You have written a disaster recovery plan (DRP) with a clear set of procedures to recover and protect your business' IT infrastructure in the event of a disaster. Your plan is a comprehensive description of the consistent actions you will take before, during and after a disaster, be it natural, environmental or man-made.
But just how complete is your DRP ? Here are 8 critical points that may be missing from your existing plan:
1. Establish a disaster recovery functional team
Elect one spokesperson from the group for communication. In the event of a multi-location organization each location should have a core team or representative that works with the corporate entity.
2. Do a full risk assessment
Identify risks in the following areas:
Information – What information and information systems are most vital to continue to run the business at an acceptable level?
Communication Infrastructure – What communications (email, toll free lines, call centers, VPNs, Terminal Services) are most vital to continue to run the business at an acceptable level?
Access and Authorization – Who needs to access the above systems and in what secure manner (VPN, SSL, DR Site) in the event of a disaster?
Physical Work Environment – What is necessary to conduct business in an emergency should the affected location not be available?
Internal and External Communication – Who do we need to contact in the event of an emergency and with what information?
3. Off-site or Cloud-based data centers and applications
Create a written recovery plan that is hosted remotely in a secure and redundant data center. Schedule and test your plan at least once per year or in accordance with regulatory/compliance requirements. Ensure employees can access the hosted environment (both from within the business confines and remotely) during fail-over mode from the designated locations.
4. Protect premise-based data centers
Produce a written recovery plan that is stored remotely. Identify water entry areas throughout the building and have sandbags available. Install VESDA smoke detection and thermal detectors. Have a fail-safe alarm system. Place high-temperature sensors on fire sprinkler heads if non-water based fire-suppression is unavailable. Keep your data center above street level. If you are in a single-floor building, raise your racks from the floor. Employ multiple Internet service/data providers and test for failover regularly.
5. Have a reliable data back-up strategy
Tape back-ups should be removed daily and stored in a secure, easily accessed public building with at least 2-3 individuals having keys to the location. Back-up data to a geographically distant location, either electronically, or ensure physical media is in a diverse location. Come to our event on June 19 to discover effective economic ways to save your data securely to an off-site location.
6. Consider hosted telephony systems
Employ multiple Internet providers and test for failover regularly. Verify that critical phone numbers have the ability to call forward in an unreachable condition.
7. Create a functional call center
Identify key business applications required and how call center staff will access these applications from alternative locations. Identify critical call types that must be answered and determine mechanism to segregate those calls. Identify alternative locations to house the staff with the appropriate systems, phones, and work environment. Ensure administrative staff has the ability to remotely change call routing, messaging, and related call center functionality.
8. Keep it up to date and test it regularly
Make sure your best laid plans actually work. Your infrastructure changes and so must your plan.This means rigorously subjecting your plan to the type of disaster you most fear for your business, the total loss of your site.
And don't forget, the team of engineers at IDSA are here to help !
