110 Essential Components of an Effective Disaster Recovery Plan
Data is the lifeblood of any enterprise. However, backup and data recovery investments can be difficult to sell internally because their benefits aren’t readily apparent on the bottom line. Just like any insurance policy, these systems matter most when the unpredictable happens, such as a hurricane, fire, flood or cyber-attack. With data and cyber-security in the spotlight, enterprises of all sizes are taking a closer look at how to cope if and when a breach or other incident that impacts the business occurs. Having a well-designed disaster recovery (DR) plan can be the difference between bouncing back from an incident or going under. In this eWEEK slide show, Larry Novak, service manager for cloud recovery at ViaWest, highlights the key components an effective DR plan should have.
2Plan Description and Overview
Your business should have a document that provides the scope of the plan, objectives and assumptions. This should identify the address and location of the production site and the recovery site and include maps and directions as necessary. It should also describe when to put the plan in motion. What are the triggers that would cause a disaster declaration and activation of the DR plan?
4Accurate, Up-to-Date Call Lists and Communication Plan
Equally as important as your infrastructure are the people behind it. Your DR plan should list the members and their titles, telephone numbers and email addresses for the various teams involved in recovery, such as senior leadership; an authorized list of names who can declare a disaster; the recovery team; and the damage assessment team. The conference bridge line also should be included in the document.
5Minimum Critical Infrastructure
Your plan should list the infrastructure that will be required at the recovery site in order to have fully functional and operational systems. This includes the equipment for firewalls, switches, routers, storage, LANs and internet connectivity. Also, provide a list of servers (and their configurations) for backup and restoration software, security and virtual host servers. Prioritized List of Critical Applications and Systems
6Prioritized List of Critical Applications and Systems
Not all of your applications are business-critical. The DR plan should not only include a list of the applications and databases that should be recovered but also the sequence in which they should be restored. Expected Recovery Point Objective (RPO) and Recovery Time Objective (RTO), which can vary depending on your unique company needs, should be listed for each system. A list of the hardware required for each system should also be documented.
8Detailed Script and Action Items
9Testing the DR Plan
The DR plan should contain a section that identifies how often the plan should be tested, as well as a list of dates that the plan was tested with a brief summary of the results, and a list of and/or links to any post-test documents and lessons learned. The steps necessary to “failback”—restore operations to a primary machine or facility after a DR test or actual disaster—should be identified.
10Roles and Responsibilities
Each member of the various teams involved in DR should be familiar with his or her defined role. A list of everyone involved in the recovery process should be included in your documentation, along with their role and responsibility. A secondary or backup person also should be listed for each member.
11Network Diagram and Inventory List
An inventory list of all of the equipment at the production site and the recovery site should be included in the plan. A current, detailed diagram of the entire network—including circuit IDs—should also be part of the plan.