DISASTER RECOVERY 101: A PLAN THAT WORKS
[As organizations continue to automate their business processes, the dependency on technology and systems continues to increase. The risk brought about by automation is costly, as information technology disasters continue to increase over time. Organizations must ensure resilience by developing IT disaster recovery plans (DRP). The plan should consider people, resources, and systems
The organization should allocate roles, resources, and responsibilities specific to Disaster recovery planning. Management should establish a Disaster Recovery Team (DRT) with a composition of all business units. The team should be responsible for designing, implementing, testing, and creating awareness of the disaster recovery plan.
The Disaster recovery plan is developed after conducting a business impact assessment and an assessment of disaster recovery risks. A BIA (Business Impact assessment) identifies organizational processes that are critical for the functionality of the organization. The organization then identifies the systems, resources, and documents that are critical for these processes. This is what goes to the plan development. The plan should focus on the short-term survivability of the organization and not the full recovery of function.
The plan should consider man-made disasters, natural disasters, and technology-specific disasters.
An organization should clearly outline its procedures to ensure recovery. The procedures must consider the following:
- Supplier resilience
- Backup and replication procedures
- Offsite/Remote working procedures.
- Critical systems recovery procedures
- Critical equipment inventory
- Employee records and contacts
- Failover and failback procedures.
Disaster Recovery planning is a continuous process of assessing the preparedness of an organization to the ever-changing landscape of disasters. The plan needs to be continuously tested and validated over time, testing ensures that the setup procedures and controls are effective to the disaster recovery risks. Testing and validating systems help us determine our technological capabilities against the RTO (Recovery Time Objectives) and RPOs (Recovery Point Objectives).
It gives management buy in on the Information systems resilience against disruptions.