Now that you understand business continuity and disaster recovery (BC/DR), you need to develop and implement a plan. Here are the Top 5 BC/DR questions and solutions.
Where do I begin with my BC/DR planning?
There are many ways to develop and implement a plan. Here are a few recommendations from CIO.com.1
- Plan and document: Determine the types of disasters that may strike your area. Outline the potential issues and then document how to address each one.
- Replicate applications: Customers and employees basically need an exact replication available remotely. Confirm that your IT professionals backup Active Directory, SQL, email, ERP and CRM.
- Design on and off site data protection: Ensure that there are off site backups located in a data center.
- Automate: If possible, automate the processes to reduce human error and dependency.
- Test: Once you develop and implement your plan make sure you test it regularly. Use the test to glean information on how to improve.
- Seek assistance from an expert: Experts understand and know all the nuances so use them to improve your plan.
What should be included in my BC/DR plan?
BC/DR plans address how employees will continue business operations if your current infrastructure is unavailable for an extended period of time. Here are the recommended key points to address.
- Where do employees go to work?
- How do employees communicate with each other and customers?
- What is the protocol for replicating IT infrastructure?
How do I test my BC/DR plan?
In order to test your plan communicate the plan to employees and then schedule time to execute the plan. It is recommended that you test with a small group of employees first. Create checklists for each group to ensure that they understand their role. Once you test utilize the results to resolve issues and improve the plan. Best practices recommend testing your plan every six months.
What are the common pitfalls in BC/DR planning?
The common pitfalls of BC/DR planning are assuming employees can work remotely from home, buy-in and lack of testing. In order for employees to work from home they need a computer, Internet and power. If the disaster is from weather it is questionable whether or not Internet and power will be available at home. The computer must have access to company’s network, software applications and phone system. Most company’s use IP phones which route through the Internet and have soft phone capabilities.
It is vital to communicate to the Board and employees the reason why BC/DR is important and the necessary actions required from them. Remind them that disaster does not usually strike, but it is best to be prepared. If possible, estimate the loss in dollars if your company was offline for an hour. An ecommerce or financial services business can lose millions of dollars in a matter of minutes.
Developing and implementing a BC/DR plan is a huge accomplishment, but make sure you follow through and scheduling tests. You can setup an amazing backup solution, but if the restore is unsuccessful you are back to square one. Communication is key when testing the company plan. Once you test the plan schedule a post-mortem to assess if the test was successful, how to improve and what did not work.
If disaster strikes, what is the recovery time?
There are basically three scenarios for IT infrastructure. Each scenario is described below.
- On premise infrastructure: This assumes your IT hardware is located on premise and you have offsite backups. If all equipment is under warranty and you have good insurance the standard recovery from a disaster is one week to one month.
- Hybrid infrastructure: This assumes your IT hardware is located on premise, major software applications (Quickbooks, Salesforce, etc.) are software-as-a-service (SaaS) based and you have offsite backups. If all equipment is under warranty and you have good insurance the standard recovery from a disaster is one day to two weeks.
- Off premise infrastructure: This assumes your IT hardware and software is located in a Tier IV data center. Tier IV data centers are designed to withstand most common disasters and are fully redundant. For example, there are two sources of Internet. So both AT&T and Comcast would have to experience an outage simultaneously.