The IT disaster recovery plan

In technical jargon, general emergency management is characterised as business continuity management; processes essential to a business’ operations need to be kept running, even during abnormal situations. These processes can be broken down into three different groups:

• Emergency planning: emergency planning includes all preventative measures that aim to prevent a crisis situation from occurring e.g. by increasing reliability or designing a more robust system.

• Emergency response: this is all about optimising the quickest reaction possible for a crisis situation. It involves reactivating all system processes that are essential for daily business operations. Contingency planning and crisis management tools constitute further aspects of this group.

• Tests and drills: good emergency planning should also include regular practice tests and drills. The goal of this is to continually improve the emergency management process and identify potential points of weakness.

The business world has long since been in a state of increasing digitalisation. Many fundamental aspects of the economy, as well as a large number of different business models, have been outsourced and/or exported to internet-based enterprises: from application management services (e-recruitment) to logistic centres (e-logistic), the list of industries operating in one online form or another is as long as it is diverse. This is why it’s so important for businesses to be able to rely on their IT infrastructure. Failure of just one IT component demonstrates the significance of having a sound set-up, as this can bring an entire system down and lead to considerable financial losses. Preparing for such worst-case scenarios with a thorough IT disaster recovery plan can help reduce the severity of such instances.

Documenting all IT resources makes up the basis of each step of an IT disaster recovery plan. That’s why it’s important that all documentation is carried out as neatly and thoroughly as possible and is always kept up to date. Technical and contact data, user lists, and a clear allocation of responsibility for important tasks all play an essential role in IT disaster management.

An IT disaster recovery plan contains, for example, information on: 

• Hardware and peripheral devices, like printers
• Software applications
• IP addresses
• VPN and server access
• E-mail/data exchange

In order to reach the right contact in an emergency, you should include all important contact information in the documentation. This information includes:

• User lists
• Contact person and person responsible for each individual department
• Contact person for external providers
• Contract information for the internet or hosting service provider

IT disaster recovery plans are the product of seamlessly integrating disaster recovery personnel into the overall day-to-day business operations of the company. At its essence, an IT recovery plan is part of a company’s general security scheme and typically follows existing guidelines. Here’s an IT recovery plan checklist of some items that should definitely be included:

• Definition (‘What’s a disaster?’)
• Personnel lists with contact data (see above)
• Alarms and communication systems
• Emergency flow chart
• Termination measures and documenting the emergency
• Emergency supplies
• System recovery 

In addition to documents mentioned above, recovery strategies for individual components are among the most essential parts of a solid disaster recovery plan. And it’s this part of the plan that often requires the most effort.

IT security managers are known to encounter many different situations. Optimal preparation for such scenarios should include an IT disaster recovery plan with relevant solutions and, above all, a suitable recovery plan. A precise risk analysis helps reveal vulnerable areas and identify portions of the IT network that, while potentially threatening when left unguarded, are essential to day-to-day business operations. 

Make sure to execute the following steps before you put your recovery plan together:

• Analysis of all IT processes and procedures
• Hardware analysis
• Audit of all software applications
• Survey of all relevant transfer and system data

Once these steps have been carried out, you can now begin to create a step-by-step guide for various potential emergency situations and record them into your IT disaster recovery plan. Creating such a recovery plan can prove to be a demanding exercise of patience and diligence, as it requires that each step is in alignment with all company departments. IT disaster recovery plan templates, while helpful, should not be viewed as a silver bullet for those with time constraints. This is because carrying out regular updates and properly training fellow coworkers constitutes another major task in setting up adequate security precautions. For this reason, it may be a good idea to think about hiring an external contractor.

Creating an IT disaster recovery plan is a necessary and important task for any company. In some cases, a carefully conceived plan could be the difference between an irritating period of downtime and thousands of losses, as the following tool from Storagepipe illustrates. This tool lets users create different potential disaster scenarios based on varying company parameters, like annual revenue, number of affected employees, their hourly wages, etc. It doesn’t take long to gain a feel for what type of financial damage these situations are able to inflict. Taking time out for regular drills can help reveal potential points of weakness in your IT system, pathing the way for prompt repair before they can cause any real harm.