6 Essential Elements of Business Continuity and Data Recovery Planning

Be it a tornado, or flood, or just a simple outage, disaster recovery and business continuity planning are processes that help organizations prepare for the unknown. Businesses must establish a safeguard to assure business continuity and data recovery. Moreover, policies need to reflect best practices that will maintain business continuity and clearly illustrate how teams should execute a well-rehearsed disaster recovery plan when facing what many argue to be the absolute inevitable: the outage of a major business system.

Business Risk Assessment

Every IT Manager should perform a business risk assessment for each key infrastructure that is responsible for the management, maintenance, and/or storage of data, be it cloud, or on-prem. An assessment should define, and identify the importance that data repositories play in housing critical data within an organization. The assessment should also define and document the disaster contingency and recovery plan for each manager’s area of responsibility. Questions that plan should answer include:

• What are the key business processes?
• What are the applicable risks to availability?
• What is our prioritization of recovery?

Contingency Plans

Businesses must have a contingency plan documented in the event that hardware, software or networks become dysfunctional or simply go down. This plan should explain the nature of the system unavailability in the event of an outage, and should detail a predetermined recovery process that will be implemented to regain operation. The contingency plan should describe, if necessary, off-site computer operations or temporary hardware or software use. Businesses should test regularly, and review this plan for updates to technology or other circumstances that may change.

Consider Disaster Recovery as a Service

Disaster Recovery as a Service (DRaaS) is an approach to data recovery that has gained popularity over the years. Based in the cloud, DRaaS has many capabilities that traditional disaster recovery does not, including cost-effectiveness, and scalability. DRaaS vendor, Acronis explains how their solution works, stating:

“It will back up and replicate your systems into an on-site appliance and Acronis cloud data center. In case of outage, we can recover and restart your systems locally or in our cloud so you can continue providing IT services to your internal and external constituents until you can safely fail back.”

Data Backup Plans

A Data Backup Plan should define and address, at minimum, the following:

• Personnel responsible for executing the backup plan, keeping in mind data confidentiality best interests.
• Construct a schedule that routinely checks systems and backup data. Be advised that, depending on backup and recovery solution provider, the cost of more frequent backup may increase. Make do with your business’ unique budget, as the potential losses as a result of having no plan greatly outweighs any loss you would have with a plan in place.
• Identify all systems and data lakes that require backup.
• Develop and detail specific recovery procedures to restore data from backup repositories.

Communication When Systems are Down

In the event of a disaster– if your company’s internet and phones are down, this could throw a major stick-in-the-spokes of business continuity. You must discuss with all employees a plan of action to keep in touch with customers, employees who are off-site, and most importantly, a way to contact emergency services if outgoing lines of communication have shut down. A log of the personal cell phone or landline numbers of key personnel may come in handy, keeping in mind confidentiality requests of course, along with personal email addresses of employees, especially if the business runs it’s own email servers. Develop a plan and make these resources available to those who need them in a predetermined location.

Establishing Timelines

Most importantly, make sure to explore your business’ recovery time objectives. How long is too long before teams are able to recover critical systems when they fail? What financial implications would 5 hours, 10 hours, or 24 hours of downtime mean to your bottom line? With this in mind, establish a recovery time objective (RTO). This is the duration of time within which a business process or system must be restored after an outage, in order to avoid consequences associated with the disruption. Not all stakeholders may understand the impact that downtime can have on a business; that reputation, liability and even jobs are at stake if a team is not hyper-responsive to these emergencies. Make sure your employees know that, in these instances, time equals much more than money.

Disasters are all around us, and businesses need to be prepared for that. Without proper business continuity and data recovery practices in place, organizations will be unable to bounce back, with many eventually failing. Consider these points when beginning the planning process in order to maintain business operations during a disaster.