How to devise a disaster recovery plan for your IT

How to devise a disaster recovery plan for your IT

IT disasters can strike any business and can be caused by any number of natural or man-made causes. Whatever the cause, if your company’s IT network and data access are knocked offline, the result in interruptions of business and services that can be costly. 

We’ve put together some tips to help you prepare for any type of IT disaster and help your business through the disaster recovery process. 

IT Disaster Preparedness & Recovery Tips 

1). Prepare an asset inventory: this is the first step for disaster preparedness and recovery. During this process, all of the company’s IT assets should be listed. The list needs to include all servers, apps, data, network switches, storage devices, access points and network appliances. Next, determine where each asset is located in the network and identify dependencies. 

Taking stock of all assets, including hardware and software, will help you to organise them in order of priority, making sure those most important are implemented first and so on. In addition, this is a great time to gather all contact and technical support information in one place—for each asset. Don’t skip this step—you’ll need the information when the network fails. 

2). IT threat analysis: the next step is just as important—identify and analyze each threat and failure that could be possible. This includes everything from natural disasters to a hacker attack. As you walk through each scenario, determine the probability of occurrence and the effects each could have on your IT network and each piece of the network. 

Use the dependencies determined in step one to predict how each scenario might effect your network. Don’t forget that not all major events are caused by natural disasters and hackers. A simple hardware failure can also be devastating. 

3). Define criticality levels & recovery objectives: conduct a criticality study on your IT system. Categorise data and applications according to their importance. Take the time for careful analysis and organise these points into groups that share commonalities. 

Consider organising systems and applications in three or four tiers, with tier 1 being those services that must be restored first, to tier 4, applications that be recovered last or at a more convenient time. The point of this exercise and knowledge is to get essential services back up and running as soon as possible. 



4). Calculate RTO & RPO: calculate the recovery time objective (RTO), which is the maximum amount of time your system can be down. For example, consider the amount of revenue the company may lose during an outage. Next, calculate the recovery point objective (RPO), which is the maximum amount of data the company can afford to lose during downtime. 

Downtime ideally will be short, but in some cases an outage may last hours to days. Calculate the costs, and time need to reestablish the network and determine the recovery values you can afford for loss of time, data and revenue. 

5). Data Backup: during the RPO calculations, you’ll want to determine how often to back up data and how much data needs to backup. Data loss can be tragic; many IT experts recommend backing three copies of your data on two or more types of media, with one copy located offsite. You’ll looking to create redundancy in the event of a catastrophic outage. 

Consider the frequency of backing up your data, making sure to store it in more than one place in the process. 

6). Determine recovery tools and techniques: you’ve mapped out assets and their dependencies, created groups and tiers based on criticality, now it’s time to determine the tools and techniques needed during the recovery process. For instance, is it better to store data offsite for protection? Is cloud backup and storage feasible? 

After making this determination, look for methods to streamline and automate the recovery process. Automation will assist if IT personnel are not available and will limit the risk of errors. 

7). Write the disaster recovery plan down: now it’s time to write down all the aspects of your recovery plan. Focus on getting down as many details as possible to help everyone know exactly what needs to happen and when. Once the plan is down and in place, make sure those responsible for dealing with disasters have access to the plan. 

8). Test the plan: you’re now ready to test the disaster recovery plan. Testing will determine if the plan is detailed, practical and if it will even work. Not only that, but you may find unexpected instances of malfunction or that important pieces of the network have been left out. To avoid unpleasant “surprises,” test your plan to make sure it works as needed. If not, go back and repeat the steps above until the plan works like it should. 

9). Review and revise: it’s a good idea to review and revise your plan every three to six months. Technology changes and updates may change the way your IT recovery plan needs to work. With a review every few months, you’ll be sure your plan is current and ready to go at a moment’s notice. 

10). Develop a communication plan: last, but not least, it’s time to create your communication plan. Communication is essential during any type of IT disaster. You’ll need to determine who is in charge of communicating news, who’s responsible for initiating the disaster plan, and how to communicate with stakeholders, the media and more if regular lines of communication (such as phone, email, etc.) are not working. Don’t forget this essential part of the plan, or you’ll be set up for failure.

You can’t stop IT disasters, but you can prepare for them in advance. Disaster recovery is difficult at best. It can be costly and expensive, but following these steps, you can minimise the damage to the network, data loss and the cost of lost revenue and customers. Protect your IT network to keep losses to a minimum and make recovery after the disaster as fast as possible by creating a disaster recovery plan for your IT network.