Disaster Recovery Planning

In the aftermath of recent disasters, natural or man-made, preparing for the unexpected is again taking center stage as organizations look to protect that which matters most - people and information. In order to stay afloat even during disasters, plans need to be carefully prepared, documented and tested in order to ensure continuity of operations. In times like this it is easy to appreciate the reliance we have on our computer systems and data, but for many who have not considered Disaster Recovery (DR) planning - it’s all too late!

Many Disaster Recovery products offered by IT companies are excessively expensive when weighed against the realistic chances of a major, systems-wide disaster. These ‘full systems DR’ plans end up absorbing IT budgets and restrict growth of key operational day-to-day infrastructure.

At Ortus, we can offer a tailored solution targeting the principal business critical servers, offering a range from 24 – 72 hour systems restores. We realize that any DR plan is an insurance policy and offer different levels of cover to suit different budgets. By analyzing your current systems and tailoring a DR plan to your needs, we can give you the best disaster protection for your budget.

How to Implement a DR Plan

• Step 1: Risk Analysis
  

  The first step in drafting a disaster recovery plan is conducting a thorough risk analysis of your computer systems. List all the possible risks that threaten system uptime and evaluate how imminent they are in your organization. Anything that can cause a system outage is a threat, from relatively common manmade threats like virus attacks and accidental data deletions to more rare natural threats like floods and fires. Determine which of your threats are the most likely to occur and prioritize them using a simple system: rank each threat in two important categories, probability and impact. In each category, rate the risks as low, medium, or high.

• Step 2: Budget
  

  Once you've figured out your risks, ask 'What can we do to suppress them, and how much will it cost? Can I detect a threat before it hits? How do I reduce the potential of it occurring? How do I minimize its impact on the business?’ For example, a small organization could employ an emergency power supply to mitigate its power outage threat and have all its data backed up daily on backup tapes, which are stored at a remote site in case of a disaster. The more preventative measures you establish upfront, the better.

• Step 3: Develop the Plan
  

  The recovery procedure should be written in a detailed plan. Establish a Recovery Team from among your staff or appoint a third party IT maintainer. Define how to deal with the loss of various aspects of the network (databases, servers, bridges/routers, communications links, etc.) and specify who arranges for repairs or reconstruction and how the data recovery process occurs. The document will also outline priorities for the recovery: What needs to be recovered first?

• Step 4: Test the Plan
  

  Once your DRP is set, test it frequently. Eventually you'll need to perform a component-level restoration of your critical server to get a realistic assessment of your recovery procedure, but a periodic walk-through of the procedure with the Recovery Team will assure that everyone knows their roles. Test the systems you're going to use in recovery regularly to validate that all the pieces work. Always record your test results and update the DRP to address any shortcomings.