A ‘disaster’ is by definition unexpected, and crippling to your business. Yet too many companies operate without any plan in place for unexpected incidents. Disasters do not have to be restricted to catastrophic events like earthquakes or floods- it is just as devastating to your business to experience a power outage or a data breach.
Understanding the true nature of risk will allow you to react to them appropriately. HMC Technology can help by designing a Business Continuity and Disaster Recovery plan that identifies the unique risks your company faces (no need for a Flood plan if you live in Iowa right- unless your datacenter is next door to a reservoir) and creating a plan to recover from each one.
Risk Identification
The first step in writing a technology management business continuity and disaster recovery plan is to identify the risks that could affect your business. Some factors to consider include natural disasters, power outages, data breaches, and employee error.
It’s not enough to just use generalities, however. The specifics of risk will depend on your business, its geographic location, the sensitivity of the data you hold, the laws and regulations you are required to follow, and so on.
This will allow the creation of a risk register, which can be used to score the risks based on how likely they are to occur, as well as how damaging they would be to the business.
Risk Mitigation
Once the risks have been identified, there needs to be a plan in place for how to handle each one. Again, these plans need to be unique to your business, and your situation.
For example, lets say a significant flood risk is identified for your production datacenter. We would multiply chance of it happening with the cost it would incur. If that value is high enough, maybe the mitigation strategy would be to move the datacenter. If it is not that high, maybe a robust backup strategy and a cold site for a recovery location would suffice.
Either way, the risk is understood, and the business has made a decision on how to manage it.
Disaster Recovery
Disaster Recovery plans are the most important documents a company hopes they never have to use. Too many businesses avoid this step, thinking that it is too farfetched to be worth the trouble. However, it is far better to have a plan in place (and a team that has practiced it) if the worst does happen.
What is the backup strategy? Where do the backups live? It will not aid you in the time of a disaster if the backups are just as compromised as production. And when was the last time a backup was tested?
What will be the recovery (aka, temporary production) site? Do all admins have access? If it is a physical site, have the power and network bills been paid? Do we know with certainty how quickly a recovery site can be brought online, and business can be resumed?
There are a lot of questions that go into crafting a strong, customized, and effective Disaster Recovery plan. The last of which is- when was the last time the plan was updated, and/or tested?
