Disasters can come in many shapes and sizes when it comes to a company’s data. There are physical disasters, such as earthquakes and floods, although these are less likely to be the cause of a disaster for data these days. The biggest causes of disaster are viruses, malware, hackers, hardware failure and straight up human mistakes. There are hundreds of threats to data.
Any one of these could spell disaster in some form, if not a major disaster it could still be an inconvenience. To avoid this you need a disaster recovery plan. In this post I’ll discuss some of the DR terminology and go through a few simple steps to set up your own disaster recovery plan.
Are Disaster Recovery and Business Continuity the same thing?
It can be easy to confuse these two terms as they both come under your overall data protection strategy, but they are definitely not the same thing.
Disaster Recovery is all about bringing your data and services back to how they were before the disaster. Business Continuity is ensuring your business-critical systems, such as phone and email systems, can run during a disaster. Essentially, DR is getting back to normal and BC is what you do whilst trying to get back to normal.
What are RTO & RPO?
We think that RTO & RPO are very important when it comes to your disaster recovery planning. All of your plans should revolve around these concepts. For a more in-depth look at RTO & RPO we have a post dedicated to it.
RTO means Recovery Time Objective. This is the aim for how long it should take to get back up and running after a disaster.
RPO means Recovery Point Objective. This is how much time is lost between the latest backup and the disaster.
Steps to setting up a Disaster Recovery Plan
1. Document your hardware and software
Make sure you know every computer, server, phone, application and anything else you need to manage in your business. Ensure you have tech support details for everything documented.
2. Define your RTO & RPO
What parameters are acceptable for the company? Can you lose a whole days worth of data and still function to the appropriate standard? Assess what is a ideal and what is viable very early on in your planning.
3. If outsourcing DR, ensure you have SLAs agreed
If you are working with a third party, such as ourselves, make sure our SLAs match up with your DR plan.
4. Create a data backup plan
How often are you going to backup data to fit your RPO? Does this need to be all of your data or only business critical data? How many copies are you creating? Check out our blog posts on the 3-2-1 strategy and the GFS strategy to help out here.
5. Ensure compliance
Make sure that everything you have created so far fits with the compliance of both your company and the industry. This is especially important in terms of consumer data.
6. Assign roles
Document who is in charge of each role in your plan. Everyone will need to know who to turn to in a disaster!
7. Communication plan
When a disaster strikes you need to communicate fast with your teams and your customers. It’s a lot easier if you plan this now to avoid having another thing to think about in the event of a disaster.
You’re all set up at this stage, but not it’s time to test it and tweak it if there are any issues. Make sure you test regularly to avoid unnecessary frustration if a disaster hits.