In our last article, we talked about understanding Impact of Downtime and what measures can be taken to minimize the risk of downtime or unplanned outages.
Before we move along, let’s consider some Facts and Stats:
In this day and age, most businesses rely heavily on technology for critical day to day activities. A technical disruption, even for only a few hours can have a significant financial impact or negatively affect market reputation. Let's look at some statistics to illustrate how severely these can impact businesses. [Forrester Research market study, an information week report]
- The average downtime event costs an Enterprise size organization $686,000 per hour, totaling up to $60 million a year. The average for a mid-sized business can be up to $1 million per year.
- Only 2% of organizations recover from an outage within an hour. The average duration of downtime for most organizations is roughly 78 hours.
Small to a mid-sized organization that do not have a sizeable data center, can be at an even more risk. According to the Institute for Business and Home Safety, an estimated 25 percent of businesses do not recover following a major technological disaster.
Lets now talk about we can control the impact of unplanned outage with -- “Disaster Recovery Planning”:
A good IT disaster recovery plan will help you to recover lost data and accelerate your end-client’s return to normal business operations. It is imperative to ensure a disaster will not trigger a major business disruption and adverse financial consequences.
A successful Disaster Recovery Plan should consist of following:
- Setup a Planning and Execution Group – This step consists of developing a team of expert resources who will participate in the remediation of and are responsible for taking action immediately in the event of a disaster. Each individual must have responsibilities clearly defined and held accountable for the outlined required actions.
- Identification of business impact using Risk Analysis – We must define and classify all our Protected devices based on the Severity and Criticality [Establishing RPOs]:
- Mission Critical
- Critical
- Essential
- Non-Critical
- Establish Recovery Time Objectives – Once we have identified the criticality of protected machines, we need to establish RTO’s and re-evaluate the frequencies we back up each of our client's protected devices.
So far, we have identified the severity of the protected machines and established RTOs and RPOs, lets now take aim at formalizing our plan into a recovery strategy. Here’s an example Table to help identify the need:
Develop Recovery Strategies
Strategies define how you plan to respond to an incident, while plans describe the step by step process required to execute your strategies. Be sure to account for all aspects such as; budgeting, resourcing, human constraints, technological constraints, and regulatory obligations while building your strategies.
Document the Plan
Now that we have completed the risk analysis by establishing required RTO’s/RPO’s and developed our Recovery Strategies, it's time to document all of our disaster recovery strategies and plans. This ensures that group members responsible for the execution of these plans have clear guidelines and processes to follow to recover as efficiently as possible.
Testing Your Disaster Recovery Plan
It is vital for any Disaster Recovery Plan to test the integrity of your backups periodically. These backup tests aids in the optimizing the recovery process and create a higher success rate and instill confidence in the reliability of your backups.
Be sure to test your backups for both bootability and data integrity. ProVal Tech highly recommends having these tests performed every quarter or at least bi-annually.
Implement and Maintain the Plan
Once you are confident in your disaster recovery plan, it is time to share these plans with all involved stakeholders to ensure that all necessary parties can locate and execute the plan easily in an event of a disaster.
Maintaining your disaster recovery plan is critical to the success of an actual recovery. Be sure to review and update your plan annually or bi-annually in conjunction with the DR Testing.
In this blog, we have learned about the key elements needed for a successful Disaster Recovery Plan.
If you are looking to have these practices built into your Organization DNA, do not hesitate to contact us.
