Every organisation will experience outages at some stage, whether it be from a loss of internet connection, a cyber attack, hardware failure, software crashes or even fire or flood damage. Due to this, it’s important to know how to respond. However only 21% of small & medium-sized enterprises have a full disaster recovery plan in place.1
Like the old saying goes, “by failing to prepare, you are preparing to fail,” and this is very true when it comes to business continuity.
How would your organisation cope in the event of a major outage and how would your customers react? Chances are they wouldn’t be best pleased if they are unable to get in touch, make payments, track orders etc.
To ensure business continuity you need an effective and well tested disaster recovery plan. If you don’t currently have one it can be daunting thinking about where to start. To help kick things off we’ve pulled together the following five areas that we recommend are included in your disaster recovery plan in order to ensure seamless business continuity.
The first step in creating a disaster recovery plan is to work out what is your organisation’s tolerance for downtime and data loss. This will help you plan out how fast you need to get things back up and running and what data backup method you need in place. This will vary from company to company, for example a school can afford a few hours of downtime as lessons, on the whole, can carry on as normal, but for an ecommerce business they will need to be back up and running in minutes.
These will become your acceptable Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO). If you find that your organisation is unable to handle more than a few seconds of downtime (like in the financial industry where downtime can result in financial penalties2) then you may need to look at implementing cloud-based continuous sync and replication backup solutions like Zerto.3
Next you should carry out an inventory of all of the applications and hardware you use and prioritise them into the following categories:
By going through everything your organisation uses in this way it ensures that a) nothing gets missed, which can happen in the midst of an outage when things tend to get a bit chaotic and b) you and your staff know which systems need to be recovered first so all resources are prioritised and assigned to the business critical systems.
The next step in your plan should be to assign responsibilities of who needs to do what in the event of a disaster. These should be split into the following categories:
When negotiating contracts with external suppliers it’s always good to get agreed SLAs included so you know what to expect in terms of a response in the event of an outage.
By having clarity on who is responsible for which systems it helps generate faster resolutions as everyone has a clear plan of who is handling what and what exactly is expected of them.
For both internal and external audiences it’s important to have a communications plan in place. As mentioned above, in real disaster situations chaos can reign so it’s important that you control this with clear instructions of what staff should do and also what staff should communicate to customers.
This plan should include everything from social media posts advising customers that you are experiencing downtime (and how long you expect to be offline) up to advising staff to stay away from the office, work from home or go to a backup site in an extreme situation like your office has flooded.
Often these communications will be sent out from personal non-work devices so for this to be effective you need to have an up-to-date list of staff contact details (possibly including personal mobile numbers), social media logins etc so you can access them during the outage.
Finally your plan should include details of how you are going to test your disaster recovery plan and how often. Don’t just write your plan and pop it in a drawer to gather dust until a disaster strikes – test it regularly.
As we’re all busy, it can be easy to let this slip but it’s vital that you schedule tests and ring fence time for staff to carry out these tests, which can’t be overbooked.
Without regular testing you won’t know if your plan is fit for purpose to ensure business continuity.
No good organisation stands still. You will constantly be evolving with new people, new hardware and new systems being added all the time. So it’s important to regularly revisit and revise your disaster recovery plan as needed.
Having a disaster recovery plan won’t make you immune from outages, but it’ll put you in a really strong position to recover a lot faster than without one.
If you would like to find out more about disaster recovery and business continuity solutions get in touch with our Managed Services team who are on hand to help.