8 Steps to Building a Disaster Recovery Plan

IT disasters are unpredictable – no business plans for their server to break or their data to be encrypted by ransomware.

Disaster Recovery shouldn’t be. In fact, recovery should be planned, predictable and controlled.

Since we launched our new Disaster Recovery as a Service solution, we have been stating that businesses should have a Disaster Recovery plan in place. But what does that look like?

The following steps will help develop the right strategy to build a DR plan that is closely aligned with your business.

Step 1: Conduct an asset inventory

List all the assets under IT management, including all servers, storage devices, applications, data, network switches, access points and network appliances. Upon completion, map where each is physically located, which network it is on and identify the dependencies.


Step 2: Perform a risk assessment

Go through the inventory list and list the internal and external threats to each of those assets. It’s important to be thorough and plan for the worst possible scenario. These threats could include natural disasters or mundane IT failures. Next include the probability of the threat occurring – a power outage or IT hardware failure is a lot more likely to happen than a natural disaster.


Step 3: Define criticality of applications and data

Classify the data and applications according to their criticality. Look for commonalities and group them according to the criticality to your business continuity, frequency of change, and retention policy. This grouping will allow an implementation of a less complex recovery strategy.


Step 4: Define recovery objectives Different classes will have different recovery objectives. For instance, a critical e-commerce database may be critical to recover and have very aggressive recovery objectives because the business simply can’t afford to lose any transactions or be down for long. On the other hand, a legacy internal system may have less stringent recovery objectives and be less important to recover since the data doesn’t change very often and it’s less critical to get back online.

Management in all departments need to be consulted.

Below is a simple list of questions that should be asked to management to assist in defining the objectives:

- What applications and data does each department use?
What is the tolerance for downtime for each?
What is the tolerance for data loss for each?
Are there times when these applications are not being used by employees, partners or customers?
Are there any requirements (internal or external [i.e industry or regulatory]) for the organization to retain the data for a designated period of time?
Are there any requirements (internal or external [i.e industry or regulatory]) that prevent the business from moving the data from one geographical region to another?
Are there any requirements (internal or external [i.e industry or regulatory]) with regard to security and encryption?

From the above questions, the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) is calculated.

The RTO refers to the acceptable time data and production systems can be unavailable. The RPO refers to the acceptable amount of data that the business can afford to lose.


Step 5: Determine the right tools and techniques

Have a look at our Backup vs. Business Continuity blog which we recently published. It explains the advantages that our new DRaaS solution has over traditional backups.

The decision of which solution to invest in should be calculated from the objectives set out in the previous step.


Step 6: Document and communicate your plan

Communication is key. All too often, only one person in the organization really knows the whole picture, leaving the organization vulnerable if that one person is unavailable during a disaster


Step 7: Test and practice your DR plan

With our DRaaS solution, PFH will include one annualised DR test to ensure that the solution is comprehensively tested. This can be carried out at a time suited to each customer.


Step 8: Evaluate and update your plan

A DR plan should be a living document. It’s especially important to regularly review the plan given an ever-changing business environment.

Tolerance for downtime and data loss may decline. Key personnel may leave the business. IT might migrate to new hardware or operating systems.

Planning needs to reflect the current state of the organization.


If you do not have a DR plan in place, why not make contact with us directly here, where we can assist with this process. You can also download our template to assist you with the process here.


Backup vs. Business Continuity: Plan better for your business

Backup vs. Business Continuity: Plan better for your business

Wednesday 06 March 2019

Every company today will treat their data like a precious stone. It needs to be locked away in a safe place unavailable to prying eyes. If you lose your data or some authorised personnel access your data, you are in serious trouble.
Read More
Disaster Recovery: Knowledge is Key

Disaster Recovery: Knowledge is Key

Thursday 14 February 2019

Disasters by definition are sudden and unexpected and cause great damage and even harm. Having a Disaster Recovery Plan is paramount when trying to “expect the unexpected”.
Read More