DR can give a business a competitive advantage
The sight of the words ‘disaster recovery’ are generally greeted with a quick mouse click (or turn of the page). Particularly in these challenging times, businesses reckon that there is more critical work to be getting on with. After all, what benefit is disaster recovery going to bring to your business’s bottom line ?
However, more than ever, disaster recovery (DR) is critical for any type of business, for the simple reason that it brings peace of mind, that whatever problem occurs, your business can continue to meet your customer’s needs and the disruption to day to day business is minimised.
Scope the work and then assess
When starting a Disaster Recovery planning process, as with any project, it is important to agree a scope from a business perspective – even if that is only to formally state that all the function or service lines in a business are to be included.
In order to ensure that all potential ‘disasters’ are reviewed and planned for, a risk assessment and a business impact analysis should be completed. Essentially, the risk assessment is asking what possible risks could happen and the business impact analysis is asking what impact, could each risk occurrence have on the day to day running of the business. These two assessments may take a number of iterations before a final set of risks and impacts are identified and prioritised.
RPO and RTO are important
RPO and RTO are important to help you decide the relative merits of different DR service providers and to help them propose an appropriate solution. Working with each of your business colleagues, decide on the appropriate recovery point (RPO) and recovery time objectives (RTO) for each of the businesses IT services that are to be covered by the DR plan such as email, access to shared folders, or the accounts/sales systems.
The criticality of each of the services to the business does have an understandable bearing on the RPO and RTO values;
- Recovery point objective (RPO) defines what data is deemed acceptable to be lost in terms of a time value. For example, a RPO for a shared folder could be 60 minutes which means that to the business owners, if a problem should occur, it acceptable for any updates to documents in the shared folder that occurred inside the last hour to be lost. For critical IT services such as email and key transaction systems, RPO values can be as low as a matter of minutes.
- Recovery time objective (RTO) defines the maximum amount of time that a business owner will allow for a service to be restored. One common RTO example relates to access to email, where a typical RTO could be a matter of minutes, in that access to email needs to be restored within minutes.
Good DR Planning is ongoing
With your risks prioritised and appropriate RPO and RTO values agreed by the business, you have taken the first steps to setting up a DR plan for your business. Please remember that DR planning is iterative and not to be locked away once the initial plan is agreed.
Did you like the post? Come on, leave a comment below!