Putting Together an IT Disaster Recovery Plan for Your Business

I've been talking a lot about backups and Disaster Recovery Plans and their importance to businesses, but how do you put one together?

Here are 9 things to think about when putting together an IT Disaster Recovery Plan:

1. Impact vs Risk:

What IT disaster(s) are you wanting to protect against? It could be a ransomware attack where your data is unlawfully encrypted, protecting data loss against a server outage, a localised disaster such as an office fire, etc. What are the likelihood of these things happening and what is the impact to your business?

2. Data Backup and Recovery:

What backup system(s) do you have in place? Do they run daily or hourly? Do they back up to a USB drive or the cloud? How long does it take to restore the data? If you compare your backup system and recovery times against the points made in step 1, you can start to see if all areas of disaster are covered by your backup system.

3. Service Restoration:

How long does it take to restore IT system functionality after a disaster? Don't just plan against one type of disaster, but for all of the types identified in step 1.

4. Communication:

How will you communicate an outage to your staff, customers and stakeholders? How will you set their expectations?

5. IT vendors & Insurance:

How will your IT vendors fit into your Disaster Recovery Plan? If you use an IT service provider, how quickly can they respond to your disaster and how involved will they be? Is your business insured for all of the costs associated with how the disaster impacts your business revenue?

6. Relocation:

If the disaster is a fire in your head office, if the building no longer available? How will your staff operate if you need to relocate your place of operations? If you have servers and other IT devices in your head office, where will you put them while the office is unavailable?

7. Employee Awareness:

How will you prepare your staff for an IT disaster? Have their expectations been correctly set? Will it impact all departments or just several? Refer this back to the disasters you listed in step 1.

8. Security:

When major changes need to be made to how a business operates, security often takes a backseat. Think about the COVID lockdowns. A lot of organisations had to rush to enable work from home situations and major shortcuts were taken by many IT teams which lowered the security of your data.

9. Testing:

How do you know that all of this will work? I highly recommend taking the time to create simulations of an IT disaster and put it to the test.

Taking the time to make a great IT Disaster Recovery Plan is an essential step to ensuring your business continuity in the event of a disaster - in whatever form that takes!