By definition, a “disaster” is any event that can cause a significant disruption in operational and/or computer processing capabilities for a period of time, which affects the operations of the business. The purpose of defining a crisis or a discontinuity is to establish a documented description of what constitutes a crisis or a discontinuity. The scope of a Disaster Recovery plan is to ensure continuation of vital business processes in the event that a disaster occurs while minimising the decisions to be taken during the recovery process. An outage (crisis/discontinuity) may exist when:
- A service providing support to a critical business function fails or
- It is determined the service cannot be restored before the point it becomes vital to the business.
Key questions addressed in a Disaster Recovery Plan are:
- What do I do to move my operations to the Disaster Recovery site?
- How do I restore critical applications and network connectivity?
- How do I return data processing activities to the primary site or transfer to an alternative facility?
Availability of applications and customer data is critical to the business. Hence it is imperative to identify the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO) for a Disaster Recovery Plan. The RTO is the length of time a business can be without data processing availability. On the other hand, the RPO is how old the data will be once the systems are recovered. The Critical Applications and customer data require restoration within the (RTO) following a disaster declaration in order to support the restoration of the vital business functions. The applications and the supporting systems are recovered within the Disaster Recovery Scenario using the alternate processing strategy. The list of Critical Applications and Critical Customers together with the RTO and RPO should be reviewed and updated by management on an annual basis.
The next important issue within the strategy for Disaster Recovery is a recovery strategy for alternate processing, in ‘Hot-Site’. The plan identifies the Hot-Site and the alternatives if the primary location is not available to provide Disaster Recovery services for the various environments.
Finally, the key to a comprehensive Disaster Recovery Plan is the identification and mitigation of all potential risks that can exist within the processing environment. Testing of Disaster Recovery Strategies is paramount but perhaps the most successful Disaster Recovery Plan is one that will have never been implemented due to risk avoidance being the critical factor in a Disaster Recovery process.
If your business does not have such plans in place, start thinking on the cost of the data that your organisation owns and the cost of unproductive employees. Guaranteed you will not regard Disaster Recovery Planning as just another exercise.