who is empowered to push the ‘go’ button? The level of planning needed to protect against such failure will vary based on the size of your organisation, but the solutions need not be complicated.