What Is A Business Continuity/Disaster Recovery Plan?
As technology continues to play a critical role in business, it is important to have the right plans in place to protect data, limit downtime, and preserve your great reputation. Business Continuity (BC) and Disaster Recovery (DR) planning is a practice that prepares businesses to minimize the effects of significant service-impacting events.
BC focuses on the business operations side. It is the proactive side that involves designing and creating policies and procedures to ensure that essential business functions and processes are available during and after a disaster. DR focuses on the IT side. This is the reactive part that will define how your organization’s IT department will recover from a natural or manmade disaster and what steps must be taken to resume operations following an incident.
What is an Annual Disaster Recovery Test?
One thing that we recommend, and we think all businesses should consider, is to have a disaster recovery plan. In addition to having the plan, everyone should consider and invest in a DR test at least once a year. If your organization is covered under HIPAA, then you are required to have a DR plan in place and test it once a year.
It is very important to have an annual DR test performed to verify that the backups being completed every day have the capability to be turned back on and work well in a disaster scenario. Most of the time when we monitor your backups, we get verification of a success or a failure. If you have a failure, we log in and work to resolve the failure. DR tests will turn up issues that exist that we wouldn’t see while monitoring your backups. There would be no way to absolutely know that these issues existed without going through the DR exercise.
What to Expect and Why a Disaster Recovery Test is Important
In order to simulate a disaster and see how recoverable your information is, we will need to shut down your working environment and act as if there was an incident. A DR test allows your IT team to proactively identify areas in your system or network that are not working the way they should. This really is the best way to know if your system will function properly when you need it to.
Many organizations just rely on backup. Unfortunately, when they need to recover data, they find out too late that something was not working the way it needed it to be. Even though your backups will report success, there may be hidden issues that only an annual DR test will show. It identifies the areas that need to be resolved or it will confirm that everything you have in place is functional and, if a disaster struck, you will be able to recover your important information.
A DR test will tell you if the Recovery Point Objectives (RPO) are met if the Recovery Time Objectives (RTO) are met and if the backups are working. RPO is the maximum amount of data that can be lost after a recovery from a disaster that is acceptable by your organization and is measured by time. RTO is the duration of time in which a business process must be restored after a disaster.
Every business has a Recovery Point Objective, a certain amount of time that they can allow for a lapse in the backup. Here’s an example of how RPO and RTO are measured. Let’s say you have an 11 P.M. backup scheduled every night. One day you come into work at 3 P.M. and discover there was a failure, and you need to restore your data. Your information was only backed up at 11 P.M. the previous night. Do you have the capacity and capability to go back and reenter everything that your staff did from the time that they came into work at 8 A.M.? If the answer is no, then your RPO is not long enough. Maybe you can only recover an hour or two of work, then the number of backups that take place, the frequency in which they take place, will have to increase.
Once the test has been completed, ensure that the backups work. When you turn up the servers, have your staff verify that all their applications are working as expected. Generally, it will take about 2 hours for the servers to turn back on successfully after being restarted. Did all the servers meet the RPOs and RTOs? In addition, did every user confirm that the data was there and available to them?
Once that’s confirmed, and all the results are gathered, we will then provide you with a report card. Most organizations you work with will require you to provide them with some type of DR backup plan. A report card provides evidence that you do have a plan in place. It would also be good to present your report card to your clients. This will give them peace of mind in knowing that if something goes wrong, you have the means to recover.
If the DR test was a success, we will shut down the disaster recovery environment and turn on the real environment so that everything goes back to normal functions. At that time, we will need the users to verify everything is available to them one more time and we will conclude the disaster recovery exercise. In the event that the test was not a success, if we ran into any issues, we will work to address those issues and the DR test will need to be rescheduled.
Natural and manmade disasters happen more often than you think. It was estimated that 6,800 natural disasters take place every year around the world. The most recent and most devastating natural disaster to hit our area was Superstorm Sandy in 2012. Hurricane season is upon us. Make sure you have a good BC/DR plan in place and schedule your annual DR test as soon as possible.
Our goal at Mathe has always been to provide superior Business Technology Solutions and Services that work as hard as you do. Let us do the hard IT work for you. Make sure your data is safe and recoverable, and your systems are functioning properly. Reach out to us today to schedule your DR test. Call (973) 397-5193.
With over 35 years in the business of supporting and implementing technology for the SME market, and 6 years previously in Corporate IT and Voice. I have seen a great deal of change. The only common thread is I have always focused on the Business Wise application of Technology. We always try to look 5 years ahead of the current technology to make sure our clients are on the right track to meet current and future needs.