Businesses today are confronted with different types of disasters that may affect or even destroy their operation. Yet many companies remain complacent, assuming that a flood or fire would never strike, power and electricity would always be available, their datacenter which stores all the information of their VIP customers would always remain there—everything will always be normal. However, accidents could happen at any time. Those who have developed and maintained a proper disaster recovery plan will sure survive almost any disaster and continue to win.

Disaster recovery plan (DRP) is the process a company or organization uses to recover access to their software, data, and hardware that are needed to resume the performance of normal, critical business functions after the event of either a natural disaster or human errors. Or to put it in simple words, it is a set of equipment and practices that allow a company or organization to recover its operations after a disaster strikes. DRP could help eliminate a company’s exposure to risk in any circumstance. For example, if the data center burns, all the physical servers will burn as well. A DRP is a solution to transfer the traffic to other servers in another DC, so that the service keeps running.

Important points to develop your DRP

The entire process to develop a DRP could be complicated. According to Geoffrey H. Wold of the Disaster Recovery Journal, the entire process involved in developing a Disaster Recovery Plan consists of 10 steps: obtaining top management commitment, establishing a planning committee, performing a risk assessment, establishing priorities for processing and operations, determining recovery strategies, collecting data, organizing and documenting a written plan, developing testing criteria and procedures, testing the plan and obtaining plan approval. Situations may differ in every business, but no matter how you plan to make the plan, it is necessary to consider the following highlights.

Identify objectives and critical activities

Usually, a disaster recovery plan should be developed to accomplish the following objectives:

  • Reduce potential loss by minimizing the duration of a critical application service interruption;

  • Assess and repair damage, and activate the repaired computer center;

  • Recover data and information imperative to the operation of critical applications;

  • Manage the recovery operation in an organized and effective manner;

  • Prepare technology personnel to respond effectively in disaster recovery situations;

To develop an effective DRP, the identification of businesses’ critical activities is essential. The top needs of each department within a business should be evaluated in areas like functional operations, key personnel, processing system or ERP system, vital records, information of VIP customers and etc. Processing and operations should be analyzed to determine the maximum amount of time that the department and organization can operate without each critical system. Once the key activities have been identified, the operations and processes should be ranked in order of priority.

Identify risks and consequences

Don't forget to perform a risk assessment and evaluate the impact to the business, which should include a range of possible natural, human and technical disasters. Each functional area within a business should be analyzed to find out the potential consequences and impact in every specific disaster scenario. The risk assessment process should also include the evaluation of the safety of critical documents and vital records.

In most cases, fire has posed the greatest threat to a business. However, any other factors like human errors should also be considered. The plan should always think of the “worst possible” situations, for example, the destruction of the whole building and datacenter. It is necessary to assess the impacts and consequences resulting from loss of information and services. Moreover, the cost related to minimizing the potential exposures should also be analyzed.

Determine recovery strategies

In determining the recovery strategies, all aspects of the business should be taken into consideration, including but not limited to physical facilities, computer hardware and software, data files, database, and all the processing operations so that after a disaster strikes, critical processing and business functions could be relocated as quickly as possible and system configurations and related network could be ensured accurate and technically feasible at all times. Resources required to support time-sensitive business functions and processes should also be identified.

Some business applications cannot tolerate any downtime. In this case, dual data center should be the choice for the business. Dual data center will be capable of handling all data processing needs in parallel with data mirrored or synchronized between the two centers, which of course, could be very expensive.

Conduct regular testing and maintenance

A formal check of a disaster recovery plan should be conducted yearly and it is better to conduct a disaster recovery readiness assessment audit quarterly, the purpose of which is to identify if there is any change made so as to ensure that any other updates identified since the previous check have been captured. Particular attention should be paid to the check of the recovery equipment configurations to ensure all the equipment required to restore the businesses’ vital functions are in good condition and can work as quickly and smoothly as possible when a disaster strikes.

A comprehensive DRP solution could be expensive and we recommend businesses to establish one in the following two conditions:

  • Businesses have strict demand for data and resource security. Not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server by simply restoring data from a backup.
  • Businesses have great demand for recovery time. With backups, businesses can simply wait till problems to be solved after a disaster, which might include the time to acquire and install new hardware and retrieve the backup media. However, businesses that could not stand such prolonged waiting could consider DRP, especially for e-commerce businesses.

To comprehensively coop with unexpected incidents, DRP is no doubt a good solution to turn to for companies that have high demand for data security and recovery time. As we are running faster in the Data Era, DRP will be the data security integrated solution for more and more businesses.