3 critical steps to recovery from a disaster when you have a business continuity plan
The Head of IT in any business large or small, is under continuous pressure. There is continual downward pressure on budgets, coupled with pressure from senior executives to embrace new technologies and increase the range of services offered to current and prospective customers. In short, do more with less.
You have done it right. You have prepared a comprehensive business continuity plan. You have taken online backups religiously according to your schedule. If you have an outsourced cloud host, you have verified that all the cloud backups are being taken according to the Cloud Backup Services schedule. You have carried out training sessions to test the efficiency of your business continuity plan.
You are happy that you have covered all the bases for if, and when a disaster occurs. Recovery should be smooth, quick and efficient with the minimum of disruption to business services.
But life isn’t like that as you are well aware. Mr Murphy will have his hand in any recovery attempts. The wise and experienced IT Head will have three critical steps to complete before and during the recovery process to thwart Mr Murphy. The first is to make sure that everything needed is to hand, and the next two to make sure that the recovery starts as quickly and efficiently as possible.
Step 1 – Resource Availability
Your business recovery plan will set out the resources that are required to initiate the recovery process, people, software, backup data and equipment.
The first and a continuing step is to ensure that you have accurate information about how to bring these resources to hand and deploy them.
- Regularly check that contact details are correct and up to date. This is for IT and non-IT staff in your organisation. You will also need contact details for key contacts in your hardware and software suppliers. Depending on your line of business, you may also need contact details for other external resources like the local municipality, telecoms and power suppliers.
- Know where the keys for critical doors and cabinets are kept, and that you always have access to them. If your organisation uses keypad entry controls, know the combinations or have access to keycards to open them.
- If you need to restore systems and applications software, you will need product keys.
- Backups. Whether you have online backups, cloud backups, or your systems are hosted by a Cloud Backup Services provider, you need to know how to get to them, and that they are complete and usable. It would not be the first time that backups are not usable or incomplete.
Bottom line, your disaster recovery plan needs to hold this information and it needs to be kept up to date.
Step 2 – First Steps to recovery
- Communications PlanThe last thing you need during a recovery programme are aggravated users continually asking what went wrong and when it will be fixed. Immediately initiate the communications plan so that they know what has happened, what is happening to recover the situation, and what they must and must not do. Keep updating them about progress.
- Alternative ArrangementsIf there are standby or alternative arrangements to temporarily replace normal operations, contact the appropriate members of staff to start putting them in place. This keeps people busy rather than their sitting about fretting, and in extreme situations could even keep the company afloat.
- Executive CommunicationsOver and above the communications plan, advise senior executives about the reason for invoking the disaster recovery plan, tell them what you are doing about it, and keep them well informed. If you need extra resources, for example temporary data entry staff or specialist consultants to assist with the recovery, then you will probably need their authority to bring them in.
Step 3 – Pragmatic Choices
The prime objective of initiating a disaster recovery plan it to restore normal operations as quickly as possible.
You will need to decide before initiating the recovery programme what sort of recovery it is to be. Different scenarios will require different responses, both in type and scale. How you approach the problem will define how quickly and completely you can recover.
It a total or partial disaster? Can normal operations continue in a limited way, or is a complete shut-down necessary? How critical are the affected processes?
For example, recovery from a Ransomware disaster is often best and quickest by clearing the decks completely and restoring all systems from scratch, then bringing back user data from backup. That implies a complete shut-down while the process completes. On the other hand, a data base corruption might need only the closure of processes that use that database.
Often, peripheral considerations can cloud decision making at this point. Other staff members will have their own priorities which can conflict with the most efficient and effective recovery.
What is needed is a pragmatic mindset to choose the most effective and sure recovery process.