Blog / Disaster Recovery Plans and Infrastructure
Properly Prioritizing Items In Your Disaster Recovery Plans.
Hopefully it comes as no surprise to anyone that, regardless of your organization type—whether it’s a private business, a non-profit, a municipality, etc.—it must abide by some kind of regulations or legislation. The exact rule sets vary, but regardless of whether they’re addressing payment card data standards like PCI-DSS, privacy concerns like PIPA, or some other issue unique to your industry or organization, every organization is bound by some kind of legislated regulations imposing rules on how to operate. Sometimes these are exact procedures to follow in specific situations, but often legislation falls short of telling organizations exactly what to do, opting instead to require them to develop their own plans for address certain scenarios and evidenced by the sheer number of policies they require you to have. There are too many to cover in a single newsletter so today we’re going to focus on Disaster Recovery Plans(DRP), as most organizations will settle for just having one, as if the sheer act of making a DRP is enough when in actuality there’s for more to them.
What are Disaster Recovery Plans?
A DRP is exactly what it sounds like: a plan for dealing with a disaster, in this case anything that causes massive disruption to your organization’s operation. It could be a fire, a flood, an earthquake, or even major theft or damages exclusive to the organization, as the definition of a disaster isn’t limited natural ones as far as DRPs are concerned. Different types of disasters require different plans of action to handle properly. For example, a large office fire requires contacting the fire department, but they’re generally not required if your basement floor filing room floods.
What should be in your DRP?
In general, the more scenarios you can cover and the more detail you can provide about your plans for dealing with them, the better. In some situations, it may be vitally important to contact to contact certain entities (like emergency services or insurance) though large-scale disaster may result in disruptions to emergency services as well, which you may also want to consider addressing.
Beyond external considerations though, many disasters disrupt services vital to your organization. Therefore, a good DRP prioritizes services for recovery according to their importance to keeping your operation running. But how do you decide what is or is not important?
Enter the Business Impact Analysis (BIA)
A Business Impact Analysis, or BIA is a report that details different aspects of your business and what the impact of an interruption would be. BIAs also detail how those items are related or interact. For example, consider any software you use which is vital to your operations. You may be tempted to prioritize it, but remember that software applications often require license authentication to use, which in turn means the software requires access to some cloud infrastructure, and so in actually, you should be prioritizing recover of your internet access. Moreover, an internet disruption is almost certainly going to impact other aspects of your organization, with communications tools like email and possibly internet-phone services being the most obvious. Properly prioritizing limited resources to quickly restore services in an order that is the most effective is vital.
Disaster recover plans are essential but to properly develop them requires an intimate understanding of your organization, which in turn requires a business impact analysis to best understand how the disparate bits and pieces interrelate. That will allow you to properly prioritize the restoration of services along with whatever those services actually require to function.
If you’d like help developing a BIA, DRP, or both, contact a TRINUS technician and we’ll be happy to help out with some stress-free IT.
Today’s quote comes from Hamlet; “Every plan breaks easily, Because the intention is a slave to memory.”
Be kind, courtesy your friendly neighbourhood cyber-man.