TOPHAT LTD
  • Main
  • About Us
  • Services

Tech Topics & Musings

April 2014 - TECH TOPIC

4/1/2014

 

Be Prepared!

Adam Thomas, Principle Solution Architect

Disaster Recovery Planning for Small Organizations
Picture
Picture

Disaster Recovery Planning

What is it?

In our experience, many small businesses and organizations have not spent much time putting together a Disaster Recovery Plan, DRP. In its simplest form, it's just a document that describes how the business or organization will continue to function if something bad happens.

Many times the end result is not impressive. Instead it's the discussion and process that went into forming the plan that is the important part. During that process the business owners or organizational leaders determine how much risk they are willing to accept and how to reduce that risk. In the beginning it may be a little uncomfortable, but by the end of the process, people feel much better because they've reduced the number of unknowns and have a higher level of confidence in their operations.

Getting Started

Getting started putting together a DRP for smaller organizations is actually easier than for larger ones.

1. Determine who can make judgements about risk

DRP development always involves accepting some level of risk. For larger organizations this is usually done at a committee level. This can be cumbersome because there's often a temptation to try and quantify the risk for easy comparison. Unfortunately much of the risk has to be judged from a more subjective stand point. This is usually much easier for a small business because a single person, usually the owner, can make those judgements efficiently.

2. Define the disasters

The next step is to define the different types of disasters that might happen. In general these can be sliced several different ways.
  • Physical versus digital - Spilling coffee on your computer and shorting it out is a physical disaster. Getting hacked by a virus is a digital disaster.
  • Isolated versus wide spread - A hard drive malfunction only affects a single computer. The fire sprinkler system getting triggered and soaking everything on-site is wide spread.
  • Stationary versus mobile - Your desktop computers are stationary at your office and left on to provide after hours back-ups and updates which may make them more susceptible to damage by power surges. Because of their mobility, laptops and tablets may be more susceptible to theft and accidental damage such as drops.

3. Loss Analysis


This first part of this step is pretty simple. When one of the disasters defined above happens, determine what is lost both physically and digitally. The second part of the analysis is more difficult and requires defining the impact that loss has on the business.

For example a computer that has a hard drive malfunction means that you've lost the hard drive, its data, and the time and money it takes to replace the hard drive with a new one. The impact though may vary. If this was a computer that had important information the impact can be high. If this was a computer that was only used to browse the internet the impact is probably low.

4. Recovery Plan

This is where your IT service provider or in TOPHAT LTD's case, IT partner, should really help you out. A recovery plan is simply a set of steps to recovery from a disaster. These steps may involving using tools, services, or technologies which may not yet be in place. These missing pieces should be highlighted and compiled into a separate implementation plan, which once again should probably be facilitated by your IT server provider.

One thing to keep in mind when talking about recovery plans is that you always have to first assume the disaster and loss has occurred. Preventative strategies often make their way into a DRP which is fine as long as they're focused on the risk acceptance portion of the plan. Their role is to reduce the risk not aid in the recovery.
Picture
5. Risk Acceptance

The final step is accepting the risk that remains after implementing your recovery plan. There are actually three key risks to accept.
  • Incompleteness - If you don't spend sufficient time and thought on defining possible disasters and analyzing loss, there may be some critical areas that got overlooked.
  • Likelihood of a disaster occurring - Some disasters are more likely to occur than others. This likelihood, while difficult to quantify, should certainly be considered when deciding to accept risk associated with a DRP.
  • Residual loss after recovery - Even after a successful recovery, not everything may have been able to be recovered. For example if computer backups happen once a week, you still may lose up to a week's worth of work if a disaster happens right before the next backup.
As mentioned in the previous section, preventative strategies may also be part of your risk acceptance. These strategies, such as requiring desktops to have surge protectors, reduce the likelihood of a disaster happening and therefore reduce the overall risk making it easier to accept.

Final Thoughts

Disaster Recovery Planning may seem daunting but it is necessary. It's like automobile safety in that some is better than none. A car with seat belts may not be as safe as one with airbags but it's still safer than one without either one.

DRP development should go beyond technology and become part of your process and culture, such as keeping beverages in your break room and away from your computer. Additionally it needs to be updated regularly both to adjust to your changing needs and to take advantage of new technologies. Lastly with everything you have to worry about as a small business or organization, you shouldn't have to tackle this alone. We're always here to answer your questions and provide solutions tailored to meet your needs.



Author: Adam Thoms, Co-Founder, TOPHAT LTD

Comments are closed.

    Archives

    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    April 2014
    March 2014
    February 2014

    RSS Feed

    Articles Table of Contents
    All Articles
Carmel, IN 46032
© 2023 Technology Options, Limited Liability Company
Terms of Use & Privacy Policy