By definition, a “disaster” is any event that can cause a significant disruption in operational and/or computer processing capabilities for a period of time, which affects the day to day operations of the business, also referred to as a disruptive event. The purpose of defining a crisis or a disruptive event is to establish a documented description of what constitutes a disruptive event and mitigating measures to be taken in such an eventuality.
The scope of a Disaster Recovery Plan is to ensure the continuation of vital business processes if a disaster occurs while streamlining the decisions to be taken during the recovery process. A disruptive event may exist when:
A service providing support to a critical business function fails; or
It is determined the service cannot be restored before the point that it becomes vital to the business.
Key questions addressed in a Disaster Recovery Plan
What do I do to move my operations to the Disaster Recovery equipment or site?
How do I restore critical applications and network connectivity?
How do I return data processing activities to the primary site or transfer to an alternative facility?
Disaster Recovery Planning
Availability of applications and customer data is critical to the business. Hence, it is imperative to identify the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO) for a Disaster Recovery Plan.
The RTO is the length of time a business can accept to be without data processing availability. On the other hand, the RPO is how old the data will be once the systems are recovered.
The Critical Applications and customer data, require restoration within the RTO following a disaster declaration, in order to support the restoration of the vital business functions. The applications and the supporting systems are recovered within the Disaster Recovery Scenario using the alternate processing strategy. The list of Critical Applications and Critical Customers, together with the RTO and RPO, should be reviewed and updated by management on an annual basis.
The next important issue within the strategy for Disaster Recovery is a recovery strategy for alternate processing, in ‘Hot-Site’ or ‘Col-Site’. The plan identifies the alternate site if the primary location is not available to provide Disaster Recovery services for the various environments.
Finally, the key to a comprehensive Disaster Recovery Plan is the identification and mitigation of all potential risks that can exist within the processing environment. Testing of Disaster Recovery Strategies is paramount, but perhaps the most successful Disaster Recovery Plan is one that will have never been implemented due to risk avoidance being the critical factor in a Disaster Recovery process.
If your business does not have such plans in place, start thinking about the cost of the data that your organisation owns together with lost revenue and the cost of unproductive employees. Once you carry out this exercise you will undoubtedly not regard Disaster Recovery Planning as just another tick-box exercise.