When using the phrase “disaster recovery plan,” it is important to distinguish between different types of plan. IT recovery plans are unique in that their importance in the 21st century has been raised to the level of mission critical. Few businesses that exist in the global marketplace can successfully operate without IT being involved in the process.
One of the problems in discussing disaster recovery plans with non-technical people is that much of the information and terminology is – well – technical. That puts the business owner at a disadvantage because although they can follow the steps in creating a plan, with a big assist from IT professionals, understanding the importance of the detailed technical aspects may not be possible until a disaster strikes. Should any of the recovery steps fail or are found to be adequate, gaining understanding will come at a heavy price.
Understanding Over Specific Knowledge
The goal here is to communicate some understanding about the technical aspects of a disaster recovery plan. Instruction on technical details will do most business people little good. Providing some reference points for owners who want to take it to the next level is a more useful approach.
The first reference point, and the first broad concept about a disaster recovery plan, is provided by ISO/IEC 27031. It is the international standard for establishing business continuity for IT and communication systems, and has a section that deals specifically with disaster recovery plans. The document requires that businesses have a strategy and a plan. These are not two separate functions but the plan is the result of the strategy.
Above all considerations is the continuity of your critical systems and data. You can organize the strategy by business function or corporate department. Each part of the larger whole needs to be analyzed and its purpose within the context of the continuity of the business defined. Once this is done, then the entire company business process is examined to determine the priority of the individual pieces.
As with any organization, people are the non-technical but critical part of keeping the business running in the event of a disaster. Who can be immediately available and who has the necessary skill sets to implement the disaster recovery plan are essential components of the strategy.
Use of the cloud as an alternative physical location for critical data is an increasingly low cost and effective plan to integrate into the company strategy. Beyond having the physical equipment offsite, it also puts the key responsibilities in the hands of specialists who are able to respond quickly and effectively. This does not release the company from the necessity of creating a disaster recovery plan, but instead puts its critical parts at a location that is out of harm’s way.
Step by Step
After developing a strategy, the next consideration is incident response. This is a step-by-step set of instructions on what to do in the case of a disaster event. This document gives those step-by-step instructions that will be tailored to your specific business. Because there are global standards, some of the work has already been done for you.
While the disaster recovery plan is a critical part of a business and can get very technically involved, what the business owner needs to know are the broader concepts of what the plan does and how it is implemented. The concepts educate management to the point where they can ask intelligent questions and sift through the technical jargon that will likely be part of the answers. One unusual aspect of the disaster recovery plan is while it needs to be adequately prepared, it is a creation the company hopes it will never have to use.