IT Disaster Recovery Plans: What Will Happen with Your Data in the Zombie Apocalypse?

The loss of a significant quantity or quality of data crucial to your business could be disastrous without a data recovery plan in place. With a data recovery plan, your corrupted or otherwise compromised information is restored from a backup system. But what if the systems that used that data were damaged? What if your server room or all your computers were suddenly swept away in a disaster? The data recovery is useless without the hardware or personnel in place for its restoration. For critical conditions, your business needs not only a data recovery plan but a well-prepared, effective and routinely-tested disaster recovery plan.

What Is an IT Disaster Recovery Plan?

A disaster recovery plan documents a company’s processes to quickly resume normal performance of critical business functions after a disaster. The best, most expansive and inclusive plans also strive to prevent, prepare for, respond to and manage an emergency situation in addition to recovering from the catastrophe. At its most basic, an information technology (IT) disaster recovery plan details strategies to restore applications, data and hardware to fulfill the business’s recovery needs.

Why Every Business Needs a Disaster Recovery Plan

Businesses large and small work with large amounts of information across various components of IT infrastructure, from e-mail to electronic data interchanges to websites and more. For some industries, uninterrupted access to certain data is literally a matter of life or death, as well as figuratively. Loss of key data causes a business to lose time and money and sometimes its future. According to a study by the Gartner Group, 43 percent of businesses that suffer a “major loss” of computer records do not reopen, and within two years of the incident another 51 percent shut their doors permanently.

Why All Plans Should Be Regularly Tested

The National Institute of Standards and Technology (NIST) recommends implementation of a test, training and exercise (TT&E) program to maintain disaster recovery plans in a state of readiness. Personnel must be trained to perform their duties within the discovery plan. The plans should be exercised and validated, and systems and their components should be tested for operability.

The NIST requires the U.S. federal agencies conduct at least annual exercises or tests of their ability to respond to disaster. In Australia, over 75 percent of organizations with at least 200 employees have compliance obligations to government, industry-specific agencies or other regulations that mandate disaster recovery plans. According to recent disaster recovery research of these organizations by ZDNet and Macquarie Telecom, 90 percent reportedly have a disaster recovery plan in place, but only about a third of those companies had tested their plans within the prior year.

In addition to fulfilling of obligatory compliance, plans are also tested to check for faulty equipment, outdated software, reasonableness for providing rapid response and successful recovery, and areas of possible improvement.

Getting Started on Developing Your Plan

• Assemble a team responsible for overseeing the process of creating your business’s disaster recovery plan, which ideally will be just one component of a more comprehensive business continuity plan. This team should include members of the board of directors, executive management, IT staff and consultants from firms who specialize in data recovery plan creation, as well as compliance officers and quality assurance staff, if applicable.
• Familiarize yourself and your team with your data. Identify critical software applications and data and the hardware required to run them.
• Compile an inventory of hardware (for example, servers, desktop machines, laptops and wireless devices), software and data.
• Gather and document details about what information is used by different business units, and what the potential impact of downtime is. Prioritize which business functions should be made operational first after an emergency situation, and rank the order of restoration for hardware and software.
• Designate chains of responsibility with staff. Train personnel on their roles in the plan.
• Institute reliable backup methods for critical data. Print out a copy of important passwords, software licenses, warranties and more, and store off-site in a location accessible to key staff only.
• Validate the effectiveness of your plan through exercises and tests.
• Regularly review the plan for continued relevancy and possible improvements, particularly as technological advances arise.

Bottom Line

Data is valuable. Without the means to restore or the appropriately trained staff to deploy, the data is rendered useless. Go beyond a basic data recovery plan. Don’t delay in developing your business’s IT data recovery plan, or scheduling a test of your existing plan today. You may not know what tomorrow brings, but you can be as prepared as possible for whatever that may be.