Disaster Recovery and Business Continuity Planning Tips

Many organizations, reliance on IT means that they cannot operate if their system goes down. In today’s world, every company is part of the IT industry and needs to prepare for disasters. If this sounds like your company, and it should, you must have either a disaster recovery plan or a business continuity plan, or both in place, so when the worst happens, you get back online as swiftly as possible. 

What is the crucial difference between business continuity versus disaster recovery?

The crucial difference is when the plan takes effect. Business continuity requires you to keep operations running during the disaster event and immediately after. Disaster recovery focuses on responding once the event has been completed and returning to normal.

While both plans incorporate the “after” response, disaster recovery is about getting your company back to where it started before the event occurred. Although both plans overlap, they remain distinct in how they operate.

An example would be if a hurricane destroys your office building, your business recovery solution may allow employees to work remotely. This solution may only work as part of emergency response and may not be sustainable long term. Your disaster recovery solution focuses on ways to get employees back in a single location and how to replace equipment.

If you haven’t written a plan yet, here are tips to help you execute effective disaster recovery and business continuity plan.

Both plans have similar steps, but it is a good idea to take each plan separately and see where you overlap to prevent any missteps. 

Tips On Disaster Recovery Planning

Know Your Disaster Risks 

Start your planning by identifying the most severe threats to your IT infrastructure, such as small things like system failure, staff error, fire, power loss, or more extensive disruptions like pandemics, natural disasters, or government interventions. Identifying these risks can help you put procedures to reduce the risk and determine the course of action needed to recover. If a fire or power loss is a severe risk, it is pretty clear that recovery needs to occur at an alternate site.

Prioritize Your Recovery

You should prioritize the order in which steps to do for recovery. Which are the most mission-critical services you require (manufacturing, website, email), and in which order do you need to restore these services? Knowing these services can help you create a recovery plan that has a negligible impact on the business.

As part of your prioritizing, look at each of your services to determine your Recovery Time Objectives (RTOs). Your RTO means putting a maximum limit on the time you are willing to see that service go offline. Recovery time won’t be very long; however, you have to evaluate the likely cause of the disaster and how much work would bring the service back online.

Know your enemy and know yourself and you can fight a hundred battles without disaster.
Sun Tzu

Back-Up Data To Meet Your Objectives

Besides RTOs, another factor you should consider is the Recovery Point Objective (RPO). Essentially, this is how much data your company is prepared to lose in a disaster. A crucial part of disaster planning is ensuring data backups are frequently enough to meet your RPO. If you are an eCommerce company and can’t afford to lose any sales, your recovery point will need to be back to the time of failure. In which case, you will need a backup plan in place that meets your recovery time objectives.

Create a Critical Emergency Response Team 

An essential element for your disaster recovery plan is to create a critical emergency response team; this will be the person or persons you need to get your system back online. The team may also include third-party contacts to include hardware and software vendors, web hosting providers, and internal staff. This team should also have department heads and corporate officers.

Ensure you have a team member for each role, and you should have an alternate for each member in case the primary is out during the disaster because of illness or vacation. This way, you know someone else can step in and undertake the job.

Ideally, it would help if you had multiple ways of contacting each team member and making sure your plan is detailed and precise on who is responsible for notifying each member.

Avoid Confusion by Creating a Written, Step-By-Step Disaster Recovery Manual.

When a disaster occurs, your staff will be under pressure to get your system back online quickly. You have various people, each with their agendas, all trying to carry out their tasks simultaneously. In these stressful circumstances, it can be challenging for team members to communicate effectively, and under pressure in the heat of the moment, they may forget that what they do has to fit into the process. Steps for recovery done out of sequence can put you back to square one.

To ensure a smooth recovery during a disaster, you should have a step-by-step action plan in place which specifies the order in which to execute the tasks and who is responsible for carrying out each job.

Test Your Disaster Recovery Plan

As well as you believed you planned your recovery, in reality, putting your system back online always works out differently. You should test the plan in full, evaluate the results, modify the plan, and retest to make sure you work out any issues in the testing of the plan. Continue the testing, verification, and modification of the plan until it works without a hitch. 

Have Your Backup Resources Ready and Waiting 

Always have a complete set of backup resources, such as tape backup cloud storage, in place. If your disaster is a system failure, getting it fixed will be a lot quicker if there is a spare server on-site or a stand-by in the cloud. You don’t want to wait for a replacement to be delivered.

In addition, you should also have complete documentation available for all the hardware and software you need and a full selection of any tools required.

Have Complete Details of All Your Software 

If you run many different software programs, it can be easy to overlook one when recovering during a disaster. It’s best to have a complete plan that gives the details of each application, their configuration, the contact details of the owner or each application, and your contact details.

Make Sure You Have an Up-to-Date Network Diagram.

A network map will save you hours of work and prevent the trial and error of looking for specific faults or rebuilding a system to help identify each node on the switch and panels. Make sure you document which applications are on each server which server needs applications from other servers upstream and downstream in the configurations. 

Make The Most of Virtualization.

If you have short recovery time objectives and want up recover back to the point of failure, you can benefit by using high-availability cloud and virtual machines, such as VMware, for your system backup. These can offer a far easier disaster recovery solution than physical servers, as virtual machines can automatically restart an application on alternative hardware without data loss or availability.

Business Continuity Planning Tips

Risks and Potential Business Impact

“It’s not what happens to you but 
how you react to it that matters”
Epictetus

You base your business continuity plan on the business impact analysis, identifying potential risks and vulnerabilities within and outside the business. These risks could be anything from a natural disaster to a data center meltdown or a significant IT disruption to a failure from a critical supplier. Knowing what you might potentially face, you can begin to prevent or mitigate any risk.

A strong plan will also use your business impact analysis to reveal the possible consequences of disruption on your business. This analysis will enable you to anticipate its cost, effect on essential business functions, and the time needed to recover.

Planning an Effective Response

Once you know the different risks and threats your business is vulnerable to, you can formulate an effective plan.

A comprehensive continuity plan will take each hazard identified in the business impact analysis and develop the best response strategy to minimize or prevent it altogether. Such as the disaster recovery plan, these detailed plans will describe the action needed and outline who needs to implement it. To ensure a quick and relevant response to any disaster by planning out resources, such as computers, alternative warehouse space, and mobile phones.

Roles and Responsibilities

To confidently handle a crisis or disruption, the key people in your business need to know their roles and responsibilities. Therefore, a business continuity plan will document which key personnel needs to respond to the disruption. This list of personnel will typically be more senior staff members, but this depends on the risk and business.

Once you have identified the right people, their roles and actions need to be clearly defined to react quickly and efficiently. Each resource’s steps to follow during disruption should be precise and prioritized ahead of the rest of the team. For instance, if you need a remote office following a disturbance, critical personnel will need to be prioritized when allocating resources such as laptops, tablets, and mobile phones.

Communication

Clear communication is essential during business disruptions. Effective communication across your organization can reassure team members and give them confidence that the organization is taking adequate steps to recover. External communication is also necessary to liaise with suppliers and customers and minimize dissatisfaction.

In preparation, a business continuity plan will typically include a list of key contacts and templated press releases and social media posts. These templates can speed up communication in a crisis and ensure that your staff and external connections are in the loop. More prominent organizations may have to prepare and separate communication plans that provide a comprehensive approach to communicating during a crisis.

Testing and Training

Business continuity plans are not theoretical – they need to be robust and put into action. The final essential component of a business continuity plan is testing, verification, and validation.

Use realistic scenarios to test the plan and your team’s response. Doing so can identify missed problems and improve the plan disruption that occurs. Testing, verification, and validation of business continuity plans also help to ensure that crucial personnel understands the plan and their role in it. By team members understanding the plan, the organization can respond quickly and efficiently when a disruption occurs.

Raising awareness of the business continuity plan with your more comprehensive staff will also help them understand their role in responding to disruptions. Many companies run regular awareness training sessions during new staff inductions and consider business continuity a critical topic. You will increase company resiliency with more training and testing.

Building Your Disaster Recovery or Business Continuity Plan

If you want to develop a Disaster recovery plan or a Business Continuity plan that helps you anticipate, assess, prevent, prepare, respond to, and recover from business disruptions, our 360-degree Business Continuity Solution could help you enhance your business’s resilience.

Our plan will make your business more resilient before, during, and after a crisis; this custom-made service gives you access to our experienced consultants, who can equip you with the tools you need to make a robust plan.

Our two-day consultation, gap analysis, business impact reports, and a customized business continuity plan this solution will also give you additional supporting documentation, which includes Key Supplier Lists, Threat and Risk Assessment Matrices, and response templates to help you react effectively to disruptions. There is also an annual business continuity review option to keep your plans up to date and accurate.

There is no 100% solution and no perfect plan. Having someone accountable like a CIO or Fractional CIO can ensure you are doing the best you can accomplish. 

At JAYCO CIO Services, we don’t do anything other than CIO services. Right now, we are offering 50% off our CIO Assessment. The assessment is an excellent way to get to know us. We will work with your executive officers, stakeholders, and IT team to show you where you are deficient and supply you with a report to increase your understanding of where you need help.  

Similar Posts