Why every organisation needs a Disaster Recovery Plan
Creating an effective Disaster Recovery Plan (DR Plan) puts your organisation in a position to be able to minimise the impact of an unforeseen disaster.
The very real consequences of such disasters include financial loss, operational disruption, damage to brand credibility and, potentially, total ruin.
If your organisation has a Disaster Recovery Plan, you’ll be able to recover business operations using a planned, controlled and efficient approach within a relatively short time frame.
For the purposes of this article, we are discussing ‘disaster recovery’ in the context of IT and communications systems recovery and the prevention of data loss in the aftermath of a disaster – rather than with the overarching theme of who assumes responsibility for which areas of the business.
What types of risks or events necessitate a Disaster Recovery Plan?
Let’s look at some of the most common disaster event types:
- Cybercrime
As the 21st century moves into its third decade, the main threat facing every business, charity, public sector organisation or government department is that of a cyberattack.
Cyber criminals target IT and communications system with malware intended to corrupt, destroy or encrypt data across a network. Any of these can lead to a total system failure, but since 2019 it is ransomware attacks that have repeatedly brought the operations of large parts of organisations from FedEx to our own NHS to a halt.
- Natural disasters
With global warming comes floods, hurricanes and wild fires, and all have wrought havoc around the world causing £billions in damage, loss of life and the destruction of countless organisations and businesses. Location can be a major issue, and where risk of natural disaster is considered higher, a DR plan should factor in all possible such events.
- Terrorism
Risk of a terror attack, like natural disaster, depends largely on location. But the knock-on or ‘collateral’ effect of a terror attack targeted at a nearby company could warrant preparing to deal with IT failure, power disruption or damage to buildings.
- Network failure
Factors impacting IT and network availability include power cuts, hardware failures and severed communications lines. Keeping infrastructure such as software systems, network endpoints and server hardware updated can mitigate this, but DR planning means planning for the unexpected loss of critical systems.
- Human error
There’s no planning in the world that can mitigate against human error. Whether by innocent mistake or malicious intent, or via social grooming, critical files, folders and databases can be easily erased and lost in seconds.
What are the benefits of a Disaster Recovery Plan?
By developing your Disaster Recovery Plan, you are recognising that if a disaster (such as a flood, fire cyber breach) were to hit, your business operations could be severely impacted.
By establishing a DR Plan, the benefits to your organisation in the event it is impacted by a disaster may be to:
- Minimise disruption to normal day-to-day operations
- Limit the extent of disruption resulting from the disaster
- Minimise financial impact by prioritising sales to protect cashflow
- Put alternative/parallel operational processes in place in case of disaster
- Develop a means for operational systems revival
- Safeguard brand reputation.
In many organisations, disaster recovery is part of a wider, overall business continuity plan – while for others, the two terms are interchangeable.
What does a Disaster Recovery Plan entail?
In simple terms, a Disaster Recovery Plan will ensure that your business can continue to operate – or at least resume working – in a short-to-medium timeframe and in a ‘close-to-normal’ way should a catastrophic ‘event’ cause disruption.
Four key elements feature in most Disaster Recovery Plans:
1) Prevention: looking at ways to prevent or avoid a disaster from affecting the business in the first place
2) Detection: developing mechanisms to identify quickly that a disaster is happening or is about to happen
3) Mitigation: planning for how the consequences of business-impacting disaster can be mitigated or corrected
4) Testing: making sure that if a disaster did occur, that the plan would actually kick in and work.
The real business impact of disaster
According to a report from HSBC, 80% of businesses that suffer a shutdown as a result of a disaster or major incident go on to fail completely within 18 months.
One factor commonly identified among the reasons for this can is the lack of an adequate DR plan.
In other words, the lack of a DR plan meant that when the business was impacted by the disaster or major incident, it was unable to resume its operations for a considerable time, or, at least, not to near-normal operating level. Customers were unable to purchase or receive their goods/services, suppliers and partners were not paid, production was severely impacted and the business became unviable.
What steps should be part of the DR Plan?
1. Backing-up and restoring data
Data backup is a fundamental operational IT process that most businesses carry out as a matter of course. Yet it isn’t always supported by processes to restore access quickly to data.
There’s a difference too between the processes of data backup and data replication.
Backup involves storing a spare copy of data that can stored in a safe location, to be restored in the event of loss or damage to the original data.
Replication involves operating multiple instances of the same data in multiple sites which are all updated at or close to the same time.
Backup but should be part of a wider plan that specifies:
- What data needs to be backed up
- How regularly
- To which location
- For how long
- In what circumstances
- How – and how quickly it can be restored.
2. Prioritising business functions
All business functions depend (usually to a great extent) on data availability, so prioritising which functions are key will help form the parameters of your DR plan:
- Potential loss of sales
- Impact on cashflow
- Damage to long term brand reputation
- Loss of production capacity
- Recovery/replacement costs.
3. Reviving operational functions
Following hot on the heels of (2), you should determine which operational functions need to be up and running – and how quickly – after a potential disaster.
Another way of looking at this is to ask how long your organisation can survive without fulfilling sales, taking payments and paying suppliers.
Operational areas to prioritise might include:
- Customer service/sales operations: when and how often do customers need to interact with us – e.g. hourly, daily, weekly, monthly?
- Operational systems: which operational systems e.g. CRM, finance, ERP does the organisation rely on and which ones could it do without for a temporary period?
- Human resources operations: how quickly and easily can the organisation communicate with employees in the event of a disaster?
- Security operations: has any potentially confidential data been released and if so how can this be communicated, mitigated and corrected?
Next steps
The clearest route to an effective DR plan is to work with an expert in cloud technologies, cybersecurity, remote management and IT systems support such as Alliance Solutions.
We can help you recognise and prioritise the critical elements in your IT infrastructure and develop a plan to bring them back into operation quickly and effectively in the event of a disaster, whilst also minimising the use of vital resources.
Whilst the hope is always that a DR plan will never have to be implemented, it would be wrong for that hope to become an assumption or ‘certainty’.
Getting your DR strategy right will provide your businesses with a lifeline that could one day prove to be indispensable. Contact Alliance Solutions to discuss scoping and planning your Disaster Recovery strategy across your entire organisation on 0800 292 2100.