Planning for disaster is never an easy task. As a business, you have to think of every possible scenario that could see your operations grinding to a halt, which in itself can be a stressful project. But then you also need to find ways of preventing those scenarios from taking place. And then comes the problem of putting failsafe measures in place for when, despite your best efforts, disaster strikes anyway! This last part is where having a disaster recovery plan checklist can come in very handy.
What is a Disaster Recovery Plan Checklist?
A Disaster Recovery Plan details all the steps that should be taken when the worst scenario becomes reality. It could be a data leak, a ransomware attack, or even a natural disaster like a fire or lightning strike. Perhaps it’s the president announcing another hard lockdown. Whatever the scenario might be, it’s important to have a plan in place for ensuring that your systems keep running smoothly, and that your operations can continue as normally as possible.
So that explains the Disaster Recovery plan itself, but putting your plan together is a job in and of itself. This is where having a disaster recovery checklist (and especially an IT disaster recovery plan checklist) can make the task far easier. The checklist will cover each of the areas that you need to base your recovery plan around. It ensures that no stone is left unturned, and no aspect of your business will be at risk should disaster strike.
What Should Be Included in a Disaster Recovery Plan Checklist?
Every business is different, and no two companies will have the same needs when it comes to disaster recovery. In fact, even the phrase ‘disaster’ could take on very different meaning depending on the business that you find yourself in.
Think of the way the Coronavirus pandemic, for example, has impacted different businesses. Hospitals, doctors and even insurance brokers will see it in a very different light from, for example, Internet Service Providers, who suddenly find business booming with more people working from home and needing reliable connectivity.
This means that when you look at a disaster recovery plan checklist, you should do so bearing your own company’s structure, difficulties and potential disasters in mind. Take these areas into consideration, but refine your checklist as you go.
1. Assess Your Risks
Think about which types of disasters pose the most risk to your business. Keep in mind the systems that you already have in place, and the impact they would already have on your disaster management.
For example, if you are already making use of cloud hosting services, then natural disasters will pose less risk than if your infrastructure were based on-premises.
It’s also important here to consider how likely it is that each of these disasters would occur. The likelihood of lightning striking your office, for example, is far lower than the potential for a cyberattack.
2. Pinpoint Critical Areas of Your Business
You know which disasters could cause the most damage to your business. Now it’s time to think about which areas are most critical to your operation, and what they need to continue uninterrupted.
These areas could include teams of people, or essential technologies. For example, if you are running a wholesale business, one of the critical areas of your business would be your ERP solution. It going down or becoming unavailable would see almost every aspect of your business slowing to a halt until it becomes accessible again. For any business that offers services, your support teams will be essential during a disaster, as they will be the first point of contact for your customers. For them to operate effectively, your lines of communication – phone systems and mail servers – would need to remain online, especially when disaster strikes.
3. Understand How Long Can Your Business Afford to Stay Offline
When disaster strikes, it’s expected that some aspects of your business will go offline. You can’t keep everything up and running 24/7, three-hundred-and-sixty-five days of the year. And you’re not expected to!
The important thing is to knowing which areas of your business need to be brought back up and running as a priority, and which can be restored in the background. To understand this, you’ll need to define your recovery objectives: your RPO and RTO.
RPO stands for Recovery Point Objective, and determines how much data your business can afford to lose. For example, if a disaster strikes and you lose a week’s worth of website visitor and social media audience data, would your business survive? What if you lost a week’s worth of client records?
RTO stands for Recovery Time Objective. Where your RPO is all about how much data can be lost, your RTO is all about how quickly your services need to be brought back online. Looking at that same example as above, if you didn’t have those website and social stats for a few days or weeks, knowing that eventually you’d retrieve them, most businesses would be alright. If, on the other hand, it took days or weeks to retrieve your client details, your business would be in trouble.
Each area of your business will have its own RPO and RTO, which will help you to prioritise backups, determine how often they are needed, and ensure their restoration in a way that won’t compromise your operations.
4. Create a Backup Plan
You understand the risks to your business, the critical areas that need to be brought back online as quickly as possible. You even know how much data you can afford to lose and how much time recovery should take. And now it’s time to put measures in place to ensure that your data, infrastructure and apps are recoverable. It’s time to create a backup plan.
First things first, you’ll need to decide how you want your backups to be stored. You could, for example, regularly copy information onto a hard-drive or NAS system which is stored on-premises. But the most reliable and secure way of storing backups is in a cloud environment.
Next, you’ll need to think of how often your data needs to be backed up. This is where your RPO will come in handy. Knowing how much data you can lose will tell you how regularly you need to be backing information up.
Finally, you’ll want to make sure that your backups are easily recoverable. Having copies of your information and settings is one matter, but bringing them back online is another.
5. Assign Roles and Responsibility
The last thing that you want when disaster strikes is for your teams to be running around like headless chickens. It’s important that they know what to do in the case of a disaster, and one of the best ways to ensure that this is the case is to put together a Disaster Recovery Team.
Your DR Team will often be made up of heads of departments who can ensure that panic doesn’t set in. Each team member will have specific responsibilities for ensuring that your services, infrastructure and operations are brought back online quickly and efficiently, that your clients are informed and reassured as necessary, and that your employees are able to continue with their work.
These roles also don’t necessarily begin and end when a disaster comes around. Ensuring that your business is well prepared for disaster will mean scheduling backups, as mentioned above. But it will also mean regularly checking that the backups are running effectively, that no critical data is getting lost, and that backups are quickly and easily recoverable.
6. Setup a Disaster Recovery Site
Some disasters have bigger potential for disruption than others. If your teams are working from an office environment, for example, a fire that destroys your office is going to be difficult to bounce right back from. And it’s not just natural disasters that have the potential to severely disrupt your environment. If you are using cloud storage and an attacker gains access to the platform, encrypting all of your files and documents, your business operations might also have some difficulty resuming.
This is why it’s important to have copies of anything essential to your operations stored at a disaster recovery site. This ‘site’ could be digital – a cloud-based platform like Azure storage where you keep essential apps, files that you can’t risk becoming compromised or copies of networks and servers. In the case of physical offices, it might also mean having a space where your employees can go to continue their work.
7. Test, Test & Test
The worst time to find out that your Disaster Recovery Plan isn’t complete is when it’s too late to do anything about it. Don’t wait until disaster strikes. Put your plan to the test.
- Regularly check your backups
- Test your backup restoration and optimise recovery time
- Plan and play out scenarios to ensure that your teams are well prepared, and know what to do in case of a problem
- Spend some time at your DR site to ensure that it encompasses everything you’d need in case of an emergency
You Don’t Have To Define Your Disaster Recovery Plan Checklist Alone
As a business owner, CEO or manager of a company, you’re not always going to be in the best position to create an IT disaster recovery checklist. You’ll need to turn to IT experts to ensure that no stone goes unturned and that no critical technology will be ignored. IT support experts like Solid Systems are even in a position to help you prevent IT disasters. Both through cybersecurity solutions, and through infrastructure monitoring that detects problems before they have a chance to cause havoc.
Whether you’re looking for guidance in creating an all-encompassing disaster recovery plan checklist, or would prefer to have IT pros take control of your plan and ease your mind, turn to Solid Systems for all of your cloud backup, disaster recovery, and cybersecurity advice and solutions.