DR Lesson Learned: Are You Prepared to Respond?
Written by Delores Shoemaker
Being prepared for an unplanned event disrupting your organization means preparing for the unexpected. Natural disasters, hardware failures, and malicious malware attacks are inevitable. It could very well happen to your organization. A sound strategy allows for a quick response time and includes a having a solution in place for your data, systems, and people. Without it, many businesses find themselves unable to recover, closing their doors for good and leaving employees, customers, and vendors out in the cold. With many years in the DR industry, I still find many organizations that are not prepared and without the means to recover.
Lesson 1: You need a plan.
Not having a plan for recovery is like traveling from New York to Florida without having directions, a map, or street signs to follow. You need to know the how, what, why, and where. Too many organizations don’t have any plan, and just relying on their IT staff to know what to do which typically results in a partial, or failed recovery impacting operations and revenue. Don’t fall into this trap.
Best practices include taking the following steps:
- Conduct a Business Impact Analysis and a Risk Assessment (the why) to identify financial impact, potential risks, critical systems, your recovery time objectives (RTOs/how long can your systems be down), and recovery point objectives (RPOs/how much data loss can be tolerated).
- Develop a comprehensive IT Disaster Recovery Plan (the how, what, and where) detailing the step-by-step recovery process and procedures to follow.
- Write it down, share it, test it and store it in an easily accessible location available to the people in your organization identified in the plan to facilitate your organization’s recovery.
Lesson 2: Test your plan.
Not testing your plan is like knowing you have money in the bank but never checking your ATM card to see if it works. You have money, but can you get to it? What about DR? You may think you have the best plan, and you might be certain that you have covered everything, but until you’ve tested, how do you know for sure? Testing is the dress rehearsal before the real show, providing confirmation of your organization’s ability to recover and identify any crucial gaps in your plan.
Lesson 3: Update your plan.
In the fast-paced, ever-changing world of IT, what you are doing today may not be what you are doing tomorrow. Creating a disaster recovery plan isn’t a one-and-done. Update your plan regularly to stay in step with your current IT environment and business requirements. Another great reason to perform a DR test!
Lesson 4: Keep your subscribed services current.
For most organizations, having a fully-replicated data center for recovery doesn’t make sound business or cost justification sense. In this case many organizations choose to work with a third-party DR provider to support their recovery requirements. With today’s leaner IT staffing and typical corporate projects and implementations, it’s easy to place updating your DR provider system requirements at the bottom of the list as you are making changes to your production environment. If you experience a disaster, the result can be catastrophic if you haven’t been regularly communicating those changes. Staying in touch and communicating with your provider is paramount to your success.
Lesson 5: Choose a partner for your DR goals.
The key to managing a solid DR strategy is choosing a DR provider to work with that treats you as a true partner and not just another customer. Find a DR provider who’s focus is to be by your side every step along the way of your DR journey. Your DR provider-partner should help you develop, implement, and consistently remind you to test your recovery strategy.