Developing your Disaster Recovery Plan

We’ve had some gorgeous weather in the West Midlands this summer and we hope you have too, wherever you may be but what happens when the rain starts falling?

Let us just say that hypothetically, the weatherman’s predicted heavy rain and flooding in your area over the next few days. Which of the following options do you choose?

A) Get out the sandbags
B) Refer to your disaster recovery plan (DRP)
C) Dig out your wellies

If you answered B, great – you’re on the right track, just don’t forget to review and update your DRP on a regular basis. If you answered A or C, then it’s time to get working on your DRP before it’s too late…every business and organisation should have one!

So, what is a disaster recovery plan?

A DRP is a set of procedures that protect your organisation’s IT infrastructure from potential disasters and helps it to recover if a disaster should occur. A disaster could be anything from a technical mishap, such as power outages or data loss, to human threats, such as security breaches.

A Disaster Recovery Plan is an essential document yet a Backbox blog cites some concerning statistics: only 35% of small businesses implement a DRP, while 36% feel their plan isn’t sufficient enough to fully support them in the event of a disaster.

It is vital that organisations plan for all eventualities so that, if a disaster were to occur, they could react effectively and quickly so downtime is reduced as much as possible. A DRP can save you time and money – it could even end up saving your business.

Sounds daunting doesn’t it?  Well, here’s some advice for creating a Disaster Recovery Plan:

Carry out a thorough risk assessment

Step one is to pinpoint all potential disaster threats and to understand their scale and impact. These could be anything from minor threats such as phone lines cutting-out temporarily, to major disasters such as severe flooding shutting down all technology systems.

Once identified, rank the threats in order of how likely they are to occur, and note how much of an impact each disaster would have on your business operations. Doing this will allow you to devise a thorough DRP and determine risks that need prioritising.

Create your plan – addressing preventative, detective and corrective measures

The next step is to note measures you have taken or need to take in order to limit, prevent and manage disasters. Such measures will fall under three categories: preventative, detective and corrective.

Preventative measures are steps taken to limit or prevent a disaster from happening, for example by using a generator to avoid data loss during an outage, or acquiring quality commercial insurance to safeguard your assets. Detective measures include those which will alert you to a potential disaster, such as fire alarms or anti-virus software. And finally, corrective measures are steps to take in order to restore your system in the event of a disaster.

Consider staff responsibilities and backup processes
It’s your duty to educate your team on your Disaster Recovery Plan; hand out printed copies and organise training sessions and drills. Have you assigned an employee the task of implementing the DRP if you are not there? If so, it’s important you provide them with adequate training so they feel confident and know exactly what needs to be done and when.

Next, consider data backup and recovery. Data can be backed-up on hard disks and stored off-site, just in case your business is inaccessible in the event of a disaster. Backups should be carried out on a regular basis, ideally every couple of weeks or in real-time using third-party servers.

Make note of all communication lines
At the very least, your DRP should include any businesses you might need to contact in an emergency (insurance providers or disaster relief agencies), as well as employee, client and vendor information.

If your services are put on hold for any reason, your customers deserve to know about it. If you don’t inform them and they find out what’s happened through another source, you could lose their trust and custom. Therefore, a part of your DRP should involve devising a post-disaster communication strategy, detailing the ways you will contact clients if the unexpected were to occur.

Test your DRP
Testing your DRP will enable you to assess just how effective it would be in the event of a disaster. If after testing you notice any discrepancies or weaknesses, you should address them immediately. Bear in mind that your business is always changing and adapting; as new threats emerge, you’ll need to update your DRP and put it to the test again.

Hopefully, your business will never have to deal with a disaster but it’s good to know that your Disaster Recovery Plan will help you to get you back up and running if you need it!