Disaster Recovery – Planning for Failure
As a MSP for our clients, we often do not have days off. We have to plan for the unexpected; in our world it is always worst case scenario not best case. In new client discovery meetings we often find that the DRP plans is in motion, but not really implemented. As spring time has arrived, we are often hit with unstable weather conditions, from flash snow storms to rain showers that flood offices.
Have a look at your current DRP – is your backup and disaster recovery (BDR) solution safe from natural disaster, malicious attack or network failure?
Instead of the traditional check marked approach – Consider these talking points to get business BDR into action.
Have you defined what a disaster scenario is? What is the plan of resolution per that situation?
Spend time to assess what possibilities could bring your business to a halt. It may seem trivial, but ensuring that there is a plan in place will relieve the stress once the BDR plan needs to be implemented.
Have you discovered all potential risks that should be included in your IT DRP?
Flash floods, power outages, theft, ransomware, and phishing emails – just some of the dangers that could expose the kink in your business armour. Consider all of these individually and combined – does the current DRP mitigate this?
Leverage your Business Impact Statement? You do have one right?
With all of your listed risks in place from above – assess which is the most likely of scenarios to occur; and what direct / indirect impact would it have on business operations. Each office will have its individual IT infrastructure challenges, ensure that you minimize the susceptibility to outside dangers.
We like to ensure that all of our clients have DRP solution in place – it ensure that clients will face a little frustration as possible. In a likely scenario of where power failure occurs – there will be instant damage to the integrity of the server HD’s. In the likelihood that the server/local backup fails; data will not be recoverable. With a BDR in place; the business will experience end user downtime, however data will be recoverable. Once you have a defined BIA for each potential risk, management can determine which vulnerabilities to address first.
Does your DRP strategy have a recovery time objective (RTO) and recovery point objective (RPO) for each of the risk?
RTO is a benchmarked goal to attain when disaster strikes – business data must be recovered to ensure business continuity in the specified time frame per disaster to ensure minimizing downtime.
RPO is a benchmarked goal to ensure that the business data comes back to full operational mode following a disaster or an unplanned event. Based on the backup cycle, it can be defined as last recovery point, one week prior etc.
To reduce the risk and ensure the successful implementation of the BDR – test your backups! Assume that the documentation will help weather the disaster storm is not enough. Grip I.T. tests our clients BDR at random intervals to ensure compliancy to the DRP.
Roles, Responsibilities and Recovery Teams!
Ensure that there is a clearly defined chain of responsibility for the DRP – in stressful times, it is best to follow the allocated plan not look to assign tasks to specific individuals.
- Determine the scale of disaster, where does it fall on the DRP chart?
- Oversee DRP expenses
- Produce a report post recovery.
- Assess the damage to the building
- Ensure specific zones are clear of danger
- Make sure of proper inventory of human resources, equipment and supplies
- Assess the network, ensure all components are operational
- With a multi-network environment, ensure there is a full ops team tasked with a specific site
- Use the required tools, hardware & software on the network to regain uptime
- Ensure secondary servers located offsite are full patched for OS & application
- Ensure secondary servers located offsite are synced with redundant data.
As each BDR plan will be unique in responsibilities of tasks based on the size & scale of the organization. Ensure that all aspects of business continuity are covered.
Reaching out to clients, vendors, employees and media?
Ensure there is a clear line of communication between all specified parties mentioned above; making that your clients understand the scale and level of distribution is key to keep client relations harmonious. Being transparent is key!
Full Contact Information
In the BDR it is vital to include a call tree – it is a clear visual guide of who to call based on the situation at hand. Going through various employees and playing telephone tag can be very inefficient and cumbersome in resolving the issue at hand. A calling tree negates the frustration.
Post Disaster Analysis
Take inventory of all the various IT systems on and off site; ensuring that all are operational. Knowing the state of the IT infrastructure is essential in getting the network back into its operational state.
Countless times we have seen the old adage come to fruition – failure to plan is a plan for failure. Disaster can strike at any time for a business; a DRP will help business mitigate the rough waters.