IT Recovery Plan 101: Your Back Ups Aren’t Enough To Stop A Disaster
If your IT disaster recovery plan starts and ends with data back up, it needs some help. Far too many businesses say “Oh, we’ve got back ups.”
But when was the last time anybody checked those back ups?
See, a lot of businesses can’t answer that follow-up question. It’s a common problem with IT disaster recovery plans.
But there’s good news!
Today, you’ll learn exactly what questions to ask, what details to include and what red flags to avoid in your IT disaster recovery plan.
“68% of businesses don’t have a documented disaster recovery plan.” Source: Nationwide
Definition: What Is IT Disaster Recovery Planning?
IT disaster recovery planning is a strategic response plan to emergency situations that will affect the IT environment, and so the business’ productivity and security.
Specifically…it’s a written document detailing:
- Types of emergencies (hurricanes, cybersecurity attacks, pandemics, employee scandals, etc)
- Employees involved (leadership, operations, human resources, accounting, etc.)
- Specific response instructions
- Tools (software/hardware) required
If a business has multiple offices or remote workers, the IT disaster recovery plan will account for that and include adjustments.
IT disaster recovery plans must be tested for weaknesses. Create a mock emergency and go through the motions with employees. It may seem silly, but it’s better to fix problems now rather than when it really counts.
Don’t forget to practice continuity of operations plans regularly. For example, Florida-based businesses should practice their hurricane IT disaster recovery once a year, before hurricane season begins. This way, the plan is fresh in employee minds.
Most importantly, IT disaster recovery plans must be baked into the overall business continuity plan. It’s great if your IT survives an emergency, but don’t forget about the rest of your business!
Examples of Good and Bad IT Disaster Recovery Plans
Let’s look at a few examples of air-tight recovery plans and plans that could use some help.
These Plans Could Use Some Help
#1: Missing and/or Outdated Information
The worst thing to be in an emergency is unprepared. A broken chain of command will create miscommunication and even safety risks. Ensure contact information is up to date and assign new key personnel when previous ones step down or leave the company.
#2: Missing Critical Hardware Information
Be diligent in recording the critical types of IT equipment. Lost information can slow down a disaster recovery timeline and halt business production.
These Plans Are Looking Good
#1 Regularly Updated IT Disaster Recovery Plan
This business chose to update their IT disaster recovery plan each year, perhaps they live in Florida and are planning for hurricanes. They also described the update and who approved it. This keeps a clear line of communication.
#2 Planning Beyond Just Back Ups
Remember, having back ups isn’t the end-all, be-all. Specifically outlining solutions to IT disasters ensures there are no loopholes in your recovery plan.
“49% of businesses say it would take three months to recover from a natural disaster.” Source: BizTech Magazine
What’s Included in an IT Disaster Recovery Plan?
We spoke with business continuity planning experts Ryan Williams and David Gardner to truly understand what questions to answer and how to avoid bad IT disaster recovery planning.
A good IT disaster recovery plan accounts for the physical as well as the virtual. It’s easy to forget that we can save IT from disaster just by moving it to a safe location.
- Move critical equipment, like servers, computers and printers, away from windows
- Unplug all equipment to prevent destructive brown outs and power surges
- Take things like laptops, keyboards and mouses home
- Cover what can’t be moved with heavy-duty tarps
On the virtual side, ask yourself:
- Can employees connect to our cloud via laptops?
- Is our phone system onsite or is it in the cloud i.e. can we continue communication if the office is damaged?
- Are our critical files moved to a cloud platform like Office 365 so we can access critical and time-sensitive data?
On the personnel side:
- What’s our post-disaster plan?
- Who’s in charge of facility operations; will they work with the IT team to get the network back up?
- What’s our communication back up if phones don’t work or email is down?
- Which key personnel do we need to involve?
- What if there’s a prolonged outage? Do we need to plan for a “graceful shutdown”
IT disaster recovery planning is part of prudent business continuity planning. It’s figuring out, “How do I keep my business running?” and “What are all the possibilities that go wrong?”
For IT specifically, I work with businesses to answer these questions:
- Which departments are core to your business that you need to recover ASAP?
- What’s your recovery time objective (RTO)?
- What’s your recovery point objective (RPO)?
- How long could you afford to be down?
- How are your systems working now: what’s in-house and what’s cloud-based?
The biggest misconceptions I hear from businesses is about data back ups.
Backups are not disaster recovery planning.
Figure out the following about your data back ups:
- Are they onsite or offsite?
- How often is data backed up? (hourly, daily, weekly, monthly)
- How can employees access the backed up data for work?
- How quickly can you restore the data?
The answers to these questions reveal if your back ups will help with recovery.
IT Disaster Recovery Red Flags
Business continuity and disaster recovery is such an important thing, many businesses look for extra support. It’s helpful to have a qualified IT provider look at your recovery plan, or even help you create one.
If you’re looking for a managed service provider to help with a IT disaster recovery plan, watch for these red flags.
- All they talk about is back ups, nothing further
- They’re not speaking honestly about costs
- Not eager to showcase their office
- Only offer a one-size-fits-all recovery plan
- Don’t ask specific questions about what’s critical to you
- Assume to know your disaster tolerance level
- They’re not concerned about business continuity as a whole
Just like any part of IT, a disaster recovery plan is specific for every business. It depends on industry, location, size, number of offices, and many more factors. Your plan should be as unique as your company.
iVenture Solutions is an award-winning managed service provider delivering superior IT solutions to clients across Florida.
As a leading-edge IT firm for small and medium-sized businesses, we provide a diverse range of services covering the entire scope of IT including maintenance, support, hosting and more.
Through rapid response time, reduction of chaos and the right people, our expert team of IT professionals will fulfill your technology needs. At iVenture, we give you more time to do what matters most.
This article originally appeared on iVentureSolutions.com.
Sign up for the Tech Tribune, our monthly curated newsletter, to get more IT tips for your business.