Data is important and is becoming more and more important. Guaranteeing your business continuity is therefore essential. A Disaster Recovery Plan and Disaster Recovery Test will help you with mainting the business continuity. We will briefly explain what the DRP and DRT are and what they consist of.
What is a Disaster Recovery Plan?
To be well prepared for possible escalations, a Disaster Recovery Plan (or DRP) is often drawn up. This is a documented series of actions that an organisation can take in order to resume business as soon as possible in the event of a disaster or escalation.
How does a Disaster Recovery Plan work?
To start a DRP, organisations often first carry out a business impact analysis. This analysis identifies the most critical and urgent business functions required to get everything up and running again quickly after a disaster or escalation. In addition to a DRP or IT recovery plan, organisations must also test this plan in practice. This way, everyone is trained to be well prepared in case of escalation.
Such a test in practice is also called a Disaster Recovery Test. The Disaster Recovery Plan is tested step by step in practice.
Disaster recovery step by step
A Disaster Recovery Plan or Business Continuity Plan is not drawn up overnight. This plan will have to be drawn up and updated in a well-considered way in order to be continuously prepared for possible IT escalations and calamities.
Step 1: Preparation for a Disaster Recovery Plan
One usually starts with a risk analysis. One examines the possible impact of the failure of systems / loss of data in the event of, for example, a power failure, theft or loss, a cyber attack or a fire in the data centre.
It is crucial to know which applications and services run on which parts of your IT infrastructure and where they are located in the data centre.
BUSINESS IMPACT ANALYSIS AT DRP
The next step is the Business Impact Analysis (BIA). This involves looking closely at how the various business units operate and which of them are dependent on IT. In addition, the possible consequences of certain risks are determined. The aim is to determine the maximum acceptable downtime in the event of an IT escalation.
DETERMINE THE RTO FOR YOUR DRP
The RTO (Recovery Time Objective) is determined. This is the time in which a certain service or function must be operational again after downtime, in order to avoid major consequences for the business as much as possible. Based on the calculation of the maximum acceptable Recovery Time Objective, the budget and measures to be taken are determined.
If an RTO is estimated at 8 hours and a longer downtime has disastrous consequences for an organisation, the organisation will therefore have to invest more in order to be well prepared for an escalation/calamity and to be fully operational again within the maximum time span of 8 hours.
DETERMINE THE RPO FOR YOUR DRP
The RPO (Recovery Point Objective) shows the time interval that may pass without the maximum amount of lost data being reached.
For example, in many organisations the backup is made at night. If an escalation occurs at night during or before the backup period, there is a chance that some or all of the data from the previous day will be lost.
In that case, is an organisation unable to sufficiently re-create the lost data without affecting business continuity? If so, the RPO should be shortened and the organisation should, for example, make multiple backups.
Step 2: Fully map out the IT environment
In the next step, it is essential to get a clear picture of how the processes run and how the entire IT environment is set up. This allows you to properly identify which services are running and which might be vulnerable in the event of an IT escalation.
When mapping the environment, the following points are examined:
- To what extent does a system failure affect other systems and processes
- Are all systems secured
- Which guarantees and SLAs (Service Level Agreements) are active for which systems
- Are regular back-ups made of all systems?
Step 3: Disaster Recovery Strategy
Once you have made a risk analysis and BIA (Business Impact Analysis), determined the RTO and RPO and mapped out the complete IT environment, the next step is to prepare a strategy. This strategy (Disaster Recovery Strategy) includes concrete actions and procedures that can be relied upon in the event of an IT disaster.
It defines who should do what in case of escalation, what should be done and which parties should be involved in case of escalation. The DRP describes in detail how to act step by step in order to get the processes up and running again quickly.
The final Disaster Recovery Plan contains additional information such as:
- Recovery procedures
- SLAs and contracts
- System inventories
- Data from suppliers
- IT services from external parties
Step 4: Disaster Recovery Test: Check double check
It is crucial to regularly test and adjust your Disaster Recovery Plan. This test is also called Disaster Recovery Test. It is advisable to adjust and adapt this plan at least once a year in order to be as well prepared as possible for possible escalations in your data centre.
Disaster Recovery Test at IRENT
Testing your DRP will mean that your environment experiences a short downtime. Renting a rental server or rental storage is sometimes desirable to let this run smoothly and to be able to continue the business during the Disaster Recovery Test. Would you like to know more about the possibilities of IRENT for a Disaster Recovery Test? Please contact us. Our IT specialists will gladly assist you!