To create an effective disaster recovery plan, it is necessary to determine the recovery point objective and recovery time objective for each aspect of your business, including assessing the potential risk for disaster. Once you have this information, you can easily create a protection plan that meets your company’s needs and ensures security of your resources for the future.
There are five basic steps to consider in the planning process.
1. Conduct an operational analysis. Reviewing the physical security, critical services, passwords and user accounts, and backups and data storage of your business will provide a clear map of where it currently stands and how it operates. This knowledge is important and plays a key role in determining what type of plan needs to be in place in the event of a disaster.
It is also recommended to perform a data access audit, monitor internet and e-mail use, and research existing anti-virus software. Once each of these factors is assessed, it is easy to review the documentation and create a roadmap for moving forward. Understanding these aspects of your business will help lay the foundation for your plan.
2. Perform a risk analysis. In order to develop a disaster recovery plan to effectively meet your unique business’ needs, it is imperative to identify all threats, and assess those factors that may jeopardize the success of your business in the event of a disaster. Running a risk analysis on all functional areas of your business, including the technical, non-technical and business impacts a disaster would have, helps to identify points of vulnerability and failure. Examining the hardware, software, technical controls, operational controls and the physical and environmental security of your business are all important.
Evaluating the document, data, and information systems as well as any applications will also prove beneficial in mapping out your plan. Understanding your vulnerability to a threat and identifying alternatives to successfully deal with these issues when they occur is crucial. This analysis technique does just that and enables you to avert possible negative effects a disaster will have on your business.
3. Identify tolerances for downtime and recovery priority. Understanding the ability of your business to tolerate downtime in an effective manner is the next step in preparing your plan. What simply registers as an interruption, and what length of time offline requires a full recovery effort?
Once you have identified what qualifies your business for a recovery effort, prioritize the aspects of your business which require immediate attention in the case of a disaster and determine which ones can go on the back burner. Assess exactly which business needs have to be up and running within minutes or hours of a disaster, and which ones can be down for 24 hours, for a week, or for two. Being privy to this information will prove helpful when trying to calculate the amount of time the execution of your recovery plan is allowed to take in getting your business completely back up and running.