All businesses need to be prepared to face the unexpected. Having a robust disaster recovery plan is a key part of this preparation. It’s particularly important for SMEs as they are unlikely to have the financial (or human) resources larger companies may enjoy. Fortunately, creating an effective disaster recovery plan is easier than you might think.
Table of Contents
What exactly is a disaster recovery plan?
A disaster recovery plan is a set of protocols used to resolve disruptions to business operations. It will outline who is to take what steps at what point during the incident.
Most disaster recovery plans will also set down protocols for after the incident. The aim of these protocols is to see what lessons can be learned from the incident. These can be used to assess where the disaster recovery plan worked well and where it needs improvement.
They can also feed through to the protocols used to detect potential disruptions and correct them before they become real-world issues.
What are the key elements of a disaster recovery plan?
Disaster recovery plans generally consist of two components. The first component is activating fallback systems to work around the disruption. The second is resolving the disruption.
Setting up fallback systems requires knowing what your operational processes and resources are. Once you have identified these, you can then identify what alternatives you can use if these become unavailable. This may require you to organise backup resources in advance.
For example, most organisations need access to at least key data in order to function. You, therefore, need to ensure that this data is backed up and stored in a safe place or places. Many businesses of all sizes keep two copies of their data. They store one on-site (or in the same cloud) and the other off-site (or in a different cloud).
Setting up protocols to resolve the disruption is often largely about defining roles, responsibilities and lines of communication. Ideally, a disaster recovery plan should be entirely self-contained. Where it refers to other resources, it should document where those resources are stored.
Creating a disaster recovery plan
Disaster recovery plans tend to be created around assets rather than potential threats. This is because you know what your assets are. By contrast, you simply cannot possibly anticipate every potential threat.
With that said, you can often identify categories of threats, e.g. environmental, physical attack and digital attack. You may also be able to identify threats that are particularly likely to occur. In the UK, for example, you might want to look at extreme weather, street protests and cybercrime.
If you identify any threats that are particularly likely, you can investigate whether or not you can take any targeted steps to mitigate the risk they pose.
For example, there might not be much you can do about the weather itself but you can pay attention to the weather forecast. Likewise, you can monitor the news for information about planned street protests in your area. You should definitely have a robust plan in place for detecting and defending against IT security threats.
Maintaining a disaster recovery plan
Creating a disaster recovery plan is an excellent first step toward ensuring the ongoing security of your business. On its own, however, it’s unlikely to be enough. You should commit to testing your disaster recovery plan regularly. This means a minimum of once a year. Twice a year is better, at least for key elements of your business.
Regularly testing your disaster recovery plan is vital to ensuring that it works in reality as well as in theory. This will become particularly important as your business inevitably develops and changes over time. You will need to ensure that these changes are reflected in your disaster recovery plan and that it continues to function as expected.
Luke Watts is the Managing Director of RoundWorks IT, which are specialists in managed IT services, including, backup and disaster recovery, cyber security and more for businesses across East Midlands.