As technology progresses, we become more and more dependent on it to work more efficiently and easily. What is often not considered is how quickly a disaster can disrupt the advantages of technology.. Does your company have a disaster recovery plan or a business continuity plan? Do those plans include more than just setting up a data backup? Is that data backup regularly maintained? Does your current IT service provider offer disaster recovery as a service (DRaaS)? Business continuity and disaster recovery should be on the mind of every business, especially since remote working is at an all-time high.
When it comes to IT infrastructure, we will always recommend engaging in a support agreement with a managed service provider (MSP). An MSP will not only maintain your IT systems, but these experts will assist with data management, data security and offer DRaaS options. MSPs like Kansas City Managed IT have extensive experience with various types of information systems and data protection. As a DRaas provider, we work with our managed service clients to develop IT disaster recovery plans, preparing your company for unplanned events through IT asset, data and IP protection.
Are you new to business continuity and disaster recovery?
For those new to business continuity plans and disaster recovery plans (DR Plans), it is important to know they are directly correlated, but not always the same. A disaster recovery plan (DR Plan) deals with IT infrastructure; the pieces in place to get the company’s Information technology infrastructure back up and functioning in the case of a disaster or unplanned event. A company’s disaster recovery plan (DR plan) should include plans for natural disasters, fire and cyber-attacks. Our team will work with you to determine the best preventative measures, backups and recovery strategy for your company. Not all companies have the same needs, so we will present the most cost-effective option while considering recovery time objective (RTO) and ease of continued business operations.
A business continuity plan encompasses the entirety of business operations, responsible for reinstating all vital operations back to full function with the least amount of downtime possible. If you have never performed a risk assessment or a business impact analysis, it is highly recommended.
A risk assessment analyzes your IT infrastructure and identifies vulnerabilities. Questions often include, “Is all equipment plugged into a power supply?” or “Are there steps in place for data protection?”. Once the vulnerabilities are identified, it is recommended to engage an IT company to manage the environment, alleviating the voids in data security and IT systems. A service-level agreement (SLA) with your managed service provider will clearly define what deliverables are included, as well as expected response times for the various levels of information technology issues. Without an SLA, you could find your company lacking assistance and wasting critical time during a disaster recovery.
A business impact analysis assists your company with business continuity planning. This helps determine the order of which systems in your company need to be restored to result in the least impact on business operations. It will also help you identify the maximum amount of time your company can remain unproductive without taking a major financial hit. Both the risk assessment and business impact analysis will help inform the right recovery strategy for your company.
As stated above, your IT provider should have a DRaaS offering. A team with DRaaS experience will not only be able to help in a disaster recovery scenario, but are better equipped to protect and prepare your environment from possible threats. Experienced providers will help you determine if a local (Windows Server), cloud (AWS) or hybrid cloud environment is right for your company. Also, they will help with data management and data backups using programs like VEEAM, to keep your data in an offsite data center. In additions, applications and equipment will be put in place to protect against cyber-attacks.
Putting together your IT Disaster Recovery Plan
Your company should not compile your IT disaster recovery plan alone. Ensure a DRaaS team will work with you to develop the answers to these questions, so that disaster recovery planning remains realistic, and everyone understands the capabilities of the current infrastructure. If it is discovered that the recovery strategy is not sufficient, then some changes to the systems, equipment and applications are required.
Who is in charge in the case of a disaster?
In the event of a disaster, who is the point of contact? Who makes final decisions? What is their contact information? Documenting the answers to these questions and providing them to your IT provider ensures they know exactly who to talk through when the disaster recovery begins. Ideally, it is important to identify a person that is not part of your IT team, because the IT team will be too busy recovering data. Providing a disaster recovery services company with one point of contact will free more time for the IT team to work more efficiently and effectively resolving the matter.
What order should the devices and services need to be restored?
If you have performed a business impact analysis, this outline should have been developed to prioritize your disaster recovery based on what operations are most vital to get your company functioning and producing revenue. Often this operations are the most crucial. Also, it may be more important to restore customer facing services before actually restoring internal services. Give this plan plenty of thought so your company has the best recovery time possible.
How quickly should you recover?
There is a wide range of backup options and not all of them provide a quick recovery, and some are more cost-effective than others. Determining your company’s recovery time objective (RTO) will help narrow down the best suited backup solution. It is necessary to decide the maximum duration of time that your company can function without accessing data in the event of a disaster or cyber-attack.
There should be a list of contact information for all vendors, including phone numbers, account numbers, email addresses. For software vendors, document the name and exact version of software that is in use. For hardware vendors document the model and exact specs of each piece of hardware. This list should be kept in multiple places that could be accessed in the occasion of a disaster, to ensure the RTO is hit.
Once notifications have been made and all the right parties are together. The first step should be to triage what systems are affected and what hardware is still functional. Once this has been determined then you should be able to jump right into your recovery plan and begin your disaster recovery.
In the case of a disaster that prevents access to company location such as a tornado or a flood, you should already have a plan in place for where the office can temporarily operate. This could be an office space or even a trailer. You should check your insurance policies to see what type of services they will provide for this type of scenario.
What is your Recovery Point Objective?
Determining your company’s recovery point objective is a must when building a plan for disaster recovery and business continuity. The recovery point objective is how much data loss is acceptable due to downtime from a natural disaster, equipment failure or cyber-attack. Understanding the amount of data loss that is acceptable will help determine the recommended backup solution (usually a hybrid cloud solution such as VEEAM, Datto or Barracuda). Different backups have different capabilities with how often the backups are performed and the recovery time to have data usable again, so it is crucial to choose the option that is compatible with your data recovery and business continuity outlines.
Disaster recovery services and business continuity planning should also be reviewed and updated quarterly. Your technical environment is constantly changing, so your disaster recovery plan should be changing with it as well. Everything should be considered, such as a change from a Mac environment to Windows, new IT assets, and the information systems your company utilizes. The plan should be prepared with your managed services provider to ensure all possibilities are covered.
As time goes on, it is inevitable that some sort of data recovery will be performed. Every company should work with their DRaaS provider to keep a disaster recovery journal, documenting each incident, how it was fixed, what measures were put in place to ensure it can never occur again. A copy of the disaster recovery journal should be provided to any new IT service provider, so they have a complete understanding of the past events that have affected your company and can take them into account when recommending any changes to technology, disaster recovery and business continuity.
If you are questioning your current disaster recovery plan, concerned about your company’s business continuity, or have no plans at all, we can perform a risk assessment to help identify your key vulnerabilities and how to minimize the risks your business may face. Ultimately, disaster recovery and business continuity should not be an afterthought. A disaster could literally cost your business everything, so it is vital to have a disaster recovery strategy in place.