Be Prepared!
Adam Thomas, Principle Solution Architect
Disaster Recovery Planning for Small Organizations
Disaster Recovery Planning
What is it?
In our experience, many small businesses and organizations have not spent much time putting together a Disaster Recovery Plan, DRP. In its simplest form, it's just a document that describes how the business or organization will continue to function if something bad happens.
Many times the end result is not impressive. Instead it's the discussion and process that went into forming the plan that is the important part. During that process the business owners or organizational leaders determine how much risk they are willing to accept and how to reduce that risk. In the beginning it may be a little uncomfortable, but by the end of the process, people feel much better because they've reduced the number of unknowns and have a higher level of confidence in their operations.
Getting Started
Getting started putting together a DRP for smaller organizations is actually easier than for larger ones.
1. Determine who can make judgements about risk
DRP development always involves accepting some level of risk. For larger organizations this is usually done at a committee level. This can be cumbersome because there's often a temptation to try and quantify the risk for easy comparison. Unfortunately much of the risk has to be judged from a more subjective stand point. This is usually much easier for a small business because a single person, usually the owner, can make those judgements efficiently.
2. Define the disasters
The next step is to define the different types of disasters that might happen. In general these can be sliced several different ways.
- Physical versus digital - Spilling coffee on your computer and shorting it out is a physical disaster. Getting hacked by a virus is a digital disaster.
- Isolated versus wide spread - A hard drive malfunction only affects a single computer. The fire sprinkler system getting triggered and soaking everything on-site is wide spread.
- Stationary versus mobile - Your desktop computers are stationary at your office and left on to provide after hours back-ups and updates which may make them more susceptible to damage by power surges. Because of their mobility, laptops and tablets may be more susceptible to theft and accidental damage such as drops.
3. Loss Analysis
This first part of this step is pretty simple. When one of the disasters defined above happens, determine what is lost both physically and digitally. The second part of the analysis is more difficult and requires defining the impact that loss has on the business.
For example a computer that has a hard drive malfunction means that you've lost the hard drive, its data, and the time and money it takes to replace the hard drive with a new one. The impact though may vary. If this was a computer that had important information the impact can be high. If this was a computer that was only used to browse the internet the impact is probably low.
4. Recovery Plan
This is where your IT service provider or in TOPHAT LTD's case, IT partner, should really help you out. A recovery plan is simply a set of steps to recovery from a disaster. These steps may involving using tools, services, or technologies which may not yet be in place. These missing pieces should be highlighted and compiled into a separate implementation plan, which once again should probably be facilitated by your IT server provider.
One thing to keep in mind when talking about recovery plans is that you always have to first assume the disaster and loss has occurred. Preventative strategies often make their way into a DRP which is fine as long as they're focused on the risk acceptance portion of the plan. Their role is to reduce the risk not aid in the recovery.
5. Risk Acceptance
The final step is accepting the risk that remains after implementing your recovery plan. There are actually three key risks to accept.
Final Thoughts
Disaster Recovery Planning may seem daunting but it is necessary. It's like automobile safety in that some is better than none. A car with seat belts may not be as safe as one with airbags but it's still safer than one without either one.
DRP development should go beyond technology and become part of your process and culture, such as keeping beverages in your break room and away from your computer. Additionally it needs to be updated regularly both to adjust to your changing needs and to take advantage of new technologies. Lastly with everything you have to worry about as a small business or organization, you shouldn't have to tackle this alone. We're always here to answer your questions and provide solutions tailored to meet your needs.
Author: Adam Thoms, Co-Founder, TOPHAT LTD
The final step is accepting the risk that remains after implementing your recovery plan. There are actually three key risks to accept.
- Incompleteness - If you don't spend sufficient time and thought on defining possible disasters and analyzing loss, there may be some critical areas that got overlooked.
- Likelihood of a disaster occurring - Some disasters are more likely to occur than others. This likelihood, while difficult to quantify, should certainly be considered when deciding to accept risk associated with a DRP.
- Residual loss after recovery - Even after a successful recovery, not everything may have been able to be recovered. For example if computer backups happen once a week, you still may lose up to a week's worth of work if a disaster happens right before the next backup.
Final Thoughts
Disaster Recovery Planning may seem daunting but it is necessary. It's like automobile safety in that some is better than none. A car with seat belts may not be as safe as one with airbags but it's still safer than one without either one.
DRP development should go beyond technology and become part of your process and culture, such as keeping beverages in your break room and away from your computer. Additionally it needs to be updated regularly both to adjust to your changing needs and to take advantage of new technologies. Lastly with everything you have to worry about as a small business or organization, you shouldn't have to tackle this alone. We're always here to answer your questions and provide solutions tailored to meet your needs.
Author: Adam Thoms, Co-Founder, TOPHAT LTD