IT Disaster Recovery Planning
An IT Disaster Recovery Plan (DRP) is created to ensure a business and more specifically their technology department can recover quickly and efficiently should they lose their data centre or have a major IT software or hardware failure. Prior to developing and IT DR plan it is critical that a Risk Assessment and Business Impact Analysis is carried out. These two prior phases will clearly highlight where a potential disastrous event may occur and also establish important factors such as the time frame and recovery order in which the business needs to re-establish their systems.
As with any recovery plan, the IT DRP needs to be developed on the assumption of worst case scenario such as your key IT personnel will not be available to carry out the recovery as they are not able to come to work or may have suffered physical harm during to the disaster.
The IT DRP should outline the steps that need to be followed to re-establish services, who they have to call, as well as the level of technical expertise that is needed at each stage of recover. The plan needs to provide guidance not only to IT Management but also to other senior management and staff who may be involved in the recovery. Thus a plan needs to be written so that non-technical people can understand it and know the processes to follow. Detailed technical procedures are usually documented outside of the IT DR Plan and kept up to date by Technical personnel to ensure they are always relevant.
An IT DRP could be broken down in to the following example sections;
- Table of Contents
- Crisis Management Team Details and Action Lists
- Network Plan
- Hardware and Data Centre Infrastructure
- IT Services Rebuild Plan
- Appendix of Key Items such as:
- Key Contacts
- Data Backup Cycles and Ancillary Matters
- Vendor and Suppliers
- Hardware Lists
- Guidance on Salvage of Material Processes
Even though your disaster recovery solutions may be in the ‘cloud’ or replicated to a remote site, an IT DR Plan is still essential to ensure a speedy and cost effective recovery.
With the recent increases cyber security incidents, your IT DRP could also cover detection of such events, and how the IT department interfaces with the organisation’s management in dealing with the cyber breach. For many companies this guidance is also outlined in separate documentation, such as a - Cyber Breach Incident Handling Guidelines document.