Every Business Continuity Plan Should Include Disaster Recovery
After a crisis, a human-made or natural disaster, or any other type of emergency, organizations need to resume day-to-day operations as quickly and as smoothly as possible.
An organization’s ability to recover from a disaster requires careful planning, testable processes, and the right technology. According to a study from Ponemon Institute, the average cost of data center downtime is almost $9,000 per minute. Gartner’s study found the cost of network downtime to be more modest at about $5,600 per minute. Regardless of the actual figure, time really is money, so organizations must be proactive in setting themselves up for successful recovery in the event of a disaster.
What is Disaster Recovery?
Disaster recovery is the process of restoring business operations following a disruption. Disaster recovery comprises a set of policies or procedures designed to ensure effective communication during the event and facilitate the return to normal operations, the recovery of IT systems, and the restoration of uptime for mission-critical applications.
While often paired with business continuity (BC), disaster recovery differs in that it is a component the BC program. A BC program encompasses multiple plans to maintain business operations before, during, and after an event. The goal of disaster recovery is to keep operations running as smoothly as possible during an event and resume them with minimal downtime after an interruption.
How to Create a Disaster Recovery Plan
An effective disaster recovery plan is a document that requires meticulous and thoughtful planning, preparation, and testing. It contains an overview and granular versions of policies and procedures for remediating a disaster as it transpires, minimizing the impact of interruptions, and ensuring operations resume as quickly as possible after downtime.
Developing a disaster recovery plan concurrently with the overall BC plan is an essential and efficient use of an organization’s time and resources. Both tasks require assessment of business impact and risk analyses. The analyses will identify critical components of the disaster recovery plan, such as IT recovery time and recovery point objectives.
Beyond IT hardware, applications, and digital assets, a disaster recovery plan must include the physical facilities and the location of the personnel inside. The plan should identify what needs to be protected during a disaster, including impacted personnel, assets, and facilities. It must also specify which resources will be responsible for which procedures, such as:
- When and how facilities managers keep operations online or them shut down
- Which IT personnel will restore backups, after how much downtime they will restore, and when it is essential to restore
- Which resources will protect people, operations and hardware from danger
- Who comprises the crisis management team
- Who has governance of the disaster recovery / critical event management communication solution
- Who approves and who delivers communications through the media
The disaster recovery plan must also contain a contingency plan: What is plan B in the case of an outage, who will guide personnel through plan B, and how will employee training be conducted? After all, a plan only works if the workforce can follow it.
Additional requirements of a complete disaster recovery plan include insurance information for relevant business functions and assets, stakeholders who will need to sign off on all disaster recovery procedures, and a testing schedule.
A plan is just a hypothesis until the crisis management teams or appropriate members of the crisis management and incident response teams have tested it. And testing is not a one-time task; a testing schedule should be defined and adhered to. Testing the disaster recovery plan is the surest way to identify gaps, needs, or errors in the planned procedures. Disaster recovery plan testing includes running drills using the organization’s communication system for emergencies, crises, and disasters.
Effective Disaster Recovery Communication
Communication during a disaster and subsequent recovery efforts are a cornerstone of the plan. It’s essential to have clarity about who talks to whom, when, how, and what is communicated. Effective communication demands quick, flexible pathways and relies on trust. Failure to communicate clearly and timely can have safety consequences and depending on the nature of the disaster, can also incur brand reputation damage.
Effective communications during and after a disaster are guided by the following tenets:
- Command and control: Clarity about who is in command and who is in control is essential.
- Consistency: Every department and group must be communicating the same information and scripted talking points.
- Collaboration: Pre-identified thoughts, processes, and practices are essential to productive collaboration.
- Coordination: Messaging must be coordinated across functions.
- Clear communication across optimal channels: All communications must be clearly shared over the appropriate channels.
Communications during and after a disaster include pre-written notifications and alerts delivered to the appropriate internal and/or external audience via email or text, and directions delivered via overhead sound systems or phone calls. These communications should include messages about safety, places to assemble, and provide status updates. Some disasters will require external communications. External parties span stakeholders, media, and emergency contacts.
The optimal approach to disaster recovery communication is to use an integrated, unified mass communication platform. Such a solution consolidates crisis management, disaster recovery, and business continuity communications. It also provides real-time response capabilities and pre-set rules and policies. Mass communication platforms with advanced capabilities such as Everbridge has solutions to automate event management processes to reduce human error (such as errors caused by shaky finger syndrome), lessen the burden of manual tasks, and reduce latency between the event triggers and the company’s event response.
What are the Steps in a Disaster Recovery Effort?
Given crisis scenarios have different impacts across organizations, the components of a successful disaster recovery plan must account for various crisis scenarios. The key is to document the appropriate steps to keep your people protected and resume normal business operations before a critical event adversely affects your organization. To learn about the considerations involved in developing disaster recovery plans that address the different types of critical events organizations need to be prepared to face, please read our companion post, What to Account for in Planning for Disaster Recovery.