Planning For the Unexpected: The IT Disaster Recovery Plan Checklist March 10, 2021 Disasters can’t always be predicted, but they should be expected. Whether it’s a tornado, hurricane, cyber-attack or human error, anything can happen at any time and disaster often comes when you least expect it. Consulting an IT disaster recovery plan checklist will help to ensure that your organization is prepared. You should be able to answer this question confidently: If a fire consumes your office overnight, or some other catastrophic event occurs, can you be up and running again in some capacity and do so quickly? To get back to business as soon as possible, you need to have access to data and systems to stay connected with your employees and customers. Across all industries and organizational sizes, the average cost of downtime per hour is $250,000. Downtime also indirectly impacts your brand and reputation while simultaneously contributing to the loss of productivity as your team focuses on responding. This IT disaster recovery plan checklist covers what you’ll need in order to restore operations with minimal interruption and avoid excessive financial loss. 1. Determine Your Disaster Recovery Objectives Start with your organization’s tolerance for recovery. Consider the worst-case-scenario and estimate how much downtime you can afford to endure to develop a time-frame for how fast data and systems will need to be recovered. Doing this first will help you determine the disaster recovery strategy from a technical and operational perspective. You’ll need to set recovery time objectives (RTO) –– the amount of time it takes to recover all of your applications –– and recovery point objectives (RPO), which is the age of the data that you would need to recover for your organization to resume normal operations. When setting objectives and the foundation for your plan, it’s critical to know your baseline information to keep data recovery costs contained. At a minimum, it’s important to identify what needs to be recovered and how quickly to get the business back on track. 2. Designate a Disaster Recovery Team Disaster recovery requires an organization-wide effort. It’s a must that you designate a team to execute your plan by outlining the roles, responsibilities and duties that need to be taken care of in the event of a disaster. From executives to IT staff to frontline employees, everyone has a part to play, whether that involves making difficult decisions, handling high-level technical tasks, communicating with customers or contacting vendors. Each person in the company should be aware of what will be expected of them in a disaster event. Assign alternate backups in case someone is unavailable or unwilling to fulfill the responsibility. Be sure to document your disaster recovery process, providing detailed instructions so your team will know exactly what to do from start to finish. 3. Take a Technology and Data Inventory Keep a complete inventory of your necessary hardware and software on-hand, as well as any technical support details and vendor contact information you may need. Classify which hardware and software are critical to getting the business back up and running immediately versus what can wait until a later date. Your plan should also include what equipment or devices your employees will need and when. Additionally, it’s crucial to pinpoint which business-critical or sensitive data and documents would pose a disastrous threat to your business if lost or if the data is breached. This will help you see exactly what needs to be protected and at what priority. 4. Establish Offsite Backup Sites You’ll need to identify the backup locations where your business will actually operate. This can be a work from home plan or keeping a running list of alternative office space availability. It may mean finding temporary spaces to run various parts of your business—all with the technology in place that enables your team to work remotely. You’ll also need to identify offsite backup disaster recovery sites that can support the emergency relocation of critical hardware and software, where your organization’s applications and essential data can be moved during a disaster event. The disaster recovery plan must also prepare for failback, meaning how you’ll restore operations at your primary site after things have been transferred to a disaster recovery site during failover. Disaster recovery sites are only meant to run temporarily and not intended for regular operations. Keep in mind, implementing these aspects of any disaster recovery continuity plan is typically complex and costly. 5. Have a Data Recovery Plan Identify which disaster recovery method will help you best meet your objectives. As not all data is equal, determine if the right path would be a full-system recovery, a file-based recovery or something else. The data recovery plan you put in place should be tested extensively and often. Simply developing a plan to sit on the shelf as insurance isn’t enough. Testing at least a portion of the plan on an annual basis ensures that your customers, team and partners are prepared. It also reveals any areas that need improvement within the application, roles, infrastructure teams and more. A managed service provider who offers Disaster-Recovery-as-a-Service (DRaaS) helps to simplify your data recovery plan and make sure your most business-critical data is easily recovered. At Carbon60, we know from experience that data recovery plans are different for each organization, which is how our disaster recovery engineers are able to guide clients through the entire process from design to implementation. 6. Create a Crisis Communication Plan In the event of a disaster, you’ll need a clear plan to communicate with employees, customers, vendors, suppliers and the media. Transparency is key, as your stakeholders will be concerned about any data outage or breach. Knowing how you’re handling the situation will help to put their minds at ease and protect your organization. Many companies find it helpful to proactively create a crisis media kit and templates for internal communication in advance of crises happening so you can communicate swiftly and address concerns before they escalate. IT Disaster Recovery Plan Next Steps Keep in mind that every disaster recovery plan is imperfect, but it’s important to have a plan in place that you can revisit, improve and strive to leave no stone unturned. This IT disaster recovery plan checklist covers the essentials, but it’s just a start. Disaster recovery planning and preparedness is always a work in process and your plan will need to be continuously tested and reevaluated. Run through the checklist often and update your plan as needed. Many organizations don’t have the internal resources, skills or bandwidth, to plan and implement a disaster recovery solution. Working with outside vendors that specialize in disaster recovery ensures you’re factoring their experience and insights into your plan, offering tried and true protection and support that will not put your company at risk. To find out if Carbon60’s DR-as-a-Service is the right solution for your organization, contact us to learn more. Carbon60 is an MSP dedicated to helping businesses maximize the performance and security of their core application infrastructure with an agnostic cloud approach using public and hosted private clouds. A partner with both Amazon Web Services and Microsoft Azure along with major cloud and data centre technology companies, we have the experience and the expertise to support organizations wherever they might be on their cloud journey.