The IT disaster recovery plan

In technical jargon, general emergency man­age­ment is char­ac­ter­ized as business con­ti­nu­ity man­age­ment; processes essential to a business’ op­er­a­tions need to be kept running, even during abnormal sit­u­a­tions. These processes can be broken down into three different groups:

• Emergency planning: emergency planning includes all pre­ven­ta­tive measures that aim to prevent a crisis situation from occurring e.g. by in­creas­ing re­li­a­bil­i­ty or designing a more robust system.

• Emergency response: this is all about op­ti­miz­ing the quickest reaction possible for a crisis situation. It involves re­ac­ti­vat­ing all system processes that are essential for daily business op­er­a­tions. Con­tin­gency planning and crisis man­age­ment tools con­sti­tute further aspects of this group.

• Tests and drills: good emergency planning should also include regular practice tests and drills. The goal of this is to con­tin­u­al­ly improve the emergency man­age­ment process and identify potential points of weakness.

The business world has long since been in a state of in­creas­ing dig­i­tal­iza­tion. Many fun­da­men­tal aspects of the economy, as well as a large number of different business models, have been out­sourced and/or exported to internet-based en­ter­pris­es: from ap­pli­ca­tion man­age­ment services (e-re­cruit­ment) to logistic centers (e-logistic), the list of in­dus­tries operating in one online form or another is as long as it is diverse. This is why it’s so important for busi­ness­es to be able to rely on their IT in­fra­struc­ture. Failure of just one IT component demon­strates the sig­nif­i­cance of having a sound set-up, as this can bring an entire system down and lead to con­sid­er­able financial losses. Preparing for such worst-case scenarios with a thorough IT disaster recovery plan can help reduce the severity of such instances.

Doc­u­ment­ing all IT resources makes up the basis of each step of an IT disaster recovery plan. That’s why it’s important that all doc­u­men­ta­tion is carried out as neatly and thor­ough­ly as possible and is always kept up to date. Technical and contact data, user lists, and a clear al­lo­ca­tion of re­spon­si­bil­i­ty for important tasks all play an essential role in IT disaster man­age­ment.

An IT disaster recovery plan contains, for example, in­for­ma­tion on: 

• Hardware and pe­riph­er­al devices, like printers
• Software ap­pli­ca­tions
• IP addresses
• VPN and server access
• E-mail/data exchange

In order to reach the right contact in an emergency, you should include all important contact in­for­ma­tion in the doc­u­men­ta­tion. This in­for­ma­tion includes:

• User lists
• Contact person and person re­spon­si­ble for each in­di­vid­ual de­part­ment
• Contact person for external providers
• Contract in­for­ma­tion for the internet or hosting service provider

IT disaster recovery plans are the product of seam­less­ly in­te­grat­ing disaster recovery personnel into the overall day-to-day business op­er­a­tions of the company. At its essence, an IT recovery plan is part of a company’s general security scheme and typically follow its existing guide­lines. Here’s an IT recovery plan checklist of some items that should def­i­nite­ly be included:

• De­f­i­n­i­tion (‘What’s a disaster?’)
• Personnel lists with contact data (see above)
• Alarms and com­mu­ni­ca­tion systems
• Emergency flow chart
• Ter­mi­na­tion measures and doc­u­ment­ing the emergency
• Emergency supplies
• System recovery 

In addition to documents mentioned above, recovery strate­gies for in­di­vid­ual com­po­nents are among the most essential parts of a solid disaster recovery plan. And it’s this part of the plan that often requires the most effort.

IT security managers are known to encounter many different sit­u­a­tions. Optimal prepa­ra­tion for such scenarios should include an IT disaster recovery plan with relevant solutions and, above all, a suitable recovery plan. A precise risk analysis helps reveal vul­ner­a­ble areas and identify portions of the IT network that, while po­ten­tial­ly threat­en­ing when left unguarded, are essential to day-to-day business op­er­a­tions. 

Make sure to execute the following steps before you put your recovery plan together:

• Analysis of all IT processes and pro­ce­dures
• Hardware analysis
• Audit of all software ap­pli­ca­tions
• Survey of all relevant transfer and system data

Once these steps have been carried out, you can now begin to create a step-by-step guide for various potential emergency sit­u­a­tions and record them into your IT disaster recovery plan. Creating such a recovery plan can prove to be a demanding exercise of patience and diligence, as it requires that each step is in alignment with all company de­part­ments. IT disaster recovery plan templates, while helpful, should not be viewed as a silver bullet for those with time con­straints. This is because carrying out regular updates and properly training fellow coworkers con­sti­tutes another major task in setting up adequate security pre­cau­tions. For this reason, it may be a good idea to think about hiring an external con­trac­tor.

Creating an IT disaster recovery plan is a necessary and important task for any company. In some cases, a carefully conceived plan could be the dif­fer­ence between an ir­ri­tat­ing period of downtime and thousands of losses, as the following tool from Stor­agepipe il­lus­trates. This tool lets users create different potential disaster scenarios based on varying company pa­ra­me­ters, like annual revenue, number of affected employees, their hourly wages, etc. It doesn’t take long to gain a feel for what type of financial damage these sit­u­a­tions are able to inflict. Taking time out for regular drills can help reveal potential points of weakness in your IT system, pathing the way for prompt repair before they can cause any real harm.