How to create a Disaster Recovery Plan for your business
In our last article, we looked at why your business needs a Disaster Recovery Plan or DRP. As you’ll know if you’ve read it, there are plenty of great reasons to put one in place! And being the helpful people we are, we’re now going to explain how to go about creating one if you’re happy to take the DIY approach. (If you’d prefer not to go it alone, don’t worry – read on to find out how we can help).
OK, let’s get started…
Step 1 – have a serious think about any and all of the risks facing your business
When it comes to Disaster Recovery Planning, you need to think beyond the obvious threats such as cybercrime and data theft. What would you do if freak weather conditions destroyed your premises and IT equipment? Or an unhappy staff member got busy with a petrol can and a few fire-lighters.
Yes, we appreciate that some risks are more likely to happen than others! But it pays to consider absolutely everything that comes to mind. Think like a boy scout: ‘Be Prepared.’ Starting with the worst case scenario (complete loss of your premises and/or your IT systems and data), make a list of the various threats and think about how each one would affect your ability to get back up and running.
Step 2 – create an action plan for tackling the various disasters
Having a written plan in place that sets out what to do in different scenarios really is invaluable. Taking each risk at a time, state what actions you’ll need to take to make your premises safe and to protect or restore your IT systems, as applicable.
For example, if you’ve been hit by a ransomware attack, you’ll need to get cracking straightaway to minimise the damage and recover your data. Your in-house IT department or manager will be your first port of call if you have one, or you could call in a Managed IT Support provider like RoundWorks IT to help.
Your action plan should clearly state who’s responsible for carrying out the various tasks in each disaster situation. Make sure you nominate more than one person for each scenario, in case the primary staff member is on holiday or otherwise absent. If you share your premises with other businesses, it’s also a good idea to put someone in charge of liaising with them if necessary, for example, if your office is flooded.
An important part of your Disaster Recovery Plan is to have a back-up work environment in place in case you can’t access your premises for any reason. This could be as simple as everyone working from home and accessing your systems in the Cloud. Or, you could make an arrangement with another business to hot-desk with them. As long as you can access your phone lines and essential business data, you can keep on trading. But remember that these arrangements can only be temporary. So make sure your DRP includes a realistic time scale for you to get back to normal.
Finally, include details in your plan about how you’ll communicate with your customers and suppliers if a disaster takes place. You’ll need to tell them about any temporary changes in contact details – phone numbers, email addresses and postal addresses. You’ll also need to come up with a strategy for dealing with work or projects that need to be delayed or cancelled altogether. This should include claiming on any relevant business insurance policies you hold, such as Business Continuity. In short, leave no stone unturned!
Step 3 – put your DRP to the test
There’s no point spending ages writing the perfect Disaster Recovery Plan if you don’t test it out. What’s more, doing so is actually a requirement under the new Data Protection law, GDPR. So try it out! It’s the only way to find out whether your plan is workable and the timescales for getting back to normal are realistic.
This is really important as if disaster does strike, you and your staff will know what to do and will have the confidence that your plan will work. Your clients and suppliers will have confidence in you, too.
Step 4 – tackle any problems you’ve spotted whilst creating your plan
Whilst developing your DRP, you may well have identified a few areas where your computer systems or IT security could do with an overhaul. For example, you might have realised that your backup processes aren’t as failsafe as they should be, or some staff members aren’t following best practice for email and internet use. Now’s the time to address these issues so you can reduce the risk of any incidents and mitigate the effects if the worst does happen.
Step 5 – don’t rest on your laurels!
Just like your business, your DRP will need to change and evolve over time. You might invest in new technology, change how you operate, open more offices, or take on new staff. So revisit your DRP regularly to make sure it’s still good to go. And test it out every now and again, especially if you identify any new threats or risks to your business.
Sound like a lot of hard work? Let RoundWorks IT take the strain!
We’ve created more DRPs than we’ve had hot dinners, so why not let us help? Our expert and friendly team will assess your unique requirements and put a Disaster Recovery Plan in place to meet them. With access to the latest backup and data storage solutions, we can keep your business-critical data safe and sound, too.