We’re frequently getting asked questions about disaster recovery plans and the planning process as a whole. Therefore, we thought best to summarise some of the most frequent questions in one easy to read blog post.
Some of you might benefit from more detailed responses to some of the questions, so we’ll look to cover those in future blog posts. In the meantime though, if you have any more questions about disaster recovery, please don’t hesitate to get in touch, and we’ll be happy to help.
Most Frequently Asked Questions About Disaster Recovery Plans
What is a disaster recovery plan?
A disaster recovery plan is a plan that lays out how a company will resume working in the event of a disaster. It is a part of business continuity planning and is applied to all aspects of a business that are reliant upon IT and technology in order to operate.
The idea behind a disaster recovery plan is to ensure that businesses can remain operational, or return to an operational state, as quickly and efficiently as possible in the aftermath of a disaster.
What constitutes a ‘disaster’ when it comes to disaster recovery planning?
In the case of disaster recovery planning, a disaster is a negative event that is likely to have a severe impact on your business. Disasters can include natural disasters such as earthquakes and floods, events such as cyber attacks or something such as a data leak or loss of power.
It’s important to consider that disasters such as the COVID-19 pandemic can affect a lot of businesses, whilst some disasters, such as a burst pipe, can affect just your business. And don’t forget – all businesses face disasters. There isn’t a single business that this isn’t true for.
Why do I need a disaster recovery plan?
A disaster recovery plan plays a pivotal role in getting a business operational following a disaster. In addition to the direct harm caused by a disaster, it is also likely to cause panic and confusion, which can mean a company’s efforts to get back on its feet are inefficient, or worse, ineffectual.
A disaster recovery plan can help with this. By having a detailed disaster recovery plan, that is known and understood by the entire business, a company can react to a disaster quickly. By reacting quickly, a business can limit the time spent out of action, which can often be at great financial and reputational detriment.
How do I create a disaster recovery plan?
Creating a disaster recovery plan can take a lot of time, but the more you put into creating it, the better you will be able to react in the event of a disaster. Such is the detail you’re going to want to put into your disaster recovery plan, we’re going to cover this in a dedicated blog post at a later date, but some of the things you want to consider when creating your disaster recovery plan are:
– What are your critical operations and assets?
– What are the possible disasters you face, how likely are they and what impact might they have?
– How would you protect your critical operations and assets in each scenario?
– How would you expect your employees to respond in each scenario?
– How do you protect your other systems and data?
– How do you communicate this all to your employees in advance of the disaster and during it? Who leads them?
– And arguably most importantly, how do you test your disaster recovery plan to make sure it will be effective if called upon?
How do I test a disaster recovery plan?
You can test your disaster recovery plan a number of different ways. Some of the most commonly recognised ways of testing your disaster recovery plan are as follows:
Walkthrough Testing – A walkthrough test is a step-by-step review of your disaster recovery plan. You want to meticulously cover each step so that everyone is aware of what should happen in the event of a disaster, and what their role is, in the efforts to recover from it.
Tabletop Testing – Tabletop testing is a little more thorough than walkthrough testing. In this instance, you want to create a specific scenario such as an office flood. You would then involve representatives of each department within your business to walk through the existing disaster recovery plan by asking them how they would react to the scenario. This is a good method for finding holes in your disaster recovery plan and understanding areas that particular individuals or departments are struggling with.
Simulation Testing – A simulation test requires more time and effort than a walkthrough test or a tabletop test. However, they provide you with greater insight as to how prepared you are for a disaster. In this instance, you should simulate a disaster within your business to see if the procedures and resources in place, allow you to recovery in a timely, efficient fashion. Try to be as strict as possible with your simulation. For example, if you’re simulating a fire that damages a certain piece of hardware, don’t cheat and use the hardware if your plan doesn’t work. Instead, record the problem, explain why it doesn’t work, ensure you build in a functional response and test it again.
Technical Testing – There are several methods such as parallel testing and cutover testing that can be used by your business to test the technical aspects of your disaster recovery plan, without necessarily impeding the rest of the business. A parallel test involves the company running from the real system and the backup system in parallel, whilst a cutover test cuts from the real system to the backup system to test functionality.
Whilst technical tests aren’t considered a full means of test, due to the minimal involvement of all employees, they are a good way of testing individual elements of your disaster recovery plan.
How often should my disaster recovery plans be tested?
In an ideal world, you’ll want to test your disaster recovery plan as much as feasibly possible without being too much of a detriment to your business. However, in reality, there are a number of factors that you’ll want to consider before scheduling tests.
Essentially you want to weigh up the risk and the potential damage of any disaster, against the time it will take to conduct a test. We’d recommend aiming to test your plan to some degree once a quarter. You will find there are certain elements you can test more regularly and those you’ll struggle to do once every three months. However, whatever frequency works for your scenario, ensure you run a full simulation that involves the entire business at least once a year. This will help ensure everyone is prepared and not just those directly involved in the disaster recovery plan.
How much does a disaster recovery plan cost?
A disaster recovery plan can vary massively in cost from nothing up to thousands or even tens of thousands of pounds depending on the complexity of your systems, the size and context surrounding your business and the nature of what you do. For example, a disaster recovery plan for a 1,000-employee business, handling lots of sensitive data, in a known hotspot for earthquakes, will be far greater than that of a 5-person business selling tangible products, in a safer natural environment.
Nonetheless, there are lots of elements involved in planning that can and should be done in house to ensure everyone has a good understanding of your disaster recovery plan. Remember a disaster is going to be a high-pressured, stressful situation, in which leaders and employees might need to make quick and difficult decisions that could have a long-standing impact on the future of the business. You need them to know what they are doing, and so whilst it might be tempting to pay a company to create your entire disaster recovery plan, it might not be the best route if your employees don’t have much involvement in the process.
Whilst you shouldn’t limit your disaster recovery plan by cost (it might save your business one day!) you want to be wary of the downsides that come with outsourcing the entirety of your disaster recovery planning process.