Every business should at least take basic steps to be prepared for disruptions, and the Disaster Recovery Plan (DRP) accomplishes that for your computing systems. It’s not just being prepared for the next “big one,” it’s about being prepared for eventualities such as power outages, equipment failures, and human error (such as accidental file deletion).
If you are dependent on computer systems in your business, you’ve likely had a computing “disaster” in which a DRP would have saved your company time, money, and a lot of frustration. We hear examples of this almost daily — the latest one from a sales organization that had to do without email for three days due to a system configuration or hardware problem. We do not need to tell you how frustrated the sales folks were that they couldn’t access their email for days, and it could have been avoided with an up to date disaster recovery plan.
Other situations that could have been avoided include newer startup companies hosting their websites on the popular Amazon Web Services Elastic Compute Cloud (EC2), such as reddit. So far this year EC2 has suffered at least two significant outages, which was a wake up call to many depending on their services.
We happen to still like, and use Amazon EC2 services, but these outages have shown that their offering is not bullet proof and contingency plans are absolutely in order. In fact, Amazon recommends them and has cautioned users to utilize multiple availability zones even before their problems earlier this year. Users who took their advice experienced little if any disruption in service, and creating a Disaster Recover Plan for your EC2 hosted application will bring these issue to light, giving you a chance to correct them before it becomes a problem.
According to a 2008 report, nearly half of the companies with a DRP executed at least part of their plan that year [2008 Continuity Insights and KPMG Advisory Services Business Continuity Management Benchmarking Report]. This shows that having a plan is a great idea, even if your business is lucky enough to avoid a natural disaster.
We Have a Disaster Recovery Plan, I’m Done, Right?
Congratulations, but you are not finished. The reason why DRPs work so well is they bring issues to light that can be easily corrected now, before a disaster strikes. After your DRP is complete, the business must ensure the objectives set forth in the document are met and that all the recovery processes specified actually work. In other words, we need to carefully review the DRP over and over again, until we are satisfied due diligence is complete.
Once you’ve done your due diligence, we still need to perform regular testing and updates. We recommend that the DRP is reviewed quarterly with all involved parties to ensure no changes to the technology, recovery infrastructure, staff, or vendors have been made. If changes have been made, then that portion of the DRP must be tested to ensure the processes are still accurate. If changes are needed, update the document accordingly.
At least once a year, and when the first DRP is written, we recommend all businesses perform a full disaster recovery exercise. This test usually occurs over a weekend or other slow business time and involves running all critical business applications at an alternate site according to your plan. This exercise is key to illuminating any deficiencies in your plan, and provides your technical team and management confidence that the process will work when it is needed for real. It’s rare that these tests go 100% according to plan, so expect to learn something during each DR exercise.
Get Started Now
We hope you are now assured that a DR plan has value. It’s important to make a commitment to creating your plan now, it is all to easy to put off for another day, and pretty soon it’s too late. Every business needs at least a basic DRP.
Need help deciding on what is right for your disaster recovery plan, or need help implementing an archive system or backup strategy? Contact Red Wire Services at (206) 829-8621.