Planning for Disaster: From Analyzing Impact to Developing the Plan

A couple months ago I wrote about how business priorities should drive how an organization goes about preparing for a disaster that could impact the IT systems on which it is dependent. The reasoning is pretty simple. With all the things we rely on systems to do, it’s obvious that some are more important to the corporate mission, and its health, than others.

Plan Development

If our priorities are dictated by the negative impact we seek to avoid—as they should be—then to translate those priorities into an effective disaster recovery program we have to consider other factors as well. While the concepts involved are simple enough—”time is money” leading the way—there are some complications. Most notably, we have some decisions to make that are going to affect the cost of our plan.

This is one reason that planning for business continuity can be so difficult. It’s not just a matter of knowing what systems are most critical. It’s balancing the risks associated with downtime with the expense of minimizing it, and it’s doing so in the context of any number of systems that support the organization. If there’s a recipe for an easy and foolproof method for concocting the perfect disaster recovery plan, I haven’t found it. It takes hard work and tough decisions, along with an awareness that embracing imperfection is better than succumbing to paralysis.

Setting Your Objectives

When we’re talking about setting goals pertaining to disaster recovery, we can pretty much sum them up using the terms—if you’ll pardon the jargon—recovery point objective (RPO) and recovery time objective (RTO). RPO addresses the question, “How much data can we tolerate losing?”, and it directly impacts, for example, the intervals we select to perform backups for a given system. The shorter the RPO, or the less data we’re willing to lose, the more frequently we have to perform backups and the more data $torage we’ll need (See what I did there?). RTO addresses the question, “How quickly must we—in case of a system outage—have a system up and running again?”. As you might surmise, shorter RTO likely means a more sophisticated (and expensive) solution.

A Balancing Act

Determining RPO and RTO is a balancing act. The costs associated with downtime and data loss are weighed against the costs of implementing backup and recovery solutions, metrics that will vary across different systems and services within an organization. An e-commerce website might have a short RTO because downtime directly impacts revenue, whereas a less critical internal application might have a longer RTO.

Setting objectives is a collaborative process involving stakeholders from IT, business units, and sometimes even external partners or vendors. Once set, RPO and RTO metrics serve as essential guidelines for selecting appropriate data protection and recovery solutions.

The Importance of a Good Audit

Making good decisions is infinitely more likely when there is good data to work with, as it illuminates both risks of downtime and the costs associated with minimizing it when it occurs. For the latter, we must have a complete inventory of current systems, components, and the workload profiles associated with each of them. With a clear picture of the technology on which we are dependent, we can, at least, begin the process of planning for failover.

The Value of a Good Technology Partner

In the ever-evolving world of IT offerings, partnering with an experienced solutions provider offers some advantages. Here are a few that come to mind:

• At Prescriptive we have years of experience in dealing with a variety of disaster scenarios across multiple industries. We offer specialized knowledge and best practices that can significantly improve the quality of your BCDR planning.
• Experienced providers, Prescriptive being among them, can conduct a thorough risk assessment to identify vulnerabilities and gaps in your current setup. Their experience allows them to quickly identify areas that may be overlooked by an internal team.
• Solutions providers—especially a technology-agnostic provider like Prescriptive Data Solutions—can help navigate the complex landscape of offerings to meet the specific needs of your organization, from budget goals to compliance with industry regulations and standards.
• Developing, implementing, and maintaining BCDR plans can be time-consuming and labor-intensive. An external provider can help speed up this process, allowing internal teams to maintain focus on core business functions.
• Specialist providers often have access to state-of-the-art technologies for data backup, recovery, and system monitoring, which might be cost-prohibitive for many organizations to acquire, master and maintain.
• As your organization grows, your business continuity and disaster recovery needs will evolve. A solution provider can help scale your plans and technologies to meet these changes.
• Regular testing is crucial to ensure that your plans work as intended. A good solution provider can facilitate realistic testing scenarios and help analyze the results to make necessary adjustments.
• Training staff for disaster recovery and business continuity is critical. An experienced partner can offer specialized training sessions to ensure that your team knows what to do in various emergency situations.
• Providers can help ensure that your business continuity and disaster recovery plans meet industry regulations and compliance requirements. This is especially crucial for organizations in sectors like healthcare, finance, and government.

Disruptions can be caused by natural disasters like floods and earthquakes as well as human-induced events such as cyberattacks, hardware failures, or even simple human errors. The absence of a robust disaster recovery plan can result in significant financial losses, erode customer trust, disrupt business continuity, and even lead to the failure of the business in extreme cases. Investing in a comprehensive disaster recovery plan is not just an insurance policy against unforeseen calamities. It’s a fundamental business practice for safeguarding the future viability of an organization.

Contact Prescriptive Data Solutions today to find out more about how we can help protect your organization from a disaster.

Photo by Johannes Plenio on Unsplash