Hurricane activity has spiked dramatically in recent weeks. As the National Hurricane Center monitored the simultaneous formation of a half-dozen named storms and five other areas of concern in mid-September, NHC scientist Eric Blake tweeted, “They are forming like roaches out there!”
An active hurricane season is always a reminder of the importance of disaster recovery planning. Over the years, studies continually show that business resilience following such events is largely determined by what you do before the storm, not after.
Most organizations understand what’s at stake. In a recent Spiceworks survey of businesses across North America and Europe, 95 percent reported that they have a disaster recovery plan in place. However, almost a quarter of those companies admit they have never tested or updated their plans. That is a very risky approach.
Disaster planning is not a “set and forget” activity. Plans must evolve to keep up with changes in business processes and organizational requirements. Most important, plans must account for rapidly changing technology resources.
Considering the pace and scale of IT change, it’s safe to say that a disaster recovery plan that hasn’t been updated in more than two years is functionally obsolete. And that might be a generous estimate.
An effective DR plan should be a living document that is updated anytime there are changes to the people, processes and technologies that drive your business. Although there is no established industry standard, most experts agree that organizations should review, test and update their plan at least once a year.
Here are a few important elements that your DR review should consider:
Cloud services. We’ve come to think of the cloud as part of a good failover strategy — shifting applications, storage, backup and other workloads to the cloud creates redundancy. However, cloud migration effectively invalidates huge chunks of a plan addressing only in-house resources. Your new plan must address how you’ll get to your cloud-based apps and data if you have no power or Internet connection. You must also ensure ready access to contact information and service agreements for all cloud providers.
Operational changes. Staffing changes obviously must be reflected in the plan, with responsibilities clearly outlined. New lines of business, product updates, new suppliers and other operational changes should be addressed. A change of location, new branch offices or the growth of a remote workforce also impact the plan.
Technology changes. Plans must be updated to cover the addition of any new hardware or software. It should include an inventory of all servers — including virtual servers — and their configurations. In addition to a list of new software, you should note the patch levels and version numbers for older applications. Given the increasing reliance on mobile computing, the plan should also include an accurate account of end-user devices.
Any time a plan is updated, organizations should schedule testing as soon as possible. Nobody wants to find out after a disaster hits that critical files were not backed up as planned. Disaster simulations and tabletop exercises help ensure everyone understands their roles and responsibilities.
If you have questions about your existing plan or would like guidance on how to effectively review or update the plan, give us a call. Our team can help you evaluate your business risk, identify areas of your plan that require revision and develop testing exercises to ensure that the plan works as desired.