Data Backup & Disaster Recovery: Part 3 – Disaster Recovery Planning
Overview
The process of creating, setting up, testing, deploying and then managing a good Disaster Recovery Plan (DRP) is daunting – no doubt about it. I’ve read lots of articles and white papers on the subject, some are based at a higher level and some are broken down into the specifics to get everything moving. This final part is not all-inclusive, it is intended to provide a clear insight and set a framework in place that you can work with and integrate, hopefully providing you with success and a head start.
Goals
DRP can be defined in several ways, but I like to look at it as simply the following:
“A plan to return any critical and core systems/services, within an agreed timeframe, to a state in which a business can function and perform to an acceptable level, minimising the loss of data.”
Again this is a broad definition, there are factors within the statement above that will need further exploration e.g.
1. What are the critical or core systems/services? What may be critical for one dept, may be non-critical for another!
2. What is an acceptable timeframe? Some businesses would look at 1 day, 1 week, maybe even 10 minutes!
3. What is an acceptable state for the business to be in? Do senior management view this from a customer service POV or a profitability POV?
4. What is an acceptable level of data loss? How much data can you afford to lose while systems are down?
In any case, this is where you need to define ALL the goals of your DRP, answering any and all these questions within the business. It is critical for the DRP that senior management fully support and engage in a project like this, without their support and potential drive, a half-hearted DRP may be set up and when its needed, it may fall flat down in several areas.
In many ways a DRP is never finished and completed, the plan must be tested and updated at least once per year, preferably more frequently due to the nature of technology and business. Plans that don’t keep pace with technological changes will be a disaster in itself.
The main goals should be to assess any current and anticipated vulnerabilities, define the requirements of the business and IT communities, design and implement risk mitigation procedures, and provide the business with a clear plan that will enable them to react quickly and efficiently when a disaster strikes.
Setup
The project team is very important in the setup, I mentioned earlier about the role senior management will play and this is critical. To have the commitment and support from the very top means there is more chance of success.
The project team must also incorporate an adequate balance between IT and business staff to ensure the resulting plan covers both the IT and business requirements.
A process also needs to be developed to ensure the DRP is kept up to date regularly, and worded in a way that is understood by people under stress! Keeping it organised and co-ordinated takes a lot of man hours and so firm commitment from everyone is needed.
Project Steps
Outlined below are the key steps and the main bullet point objectives for each stage. All DRP’s are different and as such, each plan should be tailored to the structure and business.
Step 1 – Project Initiation
- Establish the Project Sponsor and Project Board/Committee. The Sponsor should be senior management, the committee should be from key business departments.
- Define the objectives, and gain an understanding of the IT/ business environment
- Define the scope of the project, develop the project schedule and identify any risks to the project
Step 2 – Assess the Disaster Risks
- Include, and not limit to the following:
- Geographical location
- Building composition
- Computing environment
- Security (both physical and virtual)
- Operations
You need to review anything and everything you can think of and set up a document for each one.
Step 3 – Business Impact Analysis
- Analysis of all key business units
- Identify the systems that are truley critical to the continuation of the business
- Identify the timescales that these units can survive without the critical systems in place
This analysis is essential in making the necessary decisions about how to manage and implement the DRP.
Step 4 – Requirements Definition
This will be one of the most time consuming steps of the DRP. All requirements for and relating to the DRP must be defined and detailed to ensure everything is covered. Ensure that the following areas are looked at:
- Recovery requirements of IT and the business
- Requirements generated by the Business Impact Analysis
- Requirements generated by the assessment of disaster risk and mitigation of disaster risk
Step 5 – Project Planning
It is important here to distinguish between the Project Plan and the DRP. The Project Plan is the plan to create the DRP process and put it in place and hence is specific for this “project”. A good Project Manager will ensure that a solid and structured plan is set up to ensure all stages are managed and delivered accordingly.
Step 6 – Project Execution
As with any other project, the work starts and follows the path of the project plan. The goal of this step is to ensure that all risks and issues are identified and executed, and hence the DRP will slowly come to life, tested and delivered.
Step 7 – Project Integration
The DRP now needs to be integrated into the rest of the business following these areas:
- Business-wide meetings to discuss the concept of the DRP and ensure everyone that processes are in place
- Core project team meetings to finalise integration
- Small staging environment test to have a “dry run” based on one or two systems
- Collation of documentation to a server space for key personnel to have access to
- Signoff and approval from the Project Board/Committee
Step 8 – Maintenance
The final part of the plan is the ongoing maintenance of the DRP, ensuring testing is scheduled and management of the DRP is factored in and kept up to date.
Please let me know if you’ve encountered any other key steps in Disaster Recovery Planning and I’ll include them into this template!
Thanks,
Tony
