Is your organization among the 65% of small- and mid-sized businesses (SMBs) that don’t have a comprehensive disaster recovery (DR) plan in place? Our on-demand webinar, Disaster Recovery: What to Expect When You Declare a Disaster, provides a step-by-step guide on how to get started. Catherine Roy, HOSTING Senior Project Manager, and Brian Frank, HOSTING Cloud Services Manager, share their tips having implemented and managed more than 400 disaster recovery solutions combined. Following are some highlights.
Understanding the difference between disaster recovery and business continuity
Many organizations often confuse disaster recovery with business continuity (BC). While DR and BC are related to each other, they are separate initiatives.
Business continuity is comprised of the processes and procedures that an organization puts in place to ensure that essential functions can continue during and after a disaster. Disaster recovery falls under the umbrella of business continuity. It involves a set of policies and procedures to enable the recovery of mission-critical data and technology assets following a natural or man-made disaster.
Key considerations for business continuity planning
Brian lists several factors to evaluate when developing a DR plan including:
- To what level of resistance are you building your production environment
- What data and applications need to be recovered. Keep in mind that not all data and applications need to be recovered immediately. This may include legacy data that needs to be stored for a pre-determined period of time, but may not be essential to your day-to-day operations.
- Your RPO (Recovery Point Objective) – this is the maximum targeted period in which data might be lost from an IT service due to a disaster. It’s important to establish an RPO so that IT has a limit to work to – for example, four hours since the last backup.
- Your RTO (Recovery Time Objective) – this is the targeted duration of time and a service level in which a business process much be restored after a disaster in order to avoid unacceptable consequences associated with any systems downtime.
Questions to ask during your DR planning
Disaster recovery planning starts by evaluating your company’s business operations and the assets you need to safeguard. Following are some key questions to ask:
What constitutes a disaster for our company?
Consider both natural and man-made disasters as they apply to your company and even your geographic region. For example, companies in San Francisco will likely factor in earthquakes; those in Miami may be more concerned with hurricanes. Keep in mind that cyber threats and simple human error can lead to disasters.
What business factors will require the organization to re-evaluate its DR plan?
Has your company been acquired, or is in the process of acquiring another company? Has your division been spun off into a standalone company? These are valid reasons to ensure that your DR plan in complete and up-to-date, in light of any organizational changes.
- In what order do we need to bring our applications back online (e.g. – databases)?
- Are there any compliance requirements (i.e. HIPAA/HITECH, PCI DSS) that we need to factor into our DR plan?
- What resources need to be involved in order to regularly test our DR plan?
Once you’ve answered these questions, take time to rank each potential disaster scenario with your team and agree on an appropriate response plan of action.
Checklist for DR testing
Finally, create a regular schedule for testing your DR plan. HOSTING recommends testing your plan at least once a year; quarterly is even better! Some questions to consider during the DR testing phase include:
- How long can we run production on our DR solution, if required?
- How will our servers be networked?
- How will our users and customers connect to our DR location?
View Catherine and Brian’s webinar for more expert insights on preparing your DR/BC plan, and implementing the proper actions in the event of a disaster. And feel free to contact them anytime with your specific questions.