When most people think about disaster, they think about Flood, Fire, Tornado, and the like. However, in today’s technology climate, a potential “disaster” can lurk in the mundane, everyday tasks. It could be a simple as an employee accidentally deleting a critical file or unknowingly unleashing a virus on your network, to a power surge destroying a piece of hardware. No matter what the cause, every business will experience outages and downtime – they key is having a solution in place to ensure that you can continue operations with no (or minimal) impact to the bottom line.
To ensure that your systems, data and personnel are protected and your business can continue to operate in the event of an actual emergency or disaster, use the following guidelines to create a disaster plan that will help you quickly recover. This is the 3nd installment of the 8 steps to a Killer Disaster Recovery Plan. If you missed the first two installments, you can find them here:
Step 1 of 8 – Inventory all your hardware and software.
Step 2 of 8 – Define Your Tolerance for Downtime and Data Loss.
Step 3 of 8 – Determine & Document Who’s Responsible for What.
Step 4 of 8 – Create a Communication Plan.
Step 5 of 8 – Let Employees Know Where to go in Case of Emergency.
Step 6 of 8 – Make sure your service-level agreements (SLAs) include disasters/emergencies.
Step 7 of 8 – Include how to handle sensitive information.
Step 8. Test your plan regularly.
If you’re not testing your DR process, you don’t have one. Your backup hardware may have failed, your supply chain may rely on someone incapable of dealing with disaster, your internet connection may be too slow to restore your data in the expected amount of time, the DR key employee may have changed [his] cell phone number. There are a lot of things that may break a perfect plan. The only way to find them is to test it when you can afford to fail.
Your plan must include details on how your DR environment will be tested, including the method and frequency of tests,” says Dave LeClair, vice president, product marketing, Unitrends, a cloud-based IT disaster recovery and continuity solution provider. “Our recent continuity survey of 900 IT admins discovered less than 40 percent of companies test their DR more frequently than once per year and 36 percent don’t test at all.
Infrequent testing will likely result in DR environments that do not perform as required during a disaster. Your plan should define recovery time objective (RTO) and recovery point objective (RPO) goals per workload and validate that they can be met. Fortunately, recovery assurance technology now exists that is able to automate DR testing without disrupting production systems and can certify RTO and RPO targets are being met for 100 percent confidence in disaster recovery even for complex n-tier applications.
Also keep in mind that “when it comes to disaster recovery, you’re only as good as your last test,”. A testing schedule is the single most important part of any DR plan. Compare your defined RTO and RPO metrics against tested results to determine the efficacy of your plan. The more comprehensive the testing, the more successful a company will be in getting back on their feet. Always remember that failing a test is not a bad thing. It is better to find these problems now rather than to find them during a crisis. Decide what needs to be modified and test until you’re successful.
And don’t forget about testing your employees. The employees that are involved need to be well versed in the plan and be able to perform every task they are assigned to without issue. Running simulated disasters and drills help ensure that your staff can execute the plan when an actual event occurs.