All businesses fear a major disaster and rightly so as many companies involved in one cannot continue to trade. With IT being such a core function to any modern company an IT disaster recovery plan should be considered mandatory. Yet whilst many SME organisations are happy to invest in systems to recover their servers and data, few have an operational procedure in place to ensure continued access to their systems in the event of a disaster.
So what do you need to consider when writing your plan? Here are just a few key areas:
People – Where will you staff work in the event of a disaster at your offices? How will they access IT systems? Will they have access to a PC? A phone? The internet? Is there end user documentation they can access in a DR situation that can assist them?
Systems – What IT systems will you have available in a DR situation? What is the impact of any drop in performance in a DR scenario? How will this impact your business? What will you do to mitigate this?
Activating the plan – How will you communicate with your IT provider(s) to activate your plan and ensure staff can be put in contact with them to get access to DR systems.
So where do you start when writing your plan? Here are a few simple steps:
Gain top senior management buy-in – This is an absolute must. Senior Management must be committed to the plan and make available the necessary staff and financial resources to develop it.
Create a planning committee – you will need to recruit key stakeholders from the various departments in your business who will understand the needs of their team in a DR situation.
Perform a risk assessment – identify each functional area of your IT systems, the threats that may cause the loss of service and the controls that can be taken to mitigate those threats. At this stage it is also helpful to detail the recovery times requires for each system and the recovery point (the last point in time at which data should be recoverable) as this will drive the actions you need to take.
As you can tell from the above starting points all too often people ask the IT Department what the plan is, whereas actually the business wide parameters for the IT department to be one of the elements needed to achieve the overall plan.
At this point it would make sense to engage with your IT department or service provider to agree how your business wide recovery objectives will be met. Whilst your operational IT disaster recovery plan must be owned by your business your IT service provider will be a valuable asset in helping develop it. Call us on 0845 507 0846 to find out more.