Is a Disaster Recovery Plan Really Necessary?

Hurricane Katrina and other disasters have made some of us wonder if our IT infrastructure is protected. What can be done to ensure that if there were a natural or man-made disaster, your company would keep running with no issues? The answer is an IT Disaster Recovery Plan.

This vital tool is lacking in many organizations around the country, and it could probably be the reason many will lose tons of revenue and vital information that would have remain intact if they would have taken the time to write one. The following steps will assist you in planning your own IT Disaster Recovery Plan.

Step One: What Risk Should I Analyze?

Conduct a thorough investigation of all the risks that could bring your IT systems come to a halt. What could cause a system outage? If you lived in California, then think about earthquakes. In Florida, think hurricanes. You get the idea.  After you have a list of possible threats, then create a Risk Log. This risk log will contain the following information:

• Risk
• Probability
• Impact
• Risk level (i.e. high, medium, low)

Hint: You can also tailor it to fit your needs by adding more categories.

Some of the risks to look out for that could happen to any company are as follows:

1. Targeted threats – Instead of randomly finding victims like worms, these are tailored to a company or individual.
2. Malicious bots – A program that is forwarded to individuals and waits for command by the hacker to infects the systems.
3. Computer passwords – A serious violation that can leave information vulnerable.
4. hysical assets- How secure is your technology, such as laptops and PDAs?
5. Date backups – Backups are very important because if systems go down, these are the ways to get back on track.

Step Two: How Much Would it Cost?

Think about the amount of money you need to spend in order to protect your business from the risks you listed in Step One. According to DevX.com, disaster recovery budgets are between two and eight percent of an organization’s total IT budget.

Step Three: How Long Will it Take?

Figure out a time table as to when you want to be up and running after a disaster. For some companies, they prefer 48 hours, while others prefer 72 hours afterward. Test, retest your plan to ensure that your estimated time is correct.

Step Four: Who Will Write the Plan?

Management should usually write the IT disaster recovery plan. However, many companies are starting to hire consultants to assist them with this task. An outsider will really view a company’s approach objectively and will provide better insight than someone that is closely connected to the company.

Step Five: Who Will Manage the Plan?

You want to find a team that will ensure that everything is handled according to plan. In the plan, you want to list their roles and responsibilities, so there is no confusion.

Step Six: What Are the Usual Sections of a Written IT Disaster Recovery Plan?

The usual sections are as follows:

• Introduction
• Plan Goals
• Roles & Responsibilities
• Inventory
• Backup Procedures
• Disaster Recovery Procedures
• Recovery Mobile Site (optional but useful)
• System Restoring
• Rebuilding
• Testing Plan
• Appendices (optional)

Conclusion:

Writing is sometimes a task.  Believe me, I should now.  It’s harder when you add technical jargon to it.  However, it is a useful annoyance that could save your company tons of money and work if you take the time to develop an IT Disaster Recovery Plan. Ensure that you test and retest your plan, so there are no surprises if a disaster were to hit.  Let’s hope it doesn’t.

Reexamine your plan every year because as we all know, technology changes with every moment that passes, as well as external risks. Protect your company before it is too late; develop your IT Disaster Recovery Plan now.

Written by: Shevonne on January 12, 2009.
Last revised by: Shevonne on December 29, 2009.