“If you don’t plan, you plan to fail.” – Benjamin Franklin
The quote is familiar to most of us and many people live by it while navigating through life. In a world where uncertainty is guaranteed, businesses that fail to plan for the worst loose millions of shillings when disaster comes calling. 93% of businesses that experience data loss fails within a few months.
An elaborate disaster recovery plan is your business’ insurance policy against data loss caused by manmade catastrophes, human error or infrastructure failure. As Message Labs Africa, we came up with a few steps to guide businesses to develop a DR plan to ensure business continuity no matter the damage or loss.
1. Identify business-critical functions and systems
Determine which business processes are crucial to the organization and identify which applications these processes are dependent on. This will help you in prioritizing which functions require quick restoration before irreversible impact is felt.
2. Conduct a risk assessment and business impact analysis
This analysis will help you identify business-critical assets or resources and how long the organization can tolerate not having access to these resources in the event of a disruption in business operations. It also involves determining the impact of downtime on the business as well as the cost of downtime that your business can tolerate.
3. Determine your recovery objectives
Your recovery objectives define how quickly you must have your organization up and running after a disruption in business operations. They include;
Recovery Point Objective (RPO)
In technical terms, your RPO is the maximum allowable amount of data measured in time from the occurrence of failure to the last valid backup.
RPO is about how much data you afford to lose before it impacts business operations. For example, for a banking system, 1 hour of data loss can be catastrophic as they operate live transactions. On a personal level, you can also think about RPO as the moment you saved a document you are working on for the last time. In case your system crashes and your progress is lost, how much of your work are you willing to lose before it affects you?
Recovery Time Objective (RTO)
This is related to downtime. It is the amount of time restoration will take from the occurrence of the incident until normal operations are available to users.
A common practice is to divide applications and services into different tiers and set recovery time and point objective (RTPO) values according to the service-level agreements (SLAs) the organization committed to.
Data protection classification is important to determine how to store, access, protect, recover and update data and information more efficiently based on your specific criteria. This is why it is essential to analyze your applications and determine which of them are driving your business, generating revenue and are imperative to stay operational.
For example, you can use a three-tier model to design your business continuity plan:
Tier-1: Mission-critical applications that require an RTPO of less than 15 minutes
Tier-2: Business-critical applications that require RTO of 2 hours and RPO of 4 hours
Tier-3: Non-critical applications that require RTO of 4 hours and RPO of 24 hours
Mission-critical, business-critical and non-critical applications vary across industries and each organization defines these tiers based on their operations and requirements.
5. Define Recovery Solutions
Define the appropriate recovery strategies based on the defined assets and recovery objectives. Solutions can include recovering from data backups such as tape, disk, cloud backup or data replication to an offsite location with ‘hot’ failover.
What is the difference between data backup and disaster recovery? Can your business rest easy with just a data backup plan?
Data backup is simply having a copy of your data for example files. Backups are therefore copies of essential files that will enable full restoration upon request.
Disaster recovery is the process of failing over your primary environment to an alternative environment capable of sustaining business continuity. It is having your critical applications and systems exist in an alternate location so that in the event of a manmade or natural catastrophe that leads to complete data loss, your business is able to continue with operations without disruptions.
The more reliant your business is on continuous access to stored data, the more data it will store—and the more frequently it must be backed up to ensure comprehensive data protection. In conclusion, your business cannot hope to ensure their continuity with just a backup solution. A full proof business continuity plan must involve both an effective backup solution and an elaborate disaster recovery plan.
6. Determine your response procedure
Establish an elaborate procedure and security protocols to be followed that will define how the organization will respond when a disruption occurs to avoid chaos.
7. Assign roles and communicate
Assign responsibilities to the relevant personnel within your business. Communicate your disaster recovery plan with the entire organization to avoid failure of the plan when an actual disaster occurs.
Test your DR plan by simulating scenarios to determine the effectiveness of your plan and response procedures and redesign your plan accordingly.