For most businesses whom rely heavily on technology for their day-to-day activities, the importance of a disaster recovery plan (DRP) cannot be overstated. It doesn’t matter what industry you operate within, if something catastrophic happens or there is an unseen event, your business needs to respond quickly and continue to provide the same level of service to clients.
In this article, we’ll be looking at DRP strategies, incident response and recovery. Before completing a DRP, we would always recommend performing a risk assessment to identify the IT services within your organisation that are business critical. Once that stage has been completed, work to establish recovery time objectives (RTOs) and recovery point objectives (RPOs).
When working with an outsourced IT provider, your DRP should be developed in conjunction with the business continuity plan. Technology and data recovery strategies should be developed to restore hardware, data and applications in time to meet the needs of the business recovery.
Disaster recovery strategies ISO/IEC 27031
- There are six main aspects to consider: how you will respond; the actions you will take; how the situation(s) could have been prevented; overall threat to the business/IT systems; RTO and RPO and which system or business function will be impacted.
- Budgets and resources are likely to play a huge role in your business recovery, and these must be accounted for in your plan. What risks are involved? Do you work with a third party IT company who would provide the support? Are there human constraints, budget constraints? Does your industry have regulatory obligations?
Additional factors to include in your disaster recovery strategy
- Suppliers of critical systems
- Policies and procedures
- Access to equipment
- Backups of data
- Physical facilities
- Skills of staff
Structuring your disaster recovery strategy
DR plans should start with a summary key action process and lists of key contacts for ease of authorising and launching the plan. This section identifies the order defined by ISO 24762 and ISO 27031.
- Introduction – to outline the purpose and scope.
- Roles and responsibilities – contact details, spending limits, who had authority within a DR situation.
- Incident response – who responds, how the situation can be brought under control, who the company has to notify.
- Activating the plan – criteria for launching the plan, what data is needed, and who makes the decisions.
- Document history – Making regular revisions to the plan and documenting key dates.
- Procedures – This section covers how people respond. The more detailed this section is the quicker the business should recovery.
Over half of all companies that suffer a major business data loss close within two years. Contact our team today on 01462 417070 for a free risk review.