Disaster recovery plan: Disaster recovery plan or concept. Nobody wants an (IT) disaster. And yet it has often happened, even to large “secure” companies. A disaster recovery plan is the best way to prepare for such an emergency – regardless of whether you are a small individual company or a market giant. What is it? What is written down there? How do I create such a plan sensibly and what does such a plan look like in practice?
Disaster recovery concept – what is it?
A disaster-Recovery plan is a document that a company uses to prepare for disasters. It is part of business continuity management, but is more focused. It contains detailed responses to power outages, cyber attacks and natural disasters such as flooding. The focus here is on the IT infrastructure. The Measures to be taken after a failure of components in theinformation technologyto be initiated are listed. This includes both the data recoveryas well as the replacement of no longer usableinfrastructure,hardwareand organization.
The aim is to minimize the consequences of the damaging events as much as possible. The DR plan therefore shows how regular operations, or at least important processes, can be resumed as quickly as possible.
The idea behind it
Disruptions lead to lost sales, brand damage and dissatisfied customers. And the longer the recovery time, the greater the negative impact on business. Therefore, a good disaster recovery plan should enable rapid recovery from disruptions, regardless of the source of the disruption. All Measures are therefore described in such a way that they are to be worked through step by step by those responsible. Reporting channels, escalation levels and definitions of responsibilities in the event of a disaster are part of the content. The better the instructions, the better and faster you can react in an emergency.
Of course, not everything always goes according to plan. Some measures may become superfluous, others may become necessary. It must be clearly recognizable where measures could be added or skipped. A flowchart structure with a legend is a tried and tested way of easily identifying which steps are necessary.
7 steps to the perfect concept
Structure is the foundation of a successful disaster recovery concept. This is why the creation of the project must be systematic and well organized. How do we do this? With a 5-step plan.
Risk assessment
The first step should be a thorough examination of the potential risks to normal business operations. These include external influences such as hacker attacks through to environmental disasters. Here is an (incomplete) list of possible threats:
- Flooding
- Fire
- Sabotage
- Power failure
- Network failure
- Virus infestation
- DDoS attack
- Internet outage
- Zero-Day Exploit
- Hardware theft
- Ransomware
For each of these risks, consideration should be given to the likelihood of such an incident occurring, the impact it would have on normal business operations and what action should be taken in the event of such an incident. This has a major influence on the further content of an emergency plan.
Activation
Here it should be determined when the emergency plan in question comes into effect. Should it come into effect in the event of minor incidents or only in the event of major incidents? Here are a few examples:
- Total communication failure
- Total failure of the power supply
- Flooding of the site
- Loss of the building
- Blackmail
Based on the type of company or business sector, other factors will need to be taken into account when drawing up such a plan.
Emergency team
It must be determined who takes what action and when, based on the type of incident. This group of people who take immediate action in the event of such an incident is the emergency team.
Everyone in the company should know who is part of this team. The disaster recovery concept contains the contact information of all members of the emergency team and their deputies if they cannot be reached. Likewise contact information for important services outside the company should be included in an emergency plan. This way, no time is lost searching for external service providers. Such external service providers are, for example
- Electricity supplier
- Telephone service provider
- Internet service provider
- Buildingäbuilding protection
- Insurance
Recovery plan
It is important to have all the important data of the affected system to hand immediately. A directory of the various hardware should therefore be kept ready. This includes, for example
- LAN
- Server
- Means of communication
- …
The plan should also include information to restore these systems quickly or to obtain and set up a possible replacement.
Documents
The detailed forms are listed here. These include, for example
- Damage assessment: quickly obtain an overview of the damage incurred
- Action form: As already mentioned at the beginning, it defines what is done when and how
- Monitoring the recovery: The progress of the recovery tasks is documented here (in order of previously defined priority)
- …
Emergency test / exercise
Any emergency plan is only as good as the information it contains. This is why regular testing and/or revision is important: Is the contact information up to date? Have there been changes of employees? For example, is the electricity provider still the same?
To act quickly, every employee must know what is expected of them in an emergency. And this requires practice. It must be determined how often such exercises be carried out. The result of such Exercises should be recorded in writing and, if necessary, changes must be made based on the lessons learned.changes or additions should be made to the emergency plan.
Final report
A detailed report should be written after every emergency. This documents what happened, what measures were taken, when and by whom, and what effects this had, both positive and negative. It is not about finding “guilty parties”. It is about learning for the future and, if necessary, taking precautions to be prepared for future events.
This final report should be submitted to the management. However, other business units (if any) should also be informed in order to similar incidents there.
Start the disaster recovery concept – project
As with most projects, the start is the most difficult hurdle. Do you have enough resources to manage the project on your own? Should the project be handed over completely to external parties? Or is it perhaps enough to simply print out an online plan and fill it in?
Our experience says: all very bad ideas.
Why?
- It is not feasible to complete such a project 100% correctly and quickly in addition to the day-to-day business. And even if some employees can make extra time for it: Can they really pay attention to everything with a clear eye? Or can everyday blindness sometimes strike? Do the people involved already have a lot of experience with such projects and can they ask project-critical questions?
- Can an external service provider directly assess the company and all its business-critical factors in such a way that a really good plan can be drawn up?
- Is there really ONE plan? The shoe that fits everyone? Or isn’t your company something that needs to be considered individually? Because no other company is 100% as structured and organized as yours?
Our solution:
A really good plan can only be created if well-informed employees work hand in hand with an experienced external service provider to create such a disaster recovery plan. This combines the critical and experienced view from outside with knowledge of internal structures. This ensures that the company is backed up both holistically and individually for each business unit.
Leave A Comment