Disaster Recovery Plan for Business

IT Disaster Plan and Recovery in a Nutshell

Information technology changed us. The way we communicate, connect, sell or even share our thoughts is different way back 10 years ago. Same goes to our business processes. Thanks to IT, some tasks that took days and even weeks can be done in only a few hours, or even minutes. We have truly maximized the potential of IT. Today, we still continue to create and find new breakthroughs with it. One of which is the Disaster Recovery for Businesses.


What is Business Disaster Recovery?

Business Disaster Recovery Plan Start Button

Whether you’re from a small or large business, we all heavily rely on information technology. And we are not stopping. We continue to depend heavily on IT to run our operations. And when disaster comes, losing everything especially your IT is like putting your whole organization into the trash. Good thing, we now have Business Disaster Recovery.

Business Disaster Recovery is a set of policies, tools, and procedures that focuses on the IT or technology to enable the recovery or continuation of critical business functions, vital technology infrastructure, and systems despite natural or human-induced significant disruptive events. Disaster recovery can also be considered as a subset of business continuity.


Disaster Recovery plan

Disaster Recovery Plan for Business

According to the National Institute of Standards and Technology (NIST) Special Publication 800-34, “Contingency Planning Guide for Federal Information Systems,” the following summarizes the ideal structure for an IT disaster recovery plan:

  • Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.
  • Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission/business processes. A template for developing the BIA is provided to assist the user.
  • Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life-cycle costs.
  • Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
  • Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system’s security impact level and recovery requirements.
  • Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.
  • Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.


Step-by-step IT DR Plan Development

Using the structure noted in SP 800-34, we can expand those activities into the following structured sequence of activities:

  1. The plan development team should meet with the internal technology team, application team and network administrator(s) and establish the scope of the activity, e.g., internal elements, external assets, third-party resources, linkages to other offices/clients/vendors. Be sure to brief IT department senior management on these meetings so they are properly informed.
  2. Gather all the relevant network infrastructure documents, e.g., network diagrams, equipment configurations, databases.
  3. Obtain copies of existing IT and network DR plans. If these do not exist, proceed with the following steps.
    1. Identify what management perceives as the most serious threats to the IT infrastructure, e.g., fire, human error, loss of power, system failure.
    2. Identify what management perceives as the most serious vulnerabilities to the infrastructure, e.g., lack of backup power, out-of-date copies of databases.
    3. Review previous history of outages and disruptions, as well as how the firm handled them.
    4. Identify what management perceives as the most critical IT assets, e.g., call center, server farms, internet access.
    5. Determine the maximum outage time management will accept if the identified IT assets are unavailable.
    6. Identify the operational procedures currently used to respond to critical outages.
    7. Determine when these procedures were last tested to validate their appropriateness.
  4. Identify emergency response team(s) for all critical IT infrastructure disruptions. Determine their level of training with critical systems, especially in emergencies.
  5. Identify vendor emergency response capabilities; if they have ever been used; if they were, did they work properly; how much the company is paying for these services; the status of the service contract; and the presence of a service-level agreement and if it is used.
  6. Compile results from all the assessments into a gap analysis report that identifies what is currently done versus what ought to be done, with recommendations as to how to achieve the required level of preparedness and the estimated investment required.
  7. Have management review the report and agree on recommended actions.
  8. Prepare IT disaster recovery plan(s) to address critical IT systems and networks.
  9. Conduct tests of plans and system recovery assets to validate their operation.
  10. Update DR plan documentation to reflect changes. Any good disaster recovery plan should have strong and thorough documentation that includes a detailed inventory of the equipment in the infrastructure. This is particularly important because it helps new IT administrators get a lay of the land that was created by previous administrators. It helps to maintain good asset management.
  11. Schedule next review/audit of IT disaster recovery capabilities.


The Goal of Business Disaster Recovery

Remove or Lower Risk by Disaster Recovery Plan

An article from TechTarget says that Business Disaster Recovery goal is to limit risk and get an organization running as close to normal as possible after an unexpected interruption. As cyber threats increase and the tolerance for downtime decreases, disaster recovery became very important. This practice enables an organization to get back on its feet after problems occur, reduce the risk of data loss and reputational harm, and improve operations while decreasing the chance of emergencies. It will be a company’s only savior when disasters occur.

Trying to save a couple of bucks for a Business Disaster Recovery won’t do you and your company any good. This is already like putting the whole company into the dump. Think of it not only as your backup and recovery plan but also an insurance plan that assures you that whatever unexpected tragedies will come, you can easily recover and resume your business as if nothing happened. Reach for Business Disaster Recovery providers now, before it’s too late, contact Streamline Technology Group today to get your IT audit started.