Disaster recovery should an important part of every company, especially as it pertains to their IT resources. Loss of hardware and applications can be costly, but the loss of the data that is stored on the computers and servers are often times more costly, and can potentially bankrupt a company. All departments should come together to create a company-wide Disaster Recovery Plan, but as part of that, specific parts should identify the IT resources and the plans to reduce the risk of loss, and how to recover from loss after a disaster.
The topics below should be part of the Disaster Recovery Plan. They each are important in the planning and implementation of the Disaster Recovery Plan.
Please contact us if you need assistance with creating a Disaster Recovery Plan as it pertains to your IT resources.
A Business Continuity Plan may now be the most important part of Disaster Recovery. Prior to cloud computing becoming more affordable, the most common way to guarantee business continuity was to do multiple backups on different media (tape backup, external harddrive, CD/DVD Rom), or even have what would be a “warm site”. The cloud has allowed real-time backups and computing in the cloud, so that duplicate hardware would not be needed, and would allow users to still access their applications and files after a disaster. Being able to run a business quickly after a disaster helps reduce loss of revenue.
The Incident Response Plan is part of the Disaster Recovery Plan because it helps identify the most common types of disasters for the respective business location. This plan includes four phases for its creation and implementation: planning, detection, reaction, and recovery.
- Planning – determine the types of disasters and the response to each
- Detection – monitor the network for security breaches, or monitor weather for natural disasters
- Reaction – take the necessary steps to eliminate, or reduce, the risk of the network breach or natural disaster
- Recovery – perform the actions outlined in the planning phase so the business can recover from the disaster quickly
Risk Assessment, Risk Management, and Risk Analysis are all part of a plan to help reduce risk. These three make up a Risk Assessment Plan that helps businesses identify any potential risk, and to determine how the risk will be managed. These steps will help a business develop the Risk Assessment Plan.
- Identify risk – determine the areas of the business that are at risk
- Assess risk factors – determine how likely the risk will occur and its impact on business
- Identify triggers – determine the steps that could lead to the risk so safety measures can be implemented before the risk occurs
- Plan a response – if a risk is not caught during the trigger phase, a business should plan a response to reduce the impact
- Identify risk owner – determine who within the company will be responsible for monitoring for specific risks, and how they will respond
- Manage the plan – continue to review the Risk Assessment Plan, as factors may change over time
Consequences Of a Disaster
- Loss of data
- Loss of revenue
- Loss of productivity
- Damaged reputation
- Damaged customer relationship
- Legal liability
Disaster Recovery Solutions
- Regular backups
- Cloud data storage
- Cloud computing
- Warm site
- Battery backup system/UPS
- Generator for backup power
InfoSec Policies and Plans
- Information Security Policy
- Acceptable Use Policy
- Access Control Plan
- Business Continuity Plan
- Disaster Recovery Plan
- Electronic Communication Policy
- Incident Response Plan
- Risk Assessment Plan