IT disaster recovery is a critical process that can help an organization survive and recover in case of disaster – whether a natural disaster, accidental data loss, or malicious cyber attack. The IT disaster recovery plan allows an organization to focus, prioritize its risks and assets, establish a data protection strategy, and determine the best way to recover normal operations. Learn the typical structure of an IT disaster recovery plan and how you should go about creating one for your organization.
In this article you will learn:
• What is a disaster recovery plan?
• 7 parts of an ITDR plan
• Basic steps to creating a plan for your organization
• How to protect your data with Veeam
What is a Disaster Recovery Plan?
A disaster recovery (DR) plan is a document that helps an organization react to a disaster and take action to prevent damages, and quickly recover operations. IT disaster recovery is a subset of disaster recovery, which focuses on IT aspects of DR, such as minimizing downtime of servers, databases and employee workstations, and bringing critical systems back online. An IT disaster recovery plan enumerates the tools and procedures to make this happen.
Here is the typical structure of a DR plan:
- Goals – what the organization aims to achieve in a disaster, including the Recovery Time Object (RTO), the maximum downtime allowed for each critical system, and the Recovery Point Object (RPO), the maximum amount of acceptable data loss.
- Personnel – who is responsible for executing the DR plan.
- IT inventory – list hardware and software assets, their criticality, and whether they are leased, owned or used a service.
- Backup procedures – how and where (exactly on which devices and in which folders) each data resource is backed up, and how to recover from a backup .
- Disaster recovery procedures – emergency response to limit damages, last-minute backups, mitigation and eradication (for cybersecurity threats).
- Disaster recovery sites – a robust DR plan includes a hot disaster recovery site – an alternative data centre in a remote location that has all critical systems, with data replicated or frequently backed up to them. Operations can be switched over to the hot site when disaster strikes.
- Restoration – procedures for recovering from complete systems loss to full operations.
BUILDING
Building a disaster recovery plan is not as simple as writing a document. You need to do careful research to understand the needs of your organization and the risks it faces. You also need to carefully coordinate the plan with all stakeholders, test it to make sure it works, and continuously update it to make sure it stays relevant.
Follow these steps to create a working disaster recovery plan:
- Map out your assets – identify what you need to protect, including network equipment, hardware, software, cloud services, and most importantly, your critical data. For each item note its physical or virtual location, relation to other assets, vendor and version, networking parameters, etc.
- Identify criticality and context – understand how your assets are used and their importance to the business. Classify assets into high impact, medium impact and low impact, by identifying how likely they are to disrupt business operations.
- Risk assessment – identify which threats are likely to face the business as a whole and specific asset. Interview the staff who work on critical systems and ask them what are the most likely causes of service interruption.
- Define recovery objectives – consult with senior management and operations staff to understand what would be the impact of interruption to each critical system for one minute, one hour, one day, or more. Use this information to define your RTO and RPO.
- Select disaster recovery setup and tooling – using your knowledge of assets to be protected, risks and required RTO/RPO, envision your final disaster recovery setup. Will you have a hot DR site? Where will it be located, and will it be cloud-based or self-hosted? Which backups or replicas will you maintain? Where will they be located? Select the software or hardware, cloud services or partners that can help you achieve the required setup.
- Budgeting – as important as disaster recovery is to your business, you will have a limited budget. Present several options to management, each with a progressively higher price tag but better RTO/RPO and/or support for more critical services. Allow them to decide on the right balance between risk and investment in DR technology.
- Approval – put together an agreed draft of your DR plan based on feedback from management and get final sign off on the plan.
- Communicate the plan – circulate your document to the disaster recovery team, to senior management, and to anyone else who will be involved with or affected by DR procedures.
- Test and review – test the plan by conducting a realistic disaster drill, and seeing if and how staff act according to the plan. Learn from the test and modify the plan and procedures accordingly. You should periodically review the plan – at least every six months – to ensure it is still relevant and reflects the current organizational structure and IT setup.
Protecting Data Effortlessly with Veeam
Traditionally, DR is thought to require huge investments in hardware and software as well as the need to build and maintain a secondary site. But with the flexibility of virtualization and the adoption of cloud technologies, there are alternatives to “do it yourself” DR — most notably, disaster recovery-as-a-service (DRaaS).
Whether you prefer keeping DR in-house or would prefer to find a trusted DRaaS provider, Veeam® has you covered. Built-in failover orchestration enables easy 1-click site failover to minimize unplanned downtime. Veeam Availability Suite lets you create predetermined failover plans for a group of replicated VMs, which you need to boot simultaneously or in a specific order. In case of an emergency, you just need to initiate a saved failover plan in one click. You can even launch your DR plan remotely from your phone or tablet through Veeam’s web UI, which is available with Veeam Enterprise Manager.
Click here to learn more on Veeam Certified Engineer