Disaster Recovery Plan
Disasters that affect your IT capabilities happen more often than you think, but only 6% are caused by natural events. The vast majority of disasters that cause significant IT downtime are from human error, hardware and software failure, and cyberattacks. There are even stories circulating that talk to how a newly hired IT technician inadvertently deleted all company data on his first day! During the past three years, 93% of businesses have been hit by a natural or man-made disaster – and many of these organizations could not recover.
Whether your organization is large or small, the only way to prepare for a disaster is to develop and exercise a disaster recovery plan.
What is an IT disaster recovery plan?
An IT disaster recovery (DR) plan is a written document that spells out the policies and step-by-step procedures and responsibilities to recover an organization’s IT systems and data and get IT operations back up and running when a disaster happens. This plan is a sub-component of the organization’s Business Continuity Plan (BCP). Once developed, the DR plan must be tested (or exercised) to ensure that the IT team can fully recover the organization’s IT systems regardless of the type of disaster.
Disasters arrive unannounced, which is why it is important to get an IT DR plan in place as soon as possible. A fully functioning plan will help you minimize risk exposure, reduce disruption, and ensure economic stability. It will also reduce insurance premiums and potential liability, and ensure your organization complies with regulatory requirements. Most importantly, a well-executed plan can save your organization thousands – even hundreds of thousands – of dollars in the event of a disaster.
To determine how much a disaster can cost your organization, consider the cost of system downtime – the impact on employee productivity, the loss of billable hours, missed sales from a down e-commerce website, penalties for failure to meet regulatory compliance obligations. Data is a valuable asset: Customer data; financial, human resource, and R&D documents; and emails are all irreplaceable. Each document represents hours of work and the ability to retrieve it is essential. In a worst-case scenario, your disaster recovery plan may save your company.
Types of Disaster Recovery Plans
There are four types of disaster recovery plans.
Virtualized Disaster Recovery Plan. With a virtual DR plan, your IT organization creates a replica of the entire IT infrastructure and stores it on an offsite Virtual Machine (VM). Since VMs are hardware independent, you do not need the same hardware as the primary site, so you can easily backup your systems and data to dissimilar hardware. When a disaster happens, you can failover IT operations to the offsite VM and recover from a disaster in just a few minutes.
Network Disaster Recovery Plan. A network disaster recovery plan helps your IT team respond to an unplanned interruption of network services during a disaster, including voice, data, internet, etc. The plan must include procedures for recovering an organization’s network operations, including local area networks (LANs), wide-area networks (WANs), and wireless networks. An unplanned interruption of network services can range from performance degradation to a complete outage.
Cloud Disaster Recovery Plan. With this type of plan, your systems and data are backed up to a public cloud, that is located at least 150 miles from the primary site. When a disaster happens, IT can easily failover their operations to the secondary site and failback to the same or new hardware – even if that hardware is dissimilar. Public cloud DR services are available on a pay-as-you-go basis and can be accessed from anywhere.
Data Center Disaster Recovery Plan. This type of plan requires your organization to set up a separate facility that is only used when a disaster happens. There are three types of data center disaster recovery plans: cold, warm, and hot.
- A cold disaster recovery site is an office or data center located away from the primary site that has power, heat, air conditioning, etc. but no running IT systems. Depending on the length of the disaster, an organization may install the necessary systems after the disaster hits.
- A warm disaster recovery site offers office space and a technology infrastructure that is used when a disaster hits the primary site. A warm site has power, heat, air conditioning, etc., and network connectivity and redundant hardware/software already up and running. Backups from the primary to the warm site are performed on a daily or weekly basis, which can result in some data loss.
- A hot disaster recovery site offers office space and a complete replica of the primary site’s IT infrastructure, systems, applications, and up-to-date data.
Disaster Recovery Plan Steps
Every business needs a disaster recovery plan that is as unique as its data requirements. To define the best approach for your business, you must weigh the value of your data, systems, and applications against the risk your organization can afford to assume. When you create a disaster recovery plan, be sure to include the following steps:
- Establish a planning group.
- Perform a risk assessment and define acceptable Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs).
- Prepare an inventory of IT assets.
- Identify dependencies and establish priorities.
- Develop recovery strategies.
- Develop a communication plan.
- Develop documentation, verification criteria, procedures, and responsibilities.
- Test, test, test the plan.
- Implement the plan.
- Maintain the IT infrastructure.
The do’s and don’ts when creating a disaster recovery plan
When a disaster happens, it can cause chaos and create an environment where your DR team members make mistakes. To overcome this challenge, create your list of do’s and don’ts for plan development and to use before, during, and after the crisis.
Here is a quick synopsis of some of the most important “dos and don’ts.”
What not to do
- Do not discount the importance of an IT disaster recovery plan because you have backups or have implemented high availability. You need an IT disaster recovery plan no matter what!
- Do not consider disaster recovery an expense. It is an investment.
- Do not apply a single data protection strategy to all applications.
- Do not assume that your network can handle the traffic during an emergency. Identify alternative forms of communication if you cannot use the network.
- Do not create a disaster recovery plan just for the sake of having one or to simply satisfy executive management and your auditors.
What to do
- Be sure to get sponsorship for the DR plan from the executive team.
- Do look for disaster recovery plan examples to use as a template to speed the development and improve the accuracy of your plan.
- Do include key contact members from various departments in your planning committee. Include decision-makers from a variety of departments as well as financial associates, customer service representatives, and IT personnel.
- Safeguard data not stored centrally, including data stored on desktops, laptops, and mobile devices. Also consider the following:
- Virtual environments
- Application-specific agents
- Snapshot storage requirements
- Server activation and documentation
- Backup and recovery
- Do create a disaster recovery plan checklist to use as a quick reference when developing the DR plan and during an actual disaster. A checklist helps your team work quickly and perform tasks accurately.
- Do perform end-user acceptance testing.
- Be sure to regularly test a broad range of disaster scenarios.
- Update and test your disaster recovery plan regularly.
- Choose a disaster recovery location that is not too close to your production site and can be remotely activated in the event of an emergency.
- Plan frequent meetings to ensure that resources are still available in the event of a disaster.
Disaster recovery plan templates
If you are a small- to medium-size business (SMB), consider using an IT disaster recovery plan template to help guide you and your team through the plan development process. There are many disaster recovery and business recovery plan templates available on the internet, including templates offered by Solutions Review, Smartsheet, and template.net. You can also find IT disaster recovery templates for small business at SupremusGroup.
If this is the first time your organization is developing a plan, using a DR plan template ensures you do not miss important steps in the process and eliminates the costs associated with engaging a consultant.
Testing your disaster recovery plan
It is critical that you test your disaster recovery plan and ensure you have all the elements in place for a successful test. This includes having a detailed script of test activities, ensuring that all IT components are in place and ready to use, documenting what happens during the test, and preparing a post-DR-test, after-action review.
Finding the right DR solution
Implementing your disaster recovery plan means you’ll need to find a DR solution that fits your IT requirements and is realistic about managing and testing. Many SMBs now work with managed service providers (MSPs) who deliver and administer their IT needs – outsourcing the expense of that mission-critical expertise. Many of those MSPs offer managed DR services that are built on Acronis’ disaster recovery solution. That’s because, with Acronis, an MSP can add disaster recovery to your backup in a matter of minutes – so not only will you have backups that protect your data, applications, and systems, when disaster strikes you can spin up your IT systems in the cloud to keep your organization running. After the disaster passes, you’ll be able to easily recover to the same, new, or dissimilar hardware.
If your organization prefers to keep IT administration in-house, Acronis Cyber Disaster Recovery puts the power in your hands, ensuring business continuity with fast failover of critical workloads to the cloud. You gain instant data availability of your systems, making your infrastructure more resilient so your team can continue to be productive, regardless of the disaster you all face.