Every organization or business, regardless of revenue or staff size, needs to understand what is truly critical to keep operations going, and how long the business can function without certain elements, components or dependencies. This includes considering how long the business can survive both financial losses and reputational losses due to negative public perception. Obviously, not having a disaster recovery plan is a recipe for disaster, but just having a plan is not enough. Make sure that your disaster plan avoids certain pitfalls that may complicate disaster recovery.
Consider the below list of what to NIX
1. Make everything a priority
Let’s be real. It is impossible to recover everything all at once. So it is imperative to establish recovery priorities and understand their dependencies. Dependencies include any component, element or infrastructure that must be
in place for other components of the process to work.
Have a means to communicate with all of your employees, emergency responders and customers in the event of a disruptive event.
Never underestimate the value of communication. Even if the news is not ideal, it always pays to communicate the status vs. leaving things open to negative interpretation. Consistent communication of status and recovery objectives helps to reassure, maintain trust and puts you in control of the rumor mill.
We all know that having a Recovery Time Objective (RTO) and a Recovery Point Objective (RPO) is essential in disaster planning. The RTO establishes a target for the amount of time it will take to go from the point of disaster to the point of recovery. For data infrastructure and recovery, the RPO takes into consideration the amount of time between the disaster (disruptive event) and the last complete back-up. The RPO is a measure of how much data is at risk.
That said, even the best-laid plan needs to account for additional disruptive events that may occur during recovery efforts that further delay the RTO or RPO. Two aspects of the disaster that should definitely have extended plans include physical plant and data infrastructure. Consider a disaster in which an organization can’t continue operation within its own facility due to physical damage or destruction of the building or, the inability to access the building due to damage to external roads or other public transportation. What do you do if the RTO or RPO is impossible to meet due to additional circumstances beyond your control? This is why having an extended recovery plan in place is helpful should you need to go to "Plan B.” Think of it as your disaster plan within the disaster plan.
4. Over complicate & over process the process
Don’t you just love it when the process has a process within a process? It can feel like you are trapped within the process of the process and can’t even remember the inception point. Keep the plan simple, logical and straightforward. Avoid building a plan that may actually build roadblocks to recovery by demanding too many processes or executive approvals of real-time changes. In a disaster, timing and flexibility are two key elements that you need on your side.
In an actual disaster, people can be incredibly inventive, which can come in handy when the recovery phase requires real-time flexibility. Don’t get stuck on “the plan” or chain of command. People can be more flexible than systems or processes, especially in emergency situations. Allow some room for adaptability and have plans B,C, etc. ready to go if necessary. Understand that there may be times when recovery teams may have to make autonomous decisions or procedural changes when they are necessary.
Every business is vulnerable to experiencing an unexpected event, serious incident or disaster that can prevent it from continuing normal business operations. A well-structured, flexible disaster recovery plan can enable organizations to recover quickly and effectively from disaster or emergency and take command of business interruption, financial impact, and even reputational loss.