Disaster Recovery Planning as Part of Your Business Continuity Plan
March 25, 2021 Categories: Banks and Credit Unions, Business Process Improvement, Data Security and Privacy, Regulatory Compliance Tags: Compliance, Data Privacy, Outsourcing
It’s easy to assume a downtime event will never happen to your company, but the truth is more than 50% of companies have experienced a downtime event that lasted a full workday in the last five years. Of the companies that experienced a major data disaster, 96% of those that had a disaster recovery plan survived while 93% of those that didn’t were out of business within one year. ¹
Protect your business by developing a business continuity plan that includes disaster recovery and invest in technologies, such as a Storage Area Network (SAN) system, which can optimize storage, improve cyber security and protect your entire infrastructure from the effects of a disaster
What is Business Continuity?
Business continuity planning (BCP) is the creation of systems to prevent and recover from a disaster. There are three primary goals for an effective business continuity plan:
- Prevent a disaster from occurring or reoccurring
- Enable ongoing operations during and after a disaster
- Return business operations to normal after a disaster
What is Disaster Recovery?
Disaster recovery (DR) is an organization's ability to respond to and recover from a data security event or natural disaster that negatively affects business operations. The goal of DR is to enable the organization to recover critical systems and IT infrastructure as soon as possible after a disaster occurs.
To prepare for this, organizations often perform an in-depth analysis of their systems and create a formal document to follow in times of crisis. This document is known as a disaster recovery plan. Your company’s BCP is not complete without a DRP.
Benefits of a DRP
Having a complete business continuity management plan, including a DRP, will minimize your recovery time and the economic impact of a service interruption, which is vital to the survival of your business. Here are the benefits of a DRP:
- Operations can continue from a secure and functional external location
- Data is backed up and archived, eliminating data loss
- Improved security and reduced potential of liabilities
- Prevention of further damage from rushed decisions and unforeseen factors
Establishing an alternative means of operation ahead of a disaster and, subsequently, training personnel with specific emergency procedures will facilitate a rapid and successful restoration of operations and revenue.
What is a Disaster?
When we think of “disasters,” we typically think of hurricanes, earthquakes, wildfires and (these days) global pandemics. But disasters can come from anywhere at any time. No business is immune.
Examples of real disasters that caused damage to companies:
- An earthquake that caused a data center to crumble
- Flooding from an old roof that collapsed during a storm
- Employees who abandoned their professional duties in a natural disaster
- Monkeys that caused a nationwide blackout (wild but true)
In business and life, it is safe to expect the unexpected. Having an effective disaster recovery plan can keep your company prepared for any situation.
Elements of an Effective Disaster Recovery Plan
Avoiding downtime due to a disaster will require having redundancies at a secure secondary location while your primary location is recovering from the disaster. This is especially important for companies that send out time-critical documents and cannot afford downtimes due to disasters.
Equipment and Technology Redundancy
Having the same equipment and technology at your secondary location is vital to creating optimal output. Mismatched equipment or technology can lead to a decline in quality and speed, possibly resulting in missed deadlines or even brand confusion.
Network and Bandwidth Redundancy
Creating mirror networks and bandwidth capabilities at your disaster recovery location will
allow for a smooth transition when a catastrophe does hit. Paired with data backup and archival, this will protect from potential data losses and failures.
Running equipment, technology, secure networks and large bandwidths all require a large power supply. Having a dedicated generator onsite at both your primary and disaster recovery locations is necessary to protect from any massive power failures and keep your operations running.
Hardware and Software Inventory
Ensure to have a detailed inventory of your hardware and software applications in priority order. Include each item’s vendor technical support information, including contact numbers as well as any contract or warranty data. This will enable you to get back up and running quickly in the event of a failure, with the information you need readily available.
Downtime and Data Loss Tolerance
Depending on your business and the services you provide, your tolerance for server and technology downtime may be a few days or just a few seconds. Identifying that tolerance level will give you a starting point for disaster planning. For each set of applications, determine what recovery point and recovery time objectives are acceptable. This will help prioritize survival measures, keep your DRP cost effective and lower the risk of over or underestimating what is recoverable in a disaster. Once you have identified those metrics, categorize your applications based on priority.
Appoint Personnel and Back-up Personnel
Define each person’s responsibilities during a DR situation, including who is responsible for making the decision to declare a disaster and who will alert the disaster recovery team and in what order. Staff on all levels should understand their role and how it fits into the whole process. This step is especially important when working with third-party providers. Each position should also have a backup in case the primary agent is unable to perform his or her duties.
When a disaster occurs, communication through regular channels, like phone and email, may be inhibited. Make a plan for communicating with your employees and instruct them on how to access the necessary systems to perform their duties. Your plan should include processes for initial and ongoing communications, in addition to how you will communicate with vendors and customers during this time.
Documenting and Testing
Each part of your plan should be written and distributed to the appropriate parties. Make sure that the plan, contact information and instructions are accessible without the use of phone or email so employees and others can reference the plan as needed. Test your plan frequently, at least twice a year, to identify and correct gaps. DRPs are rarely watertight on the first draft and you do not want to find out that you overlooked something during a real disaster.
Tech and Tools Needed for Effective Disaster Recovery
A backup refers to data copies of original files. Backups allow users to locate and restore original files but and allows for a quick and easy full recovery of stored files. They will typically be restored to secondary disaster recovery sites. Any data that does not have a backup could potentially be lost, so it’s critical to perform backups often.
Archiving is the storage of data that must be kept long-term to meet clients’ business rules, legal and compliance requirements, unlike backups that are often deleted after a designated time period. Back-up files are often needed for daily operation while archived data tends to only be used for compliance and regulatory purposes.
Continuous Data Protection
CDP is a continuous back-up system that copies data to a target system every time a change is made. This system reduces the recovery point objective to almost zero, meaning recovery can occur with virtually no loss of data. Management tools are necessary to establish when the most recent copies were made.
Some organizations substitute snapshots for CDP because of its better manageability. Instead of updating every time a change is made, snapshots are taken at regular, predictable intervals. Restoration is achievable up to the last restore point made, but anything beyond that point is lost.
By eliminating duplicate files and blocks, data duplication dramatically reduces the amount of data backed up every time. This reduces necessary storage space by up to 40:1 and optimizes bandwidth during remote backup, replication or DR.
Servers can be configured to allow redundant devices to take over from primary devices in case of failure, abnormal activity or scheduled downtime. In the event of a disaster, a secondary site would take over critical operations, enabling continuous function during and after the disaster.
What Happens if You Don’t Prepare for a Disaster?
Complete Data Loss
One of the most fatal results of disaster in the absence of a disaster recovery plan is complete data loss. You can imagine how devastating it would be for your business to suddenly lose everything. This happens to almost 17% of companies, often costing millions of dollars. ² Most businesses are unable to recover.
Shrinking Customer Base
Depending on your business model and services, business interruption can also be particularly devastating, as we’ve seen throughout 2020 and continue to see in 2021, thanks to COVID-19. Downtime costs money. Data loss and security loss causes downtime. You’re also likely to lose a significant percentage of your customer base. Long downtimes will make them question your preparedness for any type of disruption to business and word will spread quickly.
If your business can sustain a disaster without a recovery plan, it’s going to cost you. Replacing hardware, rekeying data, profit loss, productivity loss, customer loss and reputation damage are all going to seriously affect your financial position. The good news is a disaster recovery plan can minimize all of this.
How Does FSSI Address Disaster Recovery?
FSSI is a print and mail outsourcing service provider specializing in high-volume customer communications that help businesses maximize their impact and strategic value through customizable solutions. When you partner with FSSI for your critical communications, you get the benefits of being covered by multiple facility locations, state-of-the-art print and mail equipment, secure data processing, innovative backup/archival technology and an expert network security team.
Call 714.436.3300 today to speak to an outsourcing specialist to assess your customer communications.