Disaster Recovery Planning
Disaster recovery planning is the process of developing detailed, step-by-step procedures for responding to and recovering from disruptive events, such as natural disasters, cyber attacks, or system failures.
Goal
The primary goal is to minimise the impact of disasters on operations, ensuring the quick restoration of essential services and safeguarding data integrity.
Context
There are periodic high profile cases where companies have suffered significant downtime due to unforeseen events such as electricity outages, natural disasters and cyber attacks. It is important to have a plan in place to recover from these events.
Recovery Types
| Recovery Type | Description | Speed of Recovery | Cost |
|---|---|---|---|
| Hot Site | A fully functional replica of the primary data center, kept up-to-date and ready for immediate switchover in case of disaster. | Immediate | High |
| Warm Site | A secondary data center with the necessary infrastructure (power, cooling, network) but with applications and data not constantly replicated. Requires some time to activate and configure before becoming operational. | Hours to Days | Medium |
| Cold Site | A basic facility with power, cooling, and network connectivity. Offers the least expensive option but requires significant time and effort to deploy applications and data for recovery. | Days to Weeks | Low |
Inputs
| Artifact | Description | Benefits |
|---|---|---|
| Risk Assessment | An analysis of potential threats and their impact on operations. | Informs the prioritisation of recovery efforts and resource allocation. |
| Business Impact Analysis (BIA) | An evaluation of how different disaster scenarios would affect various aspects of the business. | Helps identify critical systems and applications that require prioritised recovery. |
Outputs
| Artifact | Description | Benefits |
|---|---|---|
| Disaster Recovery Plan | A comprehensive document outlining specific steps for recovery from various types of disasters. | Provides a clear, actionable roadmap for rapid response and recovery efforts. |
| Recovery Tests Drills | Simulated recovery exercises to validate the effectiveness of the disaster recovery plan. | Identifies gaps and weaknesses in the plan, allowing for continuous improvement. |
Anti-patterns
- Lack of Regular Testing: Failing to regularly test and update the disaster recovery plan to reflect changes in the environment or business operations.
- Overlooking Non-Technical Aspects: Focusing solely on IT recovery and neglecting the impact on people, processes, and external partners.
- Insufficient Communication Plans: Not having clear communication strategies in place for coordinating recovery efforts and informing stakeholders.