When most people think about disaster, they think about Flood, Fire, Tornado, and the like. However, in today’s technology climate, a potential “disaster” can lurk in the mundane, everyday tasks. It could be a simple as an employee accidentally deleting a critical file or unknowingly unleashing a virus on your network, to a power surge destroying a piece of hardware. No matter what the cause, every business will experience outages and downtime – they key is having a solution in place to ensure that you can continue operations with no (or minimal) impact to the bottom line.
To ensure that your systems, data and personnel are protected and your business can continue to operate in the event of an actual emergency or disaster, use the following guidelines to create a disaster plan that will help you quickly recover. This is the 2nd installment of the 8 steps to a Killer Disaster Recovery Plan. If you missed the first installment, you can find it here.
Step 2. Define Your Tolerance for Downtime and Data Loss.
In our opinion, this is the critical factor in defining the remainder of your plan. If you are a plumber, you can probably be in business without servers or technology for a while, but if you’re Amazon, you can’t afford to be down for more than seconds. So, the key is figuring out where you are on this spectrum will determine what type of solution you will need to recover from a disaster.
“Evaluate what an acceptable recovery point objective (RPO) and recovery time objective (RTO) is for each set of applications,” advises says David Grimes, CTO, NaviSite. “In an ideal situation, every application would have an RPO and RTO of just a few milliseconds, but that’s often neither technically nor financially feasible. By properly identifying these two metrics businesses can prioritize what is needed to successfully survive a disaster, ensure a cost-effective level of disaster recovery and lower the potential risk of miscalculating what they’re able to recover during a disaster.”
When putting your disaster recovery plan in writing, divide your applications and data into three tiers. Tier 1 should include the applications you need immediately. These are the mission-critical apps you can’t do business without. Tier 2 covers applications you need within a day (8 to 10 hours, even up to 24 hours). They’re essential, but you don’t need them right away. Tier 3 applications can be comfortably recovered within a few days.
Once you have this matrix of applications / data, RPO, and RTO, you can then begin to determine who’s responsible for each of these applications and what technology you’ll need to deploy to meet each RPO / RTO.
Step 3 of 8 – Determine & Document Who’s Responsible for What.
Step 4 of 8 – Create a Communication Plan.
Step 5 of 8 – Let Employees Know Where to go in Case of Emergency..
Step 6 of 8 – Make sure your service-level agreements (SLAs) include disasters/emergencies..
Step 7 of 8 – Include how to handle sensitive information.
Step 8 of 8 – Test your plan regularly.