In the same way that formulating a business plan is essential when thinking of starting up a new business, formulating a disaster recovery plan (DRP) is essential once your IT infrastructure is in place, especially if you deal with data that requires auditing (such as customer credit card details, for example).
The Basic Steps in Formulating your DRP
The first thing to be done is to evaluate all aspects of the IT infrastructure that you already have in place. The best way of doing this is to carry out what is known as a risk assessment (RA), a technique originally designed and employed by the health and safety fraternity. When relating a RA to a business disaster recovery scenario, it is usually called a Business Impact Analysis (BIA), but in essence it fulfils the same purpose, namely evaluating the risks and putting mitigation into place.
Once the BIA has been completed, the next stage in the process will be to establish the Recovery Time Objectives (RTO), and the Recovery Point Objectives (RPO). Once all of these evaluations have been completed, you will then be in a situation to compose and implement your DRP.
ISO/IEC 27031:2011 – Guidelines for Business IT Readiness and Continuity
This document is an excellent guide for helping businesses to formulate a comprehensive IT infrastructure and methodology. It describes IT Industry best practice, and it discusses the components of forming a robust IT strategy and infrastructure. It accounts for all eventualities in terms of maintaining an operating IT function. It discusses business continuity; this however must not be confused with a DRP.
The document is an excellent tool to use when IT professionals are formulating a business IT infrastructure, and it is a useful checklist to refer to when conducting a Disaster Recovery Plan risk assessment.
Deciding upon a Prevention Strategy
Once you have completed your RA and/or BIA, the next step, on a component by component basis, is to consider how to prevent any given component failure from stopping the system functioning. For example if your server has failed, your prevention strategy would probably be to have a back-up server available as well as monitoring software to alert you to any issues that are about to pop up.
The role of monitoring software is often overlooked, as is having an effective DRP in place in the first instance. By utilizing monitoring software, problems that are about to occur can swiftly be overcome as it alerts the IT department and enables them to take action.
DRP Construction Methodology
Having completed all of the necessary stages in gathering data, it should then be entered into a table and laid out in such a manner that each individual aspect relating to any particular component of the DRP can be clearly evaluated.
As an example, the headings of the table should include:
- The name of the component – i.e. server, modem, program, database etc.
- The department or function that the component facilitates – i.e. sales, accounts, design, etc.
- The nature of the threat
- The RTO
- The RPO
- The strategy decided upon to combat the threat
- The disaster recovery action
-
The strategy decided upon of how the component loss can be recovered
With all of the information you have gathered clearly laid out in a table, the table can then be completed by deciding on and inserting, the disaster recover action.
…continue to “How to Prepare a Disaster Recovery Plan (DRP) for your Business Part 2“