How to develop a disaster recover plan

The weatherman’s predicted more heavy rain and flooding in your area over the next few days. Do you:

A) Get out the sandbags
B) Refer to your disaster recovery plan (DRP)
C) Dig out your wellies

If you answered B, great – you’re on the right track, just don’t forget to review and update your DRP on a regular basis. If you answered A or C, then it’s time to get working on your DRP before it’s too late…

What is a disaster recovery plan?

A DRP is a documented set of procedures that protect a business’ IT infrastructure from potential disasters and helps it to recover in the event of one. A disaster could involve technical mishaps, such as power outages or data loss, or human threats, such as security breaches.

A DRP is an essential document yet a Backbox blog cites some concerning statistics: only 35% of small businesses implement a DRP, while 36% feel their plan isn’t sufficient enough to fully support them in the event of a disaster.

It’s vital that businesses plan for all eventualities so that, if a disaster were to occur, they could react effectively and in a timely manner so downtime is reduced as much as possible. A DRP can save you time and money – it could even end up saving your business.

With this in mind, here’s some advice for creating a DRP:

Carry out a thorough risk assessment
Your first step should be to pinpoint all potential disaster threats and to understand their scale and impact. These could include minor threats such as phone lines cutting-out temporarily, to major disasters such as severe flooding shutting down all technology systems.

Once identified, rank the threats in order of how likely they are to occur, and note how much of an impact each disaster would have on your business operations. Doing this will enable you to devise a thorough DRP and determine risks that need prioritising.

Create your plan – address preventative, detective and corrective measures
The next step is to note measures you have taken or need to take in order to limit, prevent and manage disasters. Such measures will fall under three categories: preventative, detective and corrective.

Preventative measures are steps taken to limit or prevent a disaster from happening, for example by using a generator to avoid data loss during an outage, or acquiring quality commercial insurance to safeguard your assets. Detective measures include those which will alert you to a potential disaster, such as fire alarms or anti-virus software. And finally, corrective measures are steps to take in order to restore your system in the event of a disaster.

Consider staff responsibilities and backup processes
It’s your duty to educate your team on your DRP; hand out printed copies and organise training sessions and drills. Have you assigned an employee the task of implementing the DRP in your absence? If so, it’s important you provide them with adequate training so they feel confident in their role.

Next, consider data backup and recovery. Data can be backed-up on hard disks and stored off-site, just in case your business is inaccessible in the event of a disaster. Backups should be carried out on a regular basis, ideally every couple of weeks or in real-time using third-party servers.

Make note of all communication lines
At the very least, your DRP should include any businesses you might need to contact in an emergency (insurance providers or disaster relief agencies), as well as employee, client and vendor information.

If your services are put on hold for any reason, your customers deserve to know about it. If you don’t inform them and they find out what’s happened through another source, you could lose their trust and custom. Therefore, a part of your DRP should involve devising a post-disaster communication strategy, detailing the ways you will contact clients if the unexpected were to occur.

Test your DRP
Testing your DRP will enable you to assess just how effective it would be in the event of a disaster. If after testing you notice any discrepancies or weaknesses, you should address them immediately. Bear in mind that your business is always changing and adapting; as new threats emerge, you’ll need to update your DRP and put it to the test again.

Hopefully, your business will never have to deal with a disaster. However, if an unplanned incident were to occur, a comprehensive DRP will help you to get you back up and running as soon as possible.