Disaster Recovery Plan
A-to-Zerto Glossary of Terms
What Is a Disaster Recovery Plan ?
A DR plan focuses on getting IT systems, applications and services back online as quickly as possible in the event of a disaster. Disasters can threaten the lives and health of people, can destroy infrastructure, and can disrupt business operations. Rapid and effective responses that follow a well-designed plan are key to mitigating the effects of a disaster.
From an IT perspective, disasters are the cause of unplanned downtime and data loss, both of which cost the organization due to loss of revenue, loss of productivity, loss of reputation, and loss of customer loyalty. Having an effective disaster recovery plan helps minimize downtime and data loss.
Disaster Recovery Planning
As part of business continuity planning, risk assessment (RA) and business impact analysis (BIA) help to identify the critical functions and business processes that must be prioritized.
Risk assessment will identify the organization’s most critical assets, threats and vulnerabilities that pose specific risks, and drive mitigation actions to reduce or remove the likelihood of these risks.
BIA will highlight the impact from the loss of any critical business process, and identify systems, applications, resources involved, existing dependencies as well as needs and/or alternate options to temporarily run the business process.
Figure 1: Business continuity planning to disaster recovery planning
As shown in figure 1, business continuity SLAs will be established as part of the BIA. They will include some business continuity metrics (MTD and MTDL) expressing the maximum tolerable downtime or data loss of these business processes. These in turn will help the DR team to extract key DR metrics such as RTO and RPO, and therefore set their own disaster recovery SLAs.
Based on the results from RA and BIA, the DR team will assess the best DR strategy to pursue, and the DR model —or DR implementation— best fitting the organization’s resources and needs.
The team will also assess if its current solutions are good enough to meet its SLAs. If not, the evaluation, implementation and integration of new solutions will be part of the planning process.
The DR team will also re-evaluate its procedures, workflows, communication plan and protocols. This often results into the creation of a DR runbook that details the exact procedures and processes to follow in case of a disaster or major IT disruption.
Another essential step is to engage with the incident response team —especially if separate from the DR team— to ensure proper monitoring of all IT critical assets and applications, optimize alert setup, and train staff for proper incident assessment and potential DR plan initiation.
All of the above will result in the establishment of a DR plan in line with the organization’s DR strategy, implementation, resources, IT infrastructure and solutions deployed.
Last, the DR planning should account for the establishment of regular reviews and testing of the plan, to measure if it can meet the required SLAs and ensure the team effectiveness in its response.
Business Continuity Plan (BCP) vs Disaster Recovery Plan
The business continuity plan is about steps and contingencies to maintain operationality for the organization while the disaster recovery plan focuses on restoring IT systems after a disruption.
The DRP is a subset of the BCP which includes other plans as shown below in figure 2. The BCP is managed by the business continuity management (BCM) team, which includes stakeholders from across the organization, and even outside of it. The DRP is managed by the DR team, which is very IT centric, even though it is connected to the BCM team.
Figure 2: Plans in Business Continuity
Key Considerations of a Disaster Recovery Plan
When creating an effective DR plan, you should consider several key points to help your organization be prepared when disaster strikes.
- Assigned roles and training. Ensure that the roles and responsibilities of everyone on your IT team are clearly laid out and that everyone is trained on their duties should a disaster strike. Ideally, you should have a backup assigned for each role, but at the very least, make sure you have a backup assigned for key decision makers.
- Communications. Have a clear plan for how steps of the DR plan can be communicated as they are being executed during a disaster and clear instructions of how to proceed if communications are disrupted due to the disaster.
- Remote access. Having a plan to initiate recovery from a remote location is ideal in case you can’t access your on-premises technology during a disaster.
- Updates. Make sure your plan is kept up to date as changes occur to your organization. These changes may include changes to personnel, changes to infrastructure, and changes to business priorities.
- Testing. DR testing is critical to both training and keeping your DR plan up to date. Testing makes employees familiar with the DR plan, the plan execution, and exposes any flaws or gaps in the DR plan. DR testing should be done frequently, at least twice a year, if possible, or at the very least, once a year.
Zerto and Your Disaster Recovery Planning
When you are faced with a disaster, a simple and clear plan can make or break your recovery. Zerto is a scalable solution that can provide your organization with a variety of tools to help make your DR plan not only simple and clear, but effective and robust. With Zerto, you can see the real-time status of your protected environment from any device. And you can test and validate, as often as you want, that your DR plan delivers and meet its SLAs, in a non-disruptive way for your production environment. Simply perform a full failover test in seconds and quickly get back to other business-critical tasks.