In part one of this guide, we discussed small business disaster recovery (DR) planning, and tools of the trade....
In part two, we discussed five common pitfalls in disaster recovery procedures. Now that we have the lay of the land, let's look more specifically at how to approach a DR planning effort. What steps are required to make a successful DR plan? Learn what is involved in disaster recovery preparation for smaller businesses in this article.
Whether you're well along in your disaster recovery journey or just getting started, here is roadmap to get you moving in the direction of disaster recovery readiness:
- Decide who on your IT team will lead the charge. Ideally, the head of your DR planning and processes should be a mid- to senior-level practitioner with familiarity across multiple disciplines, such as data storage, server virtualization, etc. If you don't have the internal bandwidth and expertise, then you may want to hire an IT consultant who has experience in DR planning and execution, to bring the designated staff member(s) up to speed. If you already outsource a significant part of your IT function, then you will want to consider outsourcing your disaster recovery planning and deployment as well.
- Decide what data, applications, systems and other resources need to be protected and immediately recoverable in the case of a disaster. As you go through this assessment, you may determine that some data is not critical enough to warrant protecting under a DR umbrella.
- Conduct a risk assessment, including a simple classification of threats (such as a fire or earthquake) and vulnerabilities (such as an unpatched operating system or unprotected network). Rank the probability and impact of each potential threat, based on a scale such as "low/medium/high." Determine what type of response will be required to recover from each threat.
- Establish recovery time objectives (RTOs) and recovery point objectives (RPOs) , based on the outcomes of your assessment above and your overall service-level requirements. Be prepared to modify your RTOs and RPOs based on what your organization is able and willing to spend. Disaster recovery strategies always involve a set of tradeoffs between the value and recoverability of critical data and applications, and the resources required to plan, set up, test and execute your DR processes.
- Set priorities and a disaster recovery budget -- focus on your most critical resources first. Plan to spend an amount appropriate to the value of the systems, data, applications and processes you're protecting, but consider also the costs of downtime and lost data should you find yourself less than fully prepared.
- After developing your initial plan, you'll then need to qualify, procure and/or license the necessary technology and product components and begin to set up your DR processes. Choose disaster recovery best practices that fit well with your IT competencies and level of infrastructure. Pace yourself -- it pays in the initial stages to set aggressive but realistic milestones you can achieve each quarter. You'll also need to keep the importance of DR at the top of your mind throughout your organization, so plan to educate and evangelize on an ongoing basis.
- Accelerate your learning and broaden your perspectives on DR by engaging with other IT professionals, such as peers in other organizations. Attend disaster recovery conferences, read disaster recovery tutorials and participate in disaster recovery-related forums (both online and offline). Share ideas, best practices and lessons learned.
- Commit for the long haul. DR must be an ongoing, visible, living and breathing process: you'll need to continue to invest in and manage your disaster recovery efforts, and there will always be room for further improvement.
About this author: Jeff Byrne is a senior analyst and consultant at the Taneja Group, an analyst firm focused on storage and storage-centric server technologies with a concentration in the developing area of virtualization. He can be reached at firstname.lastname@example.org.