Have you ever lost something important? Maybe your computer froze or you forgot to hit “save” button for a document you’ve been working for days on, or maybe something personal, it’s more than a headache for anyone.
When it comes to business, a lot of leaders think that a disaster is something that happens infrequently. Quite often, when we think of a disaster, we relate it to hurricanes or earthquakes. However, it’s not always the wrath of Mother Earth, it may come from malicious attacks, common mistakes, or dissatisfied employee.
In the meantime, every organization or business, regardless its revenue or staff size; should have a full disaster recovery plan in order to respond to unexpected incidents. These attacks can threaten an IT infrastructure, including: hardware, software, networks, processes and people.
So, is there a specific budget IT executives should spend of their total operational budgets in disaster recovery?
Actually, it is estimated that large companies spend between 2% and 4% of their IT budget on disaster recovery. Companies who have major losses of data; 43% never recover financially, 51% close in two years, and only 6% will survive long-term.
Disaster recovery spending is insurance against the risks of user downtime, data loss, and business interruption. While life insurance, medical insurance, and property insurance are pretty much a given, it is a bit difficult to assess how much coverage is enough and how much to spend.
IT disaster recovery measures are classified into three types:
- Preventive Measures: preventing an incident from occurring.
- Detective Measures: detecting or discovering unwanted attacks.
- Corrective Measures: correcting or restoring the system after a disaster takes place.
Ten things are critical for the success of your IT disaster recovery plan, however priorities may differ from one organization to another:
- Disaster recovery plans must have an accurate communication or call list.
The list should have designated backups for each key individual and multiple contact information for them as well. If you are using a call tree, make sure that you have a loop back so that the last person on the list will confirm that the call was made.
- Work off of a detailed script during a disaster.
In order to make the disaster recovery process easier, have a detailed script or step-by-step instructions in your disaster recovery (DR) plan, the script should be reviewed by several members of the DR team.
- Test and retest the detailed disaster recovery plan.
Make sure to test the plan at least once a year unless a major change in the plan takes place, and always anticipate unusual things may happen. It is recommended to test the plan with different members if you can to make it more effective.
- Each member of the team should be familiar with their defined role.
Any member of the backup team should be aware of his assigned role and they should be comfort of what they are doing.
- Have at least of 24-hour supply delivery resources at the recovery site.
You may need replenish supplies and you have to know where the nearest hardware and office-supply stores are at your recovery site as every minute and resource counts.
- Include an application list in the DR plan.
An application list is any software package or system that will be part of the recovery, and it should always appear in a master list. Each entry in the list should have the application name as the technical staff identifies it.
- Include a current network diagram of the entire network and recovery site in the DR plan.
Each node on the switch and panels should have some means of identification. In a recovery, you do not want to start following cables and wires through switches, etc.
- The DR plan should contain an easy-to-follow map and directions of how to reach the recovery
To make it clear to anyone, the plan should contain a map to know how to get to the recovery site and don’t assume that everyone knows how to get to the site.
- Include additional documentation such as a list of vendor contacts and insurance documentation.
- The disaster recovery plan should be current.
You do not want to go through a recovery process with an outdated plan. Update the plan at least once a year, or whenever modifications are made that require a change in the disaster recovery plan. These changes can be in hardware, software upgrades virtualized servers, or any change that would modify the current disaster recovery environment.
Last but not least, every business is vulnerable to experiencing an unexpected event, serious incident or disaster that can prevent it from resuming normal operations. A well-structured and flexible disaster recovery plan can enable organizations to recover quickly and effectively from an unforeseen disaster or emergency, and take command of business interruption, financial impact or reputational loss. Keep it simple, logical and reasonable.