{"id":761,"date":"2011-09-09T09:00:52","date_gmt":"2011-09-09T16:00:52","guid":{"rendered":"http:\/\/www.redwireservices.com\/?p=761"},"modified":"2014-11-08T13:08:00","modified_gmt":"2014-11-08T21:08:00","slug":"what-is-a-disaster-recovery-plan","status":"publish","type":"post","link":"https:\/\/www.redwireservices.com\/what-is-a-disaster-recovery-plan","title":{"rendered":"What Is A Disaster Recovery Plan?"},"content":{"rendered":"
<\/a><\/p>\n A Disaster Recovery Plan<\/a><\/strong> is a comprehensive, well thought out, and tested process document that maps out how to respond during disaster scenarios including events such as fires, floods, earthquakes or other disasters. The plan also addresses more mundane situations such as equipment failure, human error, theft, or other localized events.<\/p>\n Generally, a Disaster Recovery Plan<\/a> (DRP) focuses on Information Technology (IT) systems while a Business Continuity Plan\u00a0(BCP) is a more generalized plan to keep all parts of the business running during disruptive events. \u00a0A DRP for even a small business can run 50 or more pages, and reads like a step by step instruction manual on how to recover each critical application, service, and\u00a0piece\u00a0of equipment in case of failure or disaster.<\/p>\n There are two key metrics in DR plans you should become familiar with.<\/p>\n Suppose that at noon on a Monday a business suffers a devastating fire. \u00a0An\u00a0RPO<\/strong> of one hour specifies that all data created one hour before the event (before 11AM), must be safely available at an alternate location. \u00a0Information (data) created between 11AM and noon may be lost, and is acceptable given an RPO of one hour. \u00a0The RTO<\/strong> of 24 hours means that the recovery team has until noon on Tuesday to bring the\u00a0application\u00a0back online.<\/p>\n Your business must decide on an RPO and RTO for each application, service, or system in your plan, and they must be decided early on in the process. \u00a0These numbers will drive almost every planning and infrastructure decision later on.<\/p>\n For most small to midsize companies a reasonable RTO and RPO is 24 hours, but it will vary from\u00a0company\u00a0to company and application to application. Keep in mind that as RPO and RTO values are set lower, costs rise significantly.<\/p>\n It is Monday afternoon, and Mary the Engineer, is wrapping up a design project due on Wednesday. \u00a0The server<\/a> where her project is stored and manipulated is acting a little slow, but still seems to be working, so she continues on with her work. \u00a0Another hour passes by and Mary receives\u00a0a warning message when trying to save her most recent work: \u00a0“Write Error.”<\/p>\n Mary frantically contacts Mark the IT manager at 1PM, who investigates and finds the server hardware inoperable and must be replaced. \u00a0Let’s see how this situation is likely to play out without a DRP, and then with a DRP in place.<\/p>\n <\/p>\n Luckily, even though Mark does not have a DRP, he did take diligent backups of all data once per day. \u00a0Even with this\u00a0preparation, however, Mark must:<\/p>\n After nearly two days waiting for replacement equipment, and one long hard day of work, Mary\u00a0is finally able return to her project on Thursday<\/strong> morning. \u00a0Mary\u00a0is frustrated that her\u00a0deadline was missed, that she has to work overtime just to submit the project late and explain the\u00a0situation\u00a0to the customer. \u00a0The customer is\u00a0disappointed\u00a0that the work is late, and wonders if they should look for a new vendor.<\/p>\n It could have been even worse. \u00a0This assumes Mark took some reasonable precautions, was available when the problem happened, and actually knew how the server and application were configured\u00a0originally; these are not safe assumptions in many environments.<\/p>\n This was also a\u00a0fairly\u00a0simple problem, just one system was impacted. \u00a0What if there was a flood or theft of multiple key systems? \u00a0Without a disaster recovery plan, chances are all data systems would be unavailable for a week or more, if they could ever be recovered.<\/p>\n Having been in that situation a couple of times myself,\u00a0it’s no wonder that half of all companies with a plan in place executed at least part of it in 2008<\/strong>\u00a0[2008 Continuity Insights and KPMG Advisory Services Business Continuity Management Benchmarking Report<\/a>]. \u00a0Since half of companies used their DRP over a one year period, your business is almost\u00a0guaranteed\u00a0to execute some of your plan over several years, even if a major disaster does not strike.<\/p>\n Now assume a disaster recovery plan was created earlier in the year with an RPO of one hour, and an RTO of 24 hours.<\/p>\nKey Disaster Recovery Metrics<\/h2>\n
\n
Hypothetical Situation<\/h2>\n
Without A Disaster Recovery Plan<\/h3>\n
\n
With A Disaster Recovery Plan In Place<\/h3>\n