4 disaster recovery plan best practices for any business
Disaster recovery plans are unique, built around an organization's size, type and industry. However, there are some key best practices that all businesses can implement.
A good disaster recovery plan comes from a combination of planning, documentation, testing and optimizing to remove any snags and expedite recovery. With all these factors at play, one size does not fit all.
Without a disaster recovery (DR) plan, many companies end up making reactive decisions on the fly with limited information in stressful circumstances, so it's critical to have one in place. However, a strong recovery cannot simply be thrown together. DR plans are highly individual and will vary based on factors such as company size, type, budget and location.
Luckily, there are some key areas that can guide most planning strategies. Disaster recovery teams that set priorities, keep documentation and run tests will see the most success. In some cases, the key to a better strategy lies in a complete overhaul, so it's important to know when it might be time to start from scratch.
Any DR planning and real-world testing is time well spent. If a crisis strikes, these four disaster recovery plan best practices could help save the day.
1. Set and document recovery priorities
Documentation is a critical aspect of DR planning. Thorough, detailed documentation throughout the planning process provides DR teams with the information they'll need to ease a recovery operation. Planners can also use this documentation after running or testing a plan to examine weak spots or re-order priorities.
Documentation should include a catalog of the organization's applications, as well as each app's recovery time objective (RTO) and recovery point objective (RPO.) Documenting the RTO and RPO of the applications will help planners prioritize what they can/must get up and running first in a recovery.
Priority systems are key internal and external systems that enable the business to run and generate revenue. Choosing which systems to prioritize is a key decision and should involve all the appropriate stakeholders so that there is a documented, clear and concise order in which the systems will be restored.
A good company disaster recovery plan must also document emergency communication information. Be sure to include contact details for key stakeholders, application administrators and owners, as well as approved messaging to inform those impacted by the disaster.
2. Test, test, test
One of the biggest potential challenges to a good recovery plan is the unknown. In every organization there could be several unforeseen scenarios that disrupt operations. Tests can provide some insight into a plan's vulnerabilities and highlight any areas that DR teams must update as the organization changes. Frequent DR testing is ideal, as is using tabletop exercises.
Tabletop DR testing can highlight issues that planners might not have considered, running through the plan from start to finish. This type of testing will ensure that key personnel will know how to perform their roles, as well as bring potential roadblocks to the surface before a disaster takes place.
3. Know who to involve
Key individuals in a disaster recovery plan are not limited to those working on the restore or responsible for the application. In addition to key customer contacts and stakeholders, sometimes there are legal requirements to notify legislative bodies depending on the organization in question.
IT security staff are a helpful addition to disaster recovery planning, and can give valuable insight into a data protection strategy. As ransomware attacks continue to evolve and spread, DR teams should lean on IT security for assistance.
The size, structure and industry of an organization will determine who must be involved in a DR plan. For DR teams unsure about who to bring in, a tabletop exercise or test of the plan can highlight who is missing (or unnecessary) when the recovery takes place.
4. Know when it's time to start fresh
As ransomware attacks continue to evolve and spread, DR teams should lean on IT security for assistance.
In some situations, the top disaster recovery planning best practice might be a complete rebuild. It boils down to trust. If an organization cannot trust the current infrastructure, then a ground-up rebuild might be the best option. Unfortunately, many organizations experience a crisis that makes a DR plan overhaul appealing. Examples of this include ransomware or even nation state attacks.
Depending on the scenario, potentially compromised equipment might be put to one side for investigation. Isolating and resolving problematic elements can help organizations avoid a costly overhaul. However, in many situations, the physical cost of new servers is small when measured against the value of a successful DR invocation, data restore and resumption of operations.
Stuart Burns is a virtualization expert at a Fortune 500 company. He specializes in VMware and system integration with additional expertise in disaster recovery and systems management. Burns received vExpert status in 2015.
Dig Deeper on Disaster recovery planning and management
