Disaster Recovery Plan

(This is a reprint from our April 2003 Newsletter - some of the technical approaches here are now out of date, but some of the other issues are still as important as ever)

We all know what Disaster Recovery & Business Continuity Plan is right? It’s the tape drive that lives in the corner, or the set of CDs that has the company’s data on it, or the filing cabinet with hard copies of all the company’s information in there.

Whilst protection of data is critical to your business, it is only part of being able to recover after a disaster. That being said, obviously if you don’t protect your business data with backups you have a long way to go in establishing a BC&DRP.

So, let’s start with data. Any information that is critical to your business should be backed up. Whilst there is a variety of technologies that can help you here the one that will solve your problems most quickly is a simple tape drive. At any time at least one full copy of your business’s data must be stored offsite. In this way if a fire or other disaster destroys your business you should be able to recover your data. However, you have to be able to access the data on the tape, and you have to be able to access it on another tape drive and computer, as you should work on the assumption that the original computer is destroyed. That being said, recovering your data is only part of the story.

So what else needs to be considered? Well, it depends on your business. One of the first things you must understand is how critical IT is to your business. By understanding how critical IT is to your business you can determine your Maximum Allowable Outage (MAO). Essentially this is the maximum time that your business could afford to be without its IT systems. Once you have established your business’s MAO you then need a plan to how you would restore your business’s IT systems within that MAO.

When considering what is necessary to reconstituted your business’s IT systems you need to consider a number of things. Commonly available software can probably be obtained within a day. Common hardware may take a little bit longer.

Unusual hardware or software may take some time to source, and so depending on your MAO you may need to consider carrying spares or keeping backup copies of vital software. Alternatively you can have support agreements in place with the providers of that equipment to ensure that it is replaced within a certain agreed time.

Other things you need to consider is where your business would be based if your normal place of business were destroyed. This is more of a business logistics issue than an IT issue per se, but is presented for consideration by readers.

Other important points to consider is whether you will have access to the technical resources, as in people, that you will need to setup your systems again.

Also, are the systems you will need to replace covered by your insurance? Will you be able to get access to the insurance funds quickly to restore your business? Will your insurance cover the cost of lost business whilst recovering your IT systems? Will the insurance also cover the costs of labor to reconfigure your systems and setup your environment again? These are points you can discuss with your insurance agent.

In short a Disaster Recovery and Business Continuity Plan begins with the protection of data, but then goes on to cover all the significant issues that you may confront in getting your business back online after a disaster. With luck you will never have to put a plan into action. However, if you do a little pre planning it may well save your business.