7. Fill gaps

Implement technology or processes to meet recovery goals

• Spearheaded by an executive

– Leadership

– Decision making

– Access to necessary resources

– Make sure project receives necessary attention

• Designate a DR Coordinator

– Intimate knowledge of IT system

– Creates and updates DR plan

– Leads recovery during disaster

– Makes executive decisions during disaster

• DR Team

– Employees from a variety of departments

– Help DR coordinator execute recovery

– Predestinated responsibilities for recovery

DR Team

DR Coordinator

Stake Holders C-Level

IT manager

IT Operations Facilities

• Analyze the DR technology that you currently have in place

• Do you have…

– Data backup?

– Skeleton Servers?

– Cloud Services?

– Virtualized Machines?

– Active/Active geographically diverse systems?

• Understand the capabilities and restrictions of each

•

•

•

•

•

• Halt operations for extended time – Extended systems downtime could mean the same for your business

• Permanently set the company back – Lost data could undo months of your work

• Bankruptcy – A significant number of companies that experience a major data loss,

will close their doors within 6 months • Regulatory risk of not being in compliance (PCI, SSAE 16, SOX, HIPAA) • Your company could face fines and other penalties for various reasons

– Lost client data – Security in regards to client data – No access to client data – Not notifying clients of such events

Restore Emergency Level of Service

Restore Key Business Processes

Restore to Business as Usual

Understand the IT dependencies for each business process, and what level of IT service is required for that process.

Prioritize recovery for IT systems and services. Understand what can be recovered as a stand alone service, and what required greater underlying

network support.

• Recovery Time Objective (RTO) – How long after a disaster does a business process need to be operational, or

what is the acceptable downtime?

• Recovery Point Objective (RPO) – What point back in time would you like to recover to? 10 minutes? 1 hour? 1

day before the disaster? This is determined by how often you perform backups.

• Recovery Level Objective (RLO) – Recovering from a disaster does not happen all at once. You should set

different recovery times for each level of recovery. And possibly a different recovery point for various systems.

Do you have all the proper technologies in place to successfully recover?

Is it possible to recover in a manner that satisfies your objectives?

There are a multitude of hardware, software, and services you can use to meet

recovery objectives.

Example:

If your RPO is under 15 minutes, you must be performing backups every 15 minutes

•

•

•

–

•

•

•

•

•

File and folder

backups

Employees recover data to personal

devices

Employees work from own devices

Bare-Metal Recovery

Easily recover data and all system and user configurations

on same or new hardware

Employees work from where network is

rebuilt

Cloud Replication

Easy and Instant Failover to identical machines and data

Employee work from anywhere with internet access

Hot Sites Replicate systems at

an alternate and remote work site

Personnel simply moves to new

worksite and resumes work C

om

pre

he

nsi

ve

Sim

ple

Aff

ord

able

C

ost

ly

•

•

•

•

•

•

• Do your employees know how to respond to a disaster?

– Based on your recovery environment and recovery objectives

– Develop a plan for each department to resume operations, starting with the most crucial

– Create a written plan that your employees can use to help them get back to work as fast as possible

In your plan for employees

– Address of alternate work sites

– Instructions to recover data

– Instructions to login to cloud based DR recovery environments

– Calling trees

– Important contact information

– Amended responsibilities

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

• Make sure your DR plan has full support

– Executive and C-level support

– IT support

• Send an email or memo to all employees with the information they need to know

• Distribute hard copies and instructions to access an electronic version

• Run a drill and test

• Test often (Every 6 months)

• Only through testing will you uncover everything that is missing from your plan

• Revise after testing

• Part of your plan will become stale every time you test it, make sure all the information is up to date

• Record difficulties during testing so updates can be made