A business that doesn’t have a data disaster recovery plan in place is like the Titanic on its way to hit an iceberg without nearly enough lifeboats on board. Data is the lifeblood of any business, and how quickly and smoothly you can recover from a data disaster might eventually determine the survival of your business. Just knowing that you’re doing regular backups isn’t enough. You need to have a plan that covers every possible contingency, then you need to test your plan to find its weaknesses and adjust accordingly. A good data disaster recovery plan should also be updated frequently, to adjust to changes in your business.
No one can tell you what needs to be included in your plan without intimate knowledge of how your business operates. These plans aren’t boiler plates or one-size-fits-all propositions. However, the first steps for putting together disaster recovery plans are pretty much the same for all businesses, as are some of the things you need to consider as you begin developing a plan that’s tailored for your unique business.
Start with RTO and RPO
You start by assessing two metrics that have to do with your plan’s objectives. The first is the recovery time objective (RTO)—the time you have to restore usable access to your data after a disaster before the business begins to suffer. The other is the recovery point objective (RPO), which is the acceptable age of the files that will need to be recovered, which really means the amount of recent data loss that’s acceptable.
Both of these figures vary widely from business to business. A small convenience store using a point-of-sale system, for example, might be able to whip out a calculator and get by for days until a data connection is restored and might even be able to continue operations with a week or more of lost data. A stock brokerage, on the other hand, holding buy and sell orders tied to the market’s movements, might urgently need to have service restored in less than an hour with very little loss of data.
These two measurements will lay the foundation for the remainder of your data disaster recovery plan. For example, the mom-and-pop convenience store knows it should be able to make do by backing up to a thumb drive when preparing the daily bank deposit, while the brokerage firm will probably need to invest in the services of a secure and dependable cloud backup service like Mozy for frequent backups.
This is only the beginning, of course. From here you will need to determine, among other things, all of the different types of disasters that can threaten your data, whether man-made or natural, and develop contingency plans for each and every one—and more importantly, perhaps, figure out ways each scenario might be avoided. You’ll also need to test each scenario with data disaster “fire drills,” to discover any kinks in the procedures you’re establishing.
A good plan that covers all foreseeable disasters will be very complex, and a larger business will eventually need to seek outside consultants to fill in the gaps. It might be best to get started on your own first, however, so you can be a better help to the people you hire to help you.