Disaster Recovery and Business Continuity: How to Plan, Maintain and Test
Document Specific Steps and Assign Roles
Every staff member should comprehend their role and proper procedure in monitoring and testing to validate data restoration processes, identifying-threats, initiating data-backup to secure, alternate locations, and recovering or relocating data, systems and operations.
Staff availability and training should be evaluated, things like policy and vital skills are duplicated and continuity is retained in the event of staff-turnover. At a minimum, identify at least one primary and one backup person to implement policy-practices.
An often neglected role in the disaster recovery plan is the department or persons responsible for conveying system or business status to customers or employees in the event of a disaster.
Remember that a comprehensive disaster recovery plan should include 3 key types of measures: prevention, detection and correction.
Assess threats & consequences.
A good start is to create two lists:
- A list of potential disasters. Rank each one based on the probability of occurrence. With the list and rankings complete, identify the level-of-impact each one would have on your business and concisely outline the specific consequences to your business. This will provide a framework for what issues you need to include in your plan.
Businesses in areas at risk for floods, prone to outages, or natural disasters should consider a secure Disaster Recovery site for mission critical systems in a different region to limit the risk of these disasters halting business.
- Make a list of mission critical systems and data. Determine the amount of downtime or data loss your business can tolerate in these systems. This list will allow IT professionals to implement the proper fault-tolerance and availability technologies to get a system back-up and running as soon as required.
Back up Mission Critical Systems
According to the 3-2-1 Backup Rule, a comprehensive disaster or Business continuity plan includes 3 copies of your data; the primary working copy, an onsite backup on a separate media-volume, and a second backup-copy at an offsite location to keep data safe from theft, fire or natural disasters.
Your vital records should be maintained in electronic and hardcopy because if your system is destroyed you will not be able to access the electronic copy. The hardcopy should be maintained in the facility and you should also have an off-site copy in case there is a fire or other disaster that prevents you from obtaining the hardcopy out of the facility or if something destroys the hardcopy.
Testing your Disaster Recovery Plan
You should do an exercise at least once per-year and you should remember that for the CISSP examination. You will not have any confidence in your plan until you test it and this is why testing is important.
Simulating a disaster to test all measures in a disaster recovery plan ensures that you address any plan shortcomings or failures before a disaster strikes, rather than during. Test both employee training as well as hardware-and software-based disaster recovery measures.
Testing your plan makes perfect sense to ensure it is the right one for your business. A comprehensive disaster recovery plan involves moving beyond the backup strategy and getting specific with your DR policies and procedures. This is often ignored in medium or small sized organizations as they find they do not have the experience, budget or time in their IT-team to design and implement a disaster recovery plan.
Third party DR Plan
Third party DR Plan and design services, such as StoneFly’s High availability backup and disaster recovery solutions, empower customers to focus on moving their business forward while keeping their data safe.