The Essentials of Managed Disaster Recovery

domino-effect

Even in the face of disaster—be it from natural causes, man-made error, or malicious intent—companies must be able to continue to operate.

Some businesses perform mission-critical tasks that simply cannot be allowed to stop even for a few minutes. Other companies can tolerate a short break in their services, but they still have a responsibility to their investors, customers, and employees not to allow a sustained break in their operations.

Broadly speaking, “Disaster Recovery” consists of three main points:

  • Prevention: preventing those disasters that can be prevented.
  • Anticipation: preparing effective responses to unavoidable disasters.
  • Mitigation: ensuring a disaster and its aftermath have the least negative impact.

When considering IT disaster recovery strategies, remember there is more to protect than just your server room. For example:

  • Hardware.
    • Not just your desktop computers, but laptops, handheld devices, server racks, and other network equipment.
  • Connectivity.
    • What are your primary and secondary connections internally and to your service provider? Fiber? Cable? Wireless? Ethernet?
  • Software applications.
    • ERP management, office productivity, databases, email, proprietary in-house applications.
  • Data and restoration.
    • How often is your data backed up? On what media?
    • How soon after a disaster has been declared will you be able to access it?
    • What is the time frame where some data might be unavoidably lost?
  • And, yes, your server room:
    • Is it contained in a secure, climate-controlled room with backup UPS?

The basic goals for your Disaster Recovery Plan should be:

  • Minimal disruption of core business operations
  • Quickly restored operations to pre-disaster levels
  • Maintained security levels before, during, and after a disaster
  • Maintained, up-to-date backup systems

IT Disaster Recovery Plan (DRP)

The middle of a disaster is the worst time to assemble a list of all of the things that must be recovered, replaced, or repaired to get you back up and running.

Your Managed Services Provider (MSP) should work with you to prepare a comprehensive plan that details all of the steps to take before, during, and after any particular catastrophe strikes.

Here are some recommended steps to take when assembling a DRP:

  1. Create a Disaster Recovery Team from key members of every department including the executive ranks.
    Working in conjunction with your MSP, the team members will develop and implement the DRP.
  2. Determine which types of disasters—natural and man-made—are most and least likely to occur and what the best and worst possible outcomes are for each. This will allow you to focus your resources on events with the most potential for lasting negative impact.
  3. Determine which key components from each department are critical to the continued operation of the company. This includes hardware, data, services, documentation, processes, operations, vital resources, and policies/procedures.Rankings should be assigned such as Essential, Important, and Non-essential.
  1. Assemble comprehensive data about the company including forms, policies, and equipment inventories; important telephone numbers and passwords, contact details for all employees, and customer information; all off-site locations for inventory, data backups, etc.
  2. The actual Disaster Recovery Plan should detail the step-by-step directions for what should be done when a particular disaster occurs including the Recovery Time Objective (RTO), the Recovery Point Objective (RPO), and the main and alternative means of communication during the disaster. It should also clearly explain how to maintain and update the DRP, and the schedule of review by the DR team.

And having a plan that is untested is almost as bad as having no plan at all. Therefore, the DRP should be fully activated at least once a year so any shortcomings or oversights can be identified and resolved.

Recommended administrative features of a Disaster Recovery Plan include:

  • The customer is the one who defines what constitutes a disaster, not the MSP or a third-party organization.
  • There should be no cost for declaring a disaster.
  • The cost of maintaining the DRP should be consistent from month to month.
  • The MSP’s recovery facilities are located in a diverse FEMA Region.

The Right Plan for Your Business

Your MSP should offer a variety of Disaster Recovery Plans. Plans should fit the needs of the company, not the other way around.

Different coverage levels generally fall into three main categories.

  1. Businesses that need real-time recovery and cannot afford to lose any data or have any downtime.Your business would utilize a fully-managed service and be monitored 24/7/365 using the latest technologies to recover data and restore operations at the application level.
  2. Businesses that don’t have mission-critical operations and have more leeway in downtime.Your data would be backed-up as transactions occur, and daily checks of your operations would be conducted.

    In the event of a disaster, your MSP would manage the recovery process.

  3. Businesses that can allow for interruptions and have fewer recovery timeline restrictions.Your data would be backed up on a regular basis in the cloud.

    Should a disaster occur, the MSP would restore your data so you can focus on keeping your business running.

The Wrap-Up

Disaster recovery solutions are necessary to help businesses restore operations in the event of a worst-case scenario.

When businesses know they’re covered in the event of a disaster, they can keep their focus on tactical and strategic business initiative to increase productivity and continue to grow the company.

Contact us to learn more about how Denovo can help your business survive when disaster strikes.