Disaster recovery (DR) involves a set of policies and procedures to enable the recovery or continuation of IT infrastructure and systems.
Recent research supports the idea that implementing a more holistic pre-disaster planning approach is more cost-effective in the long run. Every $1 spent on pre-disaster saves approximately $4 in recovery costs.
When realizing that, here are six steps to receive cost-effective disaster-recovery:
Define Key Assets, Threats and Scenarios
Organizations need to know what to protect and what its value to the business, and to define how it should be protected. In addition, organizations need to understand how many points of failure there is in the data-center and have documented scenarios for fixing the issues fix (if exists).
Determine Recovery RTO & RPO
Recovery Point Objective (RPO) describes the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or “tolerance.”
The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
In order to commit RTO & RPO, organizations need to create automated processes for shorten “go to DR process”. For example, if organization need to recreate DNS records or even to whitelisting IPs in local \ cloud firewall.
When moving to DR it possible that it will be necessary to notify organization customers and \ or internal users about the critical and committed RPO. Creating the list in advance will save a lot of time and “background noises”.
Roles and Responsibilities
Most organizations set up a war room when DR is needed, but not all organizations split the responsibilities between team members. Creating list of roles and responsibilities in advance will save a lot of time and prevent people with nothing to do to be inside the war room.
Annual DR Drill
Annual drill will help organizations to find places for improvement inside
the DRP process and to fix then offline. In addition, for some compliance’s DR drill is required.
Let us know what you think in the comments bellow or in our new Forums