Does it seem like there are more natural disasters in the news these days? Tornadoes, wildfires, floods, landslides, blizzards, earthquakes, hurricanes, avalanches…all seem to be occurring more frequently. Throw in train wrecks, refinery explosions, terrorism, cyberattacks, and other deliberate or accidental human-caused disasters, chances are good that your business will be interrupted at some point by forces outside your control. Disasters need not be dramatic or widespread—even a simple long-term blackout can exact a heavy toll on a business.

And if that weren’t enough, even far-away disasters can have businesses scrambling. A business that relies on servers and other IT infrastructure located across the continent can find itself unable to function if those servers go down.

The Key to Recovery

The ability of a business to recover quickly from major interruptions depends on its business continuity plan, which defines the overall strategy and priorities for restoring business operations. Hand-in-hand with business continuity planning is disaster recovery (DR) planning, which lays out the step-by-step procedures for recovering critical business systems, which in this day and age usually means IT systems.

If your DR plan consists of “hope a disaster never happens,” you are not alone, but that’s little consolation. Many businesses have no plan, and many that do have plans that are poorly thought out, make unrealistic assumptions, or are woefully out of date or generally unworkable. And many businesses with flawed disaster recovery plans don’t know it, because the plans have never been tested.

The Elements of Disaster Recovery Planning

A DR plan is a company’s playbook for restoring critical business systems and processes in the event of a disaster. DR planning involves the following critical activities:

  • Prioritization: Determine what the most critical systems are and what other systems have to be operational in order for those systems to work.
  • Development: Write out the steps for recovering each system. In this process, you will identify gaps; for example, if a step is “retrieve the data from backup,” and there’s no backup, you know that you need to get some backup in place.
  • Assigning roles and responsibilities: Determine who performs each step. Each person should have at least one backup in case the primary person is not available.
  • Testing and Training: Don’t let a real disaster be the first time you’ve actually executed your DR plan. By testing your plan, you will find out if the steps make sense and if there are dependencies or assumptions that were missed. As well, your team will get experience with the procedure, making them that much better prepared for the real thing. A DR plan should be re-tested every year or two to ensure it still matches your current business and technological environment.
  • Maintenance: If you create a DR plan and never look at it again, you might as well not have one at all, because within a couple of years it will be out of date and therefore useless. Businesses change and grow, and their IT environments evolve as well, as new technologies are implemented and old ones are phased out. Your DR plan should be reviewed and updated regularly.

DR Planning and the Cloud

One way to greatly simplify (though not eliminate) DR planning is to move as much of your IT footprint as possible to the cloud, particularly data storage, file storage, and business-critical applications. With that in place, the scope of your DR plan can be reduced to re-establishing network connectivity and acquiring workstation hardware. This is a major change from typical plans of just a few years ago, which often included acquiring, configuring, and deploying server hardware and restoring applications and data from backup tapes. Of course, your cloud provider must have their own business continuity plan in place, and you should find out the details when you’re choosing a cloud service. Just like for your own business, you’ll want to know how soon they will restore services if they suffer a disaster.

It Pays to Get Help

The foregoing is necessarily a high-level description, and there is much more to know about business continuity and disaster recovery planning. It’s admittedly much easier said than done. Unless you have someone on staff with experience in this area, chances are good you will need the assistance of an outside consultant. This is where a managed IT service provider can help. Look for someone with expertise in this area and explore your options. A disaster of some kind is inevitable. Adequate preparation can mean the difference between whether your business can smoothly recover if disaster strikes.

Download Cyber Threat Checklist