Disaster Recovery Plan

Disaster Recovery Plan

Imagine a secretary in search of a presentation, which was prepared the day before especially for meeting with clients. For some reason she cannot find it now. The needed data is not at hand, so the new presentation cannot be created, and what’s more important there is no time for that. If the enterprise lacks a clear tested disaster recovery plan, the following events are likely to proceed. The secretary calls IT administrator in despair only to be informed that he is on vacation. Priceless time is getting wasted, when she finally reaches someone from IT department, and again that coworker tells that he has only shallow knowledge about backup system and has never attempted emergency recovery. A half of the day will pass until he figures out how to recover needed data, then he may or may not recover the presentation in question, but it is too late anyway and the important meeting is already spoiled.

Now, if there was a correctly made disaster recovery plan, the secretary would certainly know who is responsible for handling such situations or the person who can substitute him in his absence, and she would call him directly. That employee, who knows the system well, would recover the missing presentation rather quickly, and the meeting with clients would proceed as planned.

Elaborately developed disaster recovery plan is urgently needed in case of complete loss of entire digital data. Efficient recovery and, as a result, quick restoration of current operation can be decisive for the enterprise’s further existence. That’s why disaster recovery plan is an obligatory element of any good IT security concept.

When making a plan, you should think about the following:

  • For what purpose the enterprise is using digital data?
  • When that data should be delivered?
  • How would it affect the business process if the data becomes unavailable for one day or gets lost permanently?

IT disaster recovery team positions should be clearly designated. The most critical thing is to assign the person in charge of making decisions during disastrous situations and also his stand-in. If possible, one of managers should also be involved in planning so he will be able to assist in case of unexpected circumstances. It is important to inform all co-workers about disaster recovery plan and gather briefings devoted to it regularly. Also, it should be decided how exactly a notification about disastrous situation is made and who is the first person to be notified when it happens.

For events of total failure and serious disasters, a Disaster recovery plan should be stored in printed form at the office building and also at some safe remote location.

The issue about required quickness of reaction should be decided depending on the branch of enterprise activity and on the extent of how critical digital data is for enterprises’ operation. Should there be an immediate reaction in the event of data loss that occurred during off hours, or it can be postponed until the beginning of the next workday? Besides, the data should be categorized by its importance. The most critical data should be unquestionably recovered immediately while recovery of other data can be delayed.

Disaster recovery plan should contain the following information:

  • telephone numbers and addresses of persons to be notified about the disaster;
  • information on the person in charge of making decisions together with his stand-in;
  • information regarding backup data center;
  • information on IT service companies;
  • address list of manufacturers and vendors of software and hardware.

Each stage of recovery plan instructions should be formulated and classified according to importance degree and extent of damage.

Along with instructions for regular employees, the document should include manuals regarding procedures carried out by recovery handling staff.

The document should contain step-by-step instructions regarding disaster recovery formulated in a way such that even a guest IT specialist is capable of understanding and carrying out all the steps.

Disaster recovery procedures should be written down with short, unambiguous and clear phrases. Graphics can be used in order to improve comprehension.

Practice alerts and trainings on disaster recovery plan usage should be conducted at least once a year.
After disaster recovery is fully completed, it should be checked whether all data is accessible again. Often some files are overlooked during recovery and users forget about them. In such case all further backups will not contain those lost files, thus exposing them to risk of being permanently deleted from previous backups due to Retention Policy.