Why Do I Need a Disaster Recovery Plan? Because Stuff Happens…

Article

Discover the Tools You Can Use to Develop Your IT Disaster Recovery Plan

Do I Really Need to Be Ready for a Disaster? Report - root causes of unplanned outagesFigure 1: Root causes of unplanned outages - Comparison of 2010, 2013 and 2016 results. Source: Ponemon Institute. (January 2016) Cost of Data Center Outages

In 2017, major hurricanes hit the U.S. east coast and Caribbean Islands, leaving major destruction in their paths. Disasters can happen, as clearly demonstrated by Hurricanes Harvey, Irma, Jose, and Maria, which is why you need a disaster recovery plan.

That being said, natural disasters are NOT the cause of most data center disruptions. According to a 2016 report by the Ponemon Institute, the three most common causes of data center downtime are Uninterruptible Power Supply (UPS) system failure, cybercrime, and human error. In fact, cybercrime was the fastest-growing cause of outages, rising from 2 percent in 2010 to 22 percent in 2016. (See Figure 1.)
Total Cost per Minute of an Unplanned Outage
Figure 2: Total Cost per Minute of an Unplanned Outage – Comparison of 2010, 2013, and 2016. Source: Ponemon Institute. (January 2016) Cost of Data Center Outages.

If that’s not enough reason to develop your disaster recovery plan, consider the data from the same Ponemon Institute’s study that quantifies the average cost of an unplanned data center outage at US$ 9,000 per minute per incident. Figure 2 shows that the most expensive cost of an unplanned outage is over US $17,000 per minute and the mean cost is US $8,851 per minute, up almost 58 percent since 2010.

To determine how much a disaster can cost your organization, consider the cost of system downtime — the impact on employee productivity, the loss of billable hours, missed sales from a down e-commerce website, penalties for failure to meet regulatory compliance obligations. Given these costs, it’s no exaggeration that your disaster recovery plan may save your company.

Business Continuity Plan vs. Disaster Recovery Plan

When it comes to being fully prepared for any disaster, a company should develop a business continuity plan and an IT disaster recovery plan.

A business continuity plan is “the creation of a strategy through the recognition of threats and risks facing a company, with an eye to ensure that personnel and assets are protected and able to function in the event of a disaster." [Source] A business continuity plan not only comes into play during times of disaster, but also when other unforeseen events occur such as a major security breach, illness or death of a company executive, pandemic, civil unrest, etc.

An IT disaster recovery plan is a major sub-component of your business continuity plan. It is a roadmap that defines the steps to continue IT operations and resume IT systems, including the network, servers, desktops, databases, applications, and any other component of the IT infrastructure.

Let’s take a closer look at the IT aspect.

Should I Use an IT Disaster Recovery Plan Template?

If you are a small- to medium-size business (SMB), you should consider using an IT disaster recovery template to help guide you and your team through the plan development process. There are many templates available on the internet, including templates designed by SearchDisasterRecover.com and True North.  Additional  sample disaster recovery plans are found at template.net, where you can also find more information to get you and your team up to speed.

If you and your organization are new to this exercise, using a template ensures you do not miss important steps in the process and eliminates the costs associated with engaging a consultant. Whatever template you choose, your IT disaster recovery plan should include the following steps:
  • Establish a planning group
  • Perform a risk assessment and prepare an inventory of IT assets
  • Establish priorities
  • Develop recovery strategies
  • Develop documentation, verification criteria, and procedures
  • Test the plan
  • Implement the plan
  • Maintain the IT infrastructure

Some Do’s and Don’ts When Developing Your Plan

Here’s a quick synopsis of the most important “do’s and don’ts” when developing your IT disaster recovery plan.
  • Do not discount the importance of an IT disaster recovery plan because you have backups or have implemented high availability. You need an IT disaster recovery plan no matter what!
  • Do include key contact key members from various departments and include them in your planning committee. Include decision makers from a variety of departments as well as financial associates, customer service representatives, and IT personnel.
  • Do not apply a single data protection strategy to all applications
  • Safeguard data that is not stored centrally and take the following into consideration:
    • Virtual environments
    • Application-specific agents
    • Snapshot storage requirements
    • Server activation and documentation
    • Backup and recovery
  • Perform end-user acceptance testing and be sure to test a broad range of disaster scenarios regularly
  • Update your disaster recovery plan regularly and test it regularly
  • Choose a disaster recovery location that is not too close to your production site and is capable of remote activation in the event of an emergency
  • Plan frequent meetings to ensure that resources are still available in the event of a disaster

Test, Test, and Test Your Disaster Recovery Plan

Not enough can be said about the importance of regularly testing your disaster recovery plan and ensuring you have all the elements in place for a successful test. These include having a detailed script of test activities, ensuring that all IT components are in place and ready to use, documenting what happens during the test, and preparing a post-DR-test, after-action review.
You can find more information about test plan mistakes to avoid here.  You might also want to review TechTarget’s articles: “15 Field-Proven Disaster Recovery Test Plan Best Practices,” and “Disaster Recovery Plan Testing Primer: Test to Fail,” as well as Iron Mountain’s “Disaster Recovery Test - Best Practices.”

One More Thing…

According to a survey conducted by Zetta, two in five companies did not have a disaster recovery plan in place as of 2016 and 40 percent of those who did only test their plan once a year. So, if your organization does not have a documented disaster recovery plan in place, you are not alone. However, there is no safety in numbers when it comes to getting your business “back in business” when a disaster happens.