Businesses today are confronted with different types of disasters that may affect or even destroy their operation. Yet many companies remain complacent, assuming that a flood or fire would never strike, power and electricity would always be available, their datacenter which stores all the information of their VIP customers would always remain there—everything will always be normal. However, accidents could happen at any time. Those who have developed and maintained a proper disaster recovery plan will sure survive almost any disaster and continue to win.
Disaster recovery plan (DRP) is the process a company or organization uses to recover access to their software, data, and hardware that are needed to resume the performance of normal, critical business functions after the event of either a natural disaster or human errors. Or to put it in simple words, it is a set of equipment and practices that allow a company or organization to recover its operations after a disaster strikes. DRP could help eliminate a company’s exposure to risk in any circumstance. For example, if the data center burns, all the physical servers will burn as well. A DRP is a solution to transfer the traffic to other servers in another DC, so that the service keeps running.
The entire process to develop a DRP could be complicated. According to Geoffrey H. Wold of the Disaster Recovery Journal, the entire process involved in developing a Disaster Recovery Plan consists of 10 steps: obtaining top management commitment, establishing a planning committee, performing a risk assessment, establishing priorities for processing and operations, determining recovery strategies, collecting data, organizing and documenting a written plan, developing testing criteria and procedures, testing the plan and obtaining plan approval. Situations may differ in every business, but no matter how you plan to make the plan, it is necessary to consider the following highlights.
Usually, a disaster recovery plan should be developed to accomplish the following objectives:
To develop an effective DRP, the identification of businesses’ critical activities is essential. The top needs of each department within a business should be evaluated in areas like functional operations, key personnel, processing system or ERP system, vital records, information of VIP customers and etc. Processing and operations should be analyzed to determine the maximum amount of time that the department and organization can operate without each critical system. Once the key activities have been identified, the operations and processes should be ranked in order of priority.
Don't forget to perform a risk assessment and evaluate the impact to the business, which should include a range of possible natural, human and technical disasters. Each functional area within a business should be analyzed to find out the potential consequences and impact in every specific disaster scenario. The risk assessment process should also include the evaluation of the safety of critical documents and vital records.
In most cases, fire has posed the greatest threat to a business. However, any other factors like human errors should also be considered. The plan should always think of the “worst possible” situations, for example, the destruction of the whole building and datacenter. It is necessary to assess the impacts and consequences resulting from loss of information and services. Moreover, the cost related to minimizing the potential exposures should also be analyzed.
In determining the recovery strategies, all aspects of the business should be taken into consideration, including but not limited to physical facilities, computer hardware and software, data files, database, and all the processing operations so that after a disaster strikes, critical processing and business functions could be relocated as quickly as possible and system configurations and related network could be ensured accurate and technically feasible at all times. Resources required to support time-sensitive business functions and processes should also be identified.
Some business applications cannot tolerate any downtime. In this case, dual data center should be the choice for the business. Dual data center will be capable of handling all data processing needs in parallel with data mirrored or synchronized between the two centers, which of course, could be very expensive.
A formal check of a disaster recovery plan should be conducted yearly and it is better to conduct a disaster recovery readiness assessment audit quarterly, the purpose of which is to identify if there is any change made so as to ensure that any other updates identified since the previous check have been captured. Particular attention should be paid to the check of the recovery equipment configurations to ensure all the equipment required to restore the businesses’ vital functions are in good condition and can work as quickly and smoothly as possible when a disaster strikes.
A comprehensive DRP solution could be expensive and we recommend businesses to establish one in the following two conditions:
To comprehensively coop with unexpected incidents, DRP is no doubt a good solution to turn to for companies that have high demand for data security and recovery time. As we are running faster in the Data Era, DRP will be the data security integrated solution for more and more businesses.