IT Disaster Recovery Planning: Assessing the Risks

Your organization is starting a IT Disaster Recovery Planning project, and you have established your planning committee that includes key decision makers from various departments.

But, before any actual IT disaster recovery planning can commence, the committee needs to understand the complete picture when it comes to handling a crisis. This includes everything that could be affected by a disaster, including critical business processes and functions, as well as the probabilities of different type types of disasters and their potential impact to the business.

In short, the committee needs to conduct a risk assessment analysis and audit first, including the following:

  1. Developing an inventory of all job titles, office equipment, applications, systems, servers, and software.
  2. Identifying the critical needs of your organization and deciding which applications and systems are mission critical, critical, essential, and non-critical.
  3. Assessing the probability and impact that a disaster can have on applications and systems.

You must consider not just environmental disasters like hurricanes and fires, but man-made threats such as virus attacks, infrastructure failure, and employee error (including accidental data deletions).

You should also include a business impact analysis (BIA). The purpose of a BIA is to establish recovery time objectives (RTOs) and recovery point objectives (RPOs) for every critical activity within the organization.

After this audit is complete, the committee can then proceed with the developing the rest of the company's disaster recovery plan, such as establishing the recovery priorities and outlining disaster recovery strategies.

To find out more, check out out white paper, titled, How to Develop an Effective IT Disaster Recovery Plan.