An effective disaster recovery (DR) plan only works if it is regularly reviewed and updated. Following our best-practice principles, we’ve updated our DR planning advice to help you refine and improve your strategy and processes.
Here are six things you must do:
1. Identify the key players
If your business experiences a serious system outage, who do you need to alert? Who will be involved in the actual DR process?
Your first step is to identify the key stakeholders, providers, third-party personnel and incident response teams who will help to bring systems back online. You must then negotiate and agree on acceptable SLAs that will allow you to resume operations ASAP.
2. Conduct a Business Impact Analysis (BIA)
What would happen if mission-critical systems went down? What would the wider implications of losing operations be?
There are several categories of business impact you must assess, including:
- Legal and regulatory
- Revenue loss
- Customer service
- Brand/reputation damage
The BIA will be invaluable for prioritising DR activities and for identifying acceptable RPOs and RTOs. for each business unit.
3. Complete a Risk Assessment
A risk assessment attempts to quantify the likelihood of any system outage occurring. You need to consider the potential hazards to your operations – fire, cyberattack, natural disaster, extended power cut – and the magnitude of the problem each of these events would cause.
You then need to identify the assets at risk from these events. How would they affect personnel, critical infrastructure, operations, corporate reputation etc? These insights will then feed back into your BIA to provide a 360º view of threats and their effect on your business.
4. Prioritise Critical Functions
What are the most important functions required to keep your core business operations running? Identifying these processes will help you properly prioritise your recovery efforts during a disaster.
These business priorities may include:
- Revenue operations
- Information security
- Identity and access management
- Data protection
- Payroll and time tracking
5. Build a Communications Chain
In the early stages of a major system outage, communication is critical to ensure the DR processes have been initiated and are proceeding as planned. You need to define a communications strategy that keeps all of the stakeholders identified in step 1 connected and informed about progress to ensure the plan is executed as smoothly as possible and to avoid costly miscommunication.
Don’t forget to include any third parties in the comms strategy – you will need their assistance during a disaster too.
6. Test, test, test
The only way to prove whether your DR plan works is to test it. Running regular disaster simulations will expose gaps and weaknesses in the plan, offering an opportunity to improve plans before they are needed for real.
Testing will also show whether your RPO and RTO objectives are realistic with current DR provisions – or if you need to invest in new technologies and services to meet them. Testing is an integral aspect of your regular DR planning reviews.
To learn more about developing a DR plan that works for your business, and how WTL can help with your business continuity planning, please give us a call.