| If you've ever spent a few nervous days | | | | - Human error, such as a data deletion or data |
| awaiting the recovery of critical information, you | | | | entry error |
| know that when your technology is down, your | | | | - File corruption, such as viruses |
| business goes down with it. From fires to floods, | | | | - Storage loss, such as RAID controller failure |
| from a computer virus to the intern who just | | | | - Server failure, including computer failure, error, |
| spilled coffee all over the server - you need a | | | | or theft |
| plan that will get you up and running again, with no | | | | - Site disaster, such as fires, floods, and |
| hassles and minimal downtime. | | | | hurricanes |
| A good data recovery plan can save you | | | | A simple chart can organize your RPO and RTO |
| thousands of dollars in lost productivity, lost | | | | times for all business function and data by priority |
| profits, and costly last-minute information | | | | for each type or class of disaster. When you |
| recovery. It's the best insurance you can have so | | | | complete this step, you have analyzed and |
| that when disaster strikes, your business is | | | | prioritized your company's business requirements |
| protected. This plan of action will help you keep | | | | and established a timeline for restoring critical |
| your information safe and prepare you for any | | | | business processes after any type of disaster. |
| type of technology failure or office calamity. | | | | Armed with information, now it is time to write a |
| Follow these five simple steps to create your | | | | plan. |
| own IT data disaster recovery and continuity plan. | | | | Step 4: Take Action; Make a Plan You know |
| It's a great start to ensuring that your vital | | | | what's important. You understand how long you |
| information is protected, come wind, rain, fire - or | | | | can go without important business processes and |
| double espresso. | | | | how long it's going to take to get it back, whether |
| Step 1: Know Your Priorities To get started, you | | | | your office has been hit by a hurricane or a |
| need to identify the most important business | | | | company-wide computer virus. Now, it's time to |
| functions, including critical data and equipment that | | | | turn that information into your official business |
| runs your business. Take a step back and ask | | | | data recovery plan. A good recovery plan should |
| yourself: If you were forced to do business with | | | | include step-by-step instructions for recovering |
| limited equipment, minimal staff, and less-than-ideal | | | | your critical information and getting back to |
| working conditions, what would you absolutely | | | | business after a disaster. Of course, this plan will |
| have to have to keep your company going? Start | | | | vary depending on the needs of your business, |
| taking an inventory of "must haves." They'll | | | | your company's specific system requirements, |
| generally fall into three main categories: | | | | and information priorities. As you write your |
| - Mission Critical Information: Many | | | | recovery plan, it's important to look at your |
| customer-facing activities like payroll and | | | | current data backup and recovery procedures. |
| accounting software, email, customer invoicing, | | | | Most companies use tape, disk-to-disk, remote |
| contracts, and files for current projects fall into | | | | backup services, or some combination of the |
| this category. This is the information that your | | | | three. Your plan of action should be tailored to |
| business can't live without, even for a few days. | | | | work with the type of data storage procedures |
| Critically important to your daily business | | | | that you use, including instructions for: |
| operations, this information requires continuous | | | | - How often each set of information is scheduled |
| data protection with zero loss and zero downtime. | | | | to backup |
| - Business Critical Information: Loss of this | | | | - Which computer systems need to be backed |
| information won't put you out of business. Doing | | | | up, including backups for full systems or data only, |
| business without it will make your company's | | | | documented for each server |
| operations more difficult. Information such as | | | | - How often restores are tested |
| departmental databases and secondary software | | | | - The number of generations of data that need |
| often fall into this category. A day or two without | | | | to be stored for each computer and data set |
| Business Critical Information won't put you out of | | | | - Information for restoring to virtual servers and |
| commission, but your ability to service customers | | | | separate servers, including hardware changes |
| will be seriously impacted. | | | | - For data only backups - locating media with |
| - Operationally Important Information: | | | | operating systems, programs, passwords, and |
| Operationally important Information and equipment | | | | license keys |
| includes things like departmental files, file servers, | | | | - Contacting the primary and secondary people |
| or printers. The items in this category are usually | | | | responsible for information restores |
| easy to replace or rarely accessed, making them | | | | If you are using a tape-based system to store |
| a lower priority for data recovery. Keep in mind | | | | your information, your plan will also need to |
| that just because data is rarely accessed doesn't | | | | consider: |
| mean it is not important. Historic and support | | | | - How often and how far tapes are rotated |
| information for things such as tax returns, | | | | off-site |
| personnel files, and medical records may be rarely | | | | - Tape drive cleaning procedures and expected |
| accessed, but this information is extremely | | | | life of your media |
| valuable during an audit or a lawsuit. | | | | - Replacing media regularly |
| Step 2: Develop a Recovery Timeline to | | | | - Protocol for emergency tape retrieval from |
| Determine the Acceptable Level of Data Loss | | | | off-site location |
| Once you've identified the business functions and | | | | - Weekly tape testing and information restoring |
| information you need to keep your business | | | | - Keeping at least a 20 tape backup rotation |
| running, it's time to figure out how long you can | | | | - Making sure data is fully encrypted before being |
| go without it. This section of your data recovery | | | | written to tape |
| plan should address two key points: | | | | - Storing tapes between 41 and 89 degrees at 20 |
| - Recovery Time Objective (RTO): RTO is the | | | | to 60 percent relative humidity |
| amount of time you can operate without your | | | | Examine your tape rotation schedule and your |
| information. The RTO can fall anywhere between | | | | company's exposure to business loss. For |
| a couple of minutes to a few days, depending on | | | | instance, if you rotate tapes off-site every Friday, |
| the type of data failure. For example, your RTO | | | | you are at risk of losing seven days of business |
| will allow more time to recover data after a | | | | activities. The cost of recreating this information |
| hurricane than it will after a computer virus. The | | | | after a seven-day loss can be devastating. On the |
| RTO is also relative to your information priorities: | | | | other hand, if you rotate tapes off-site every |
| Mission Critical data, for instance, will always have | | | | day, you are only at risk for losing one day's |
| a shorter RTO than Business Critical or | | | | worth of information, which is generally a |
| Operationally Important data. | | | | best-case scenario for tape-based backup |
| - Recovery Point Object (RPO): RPO is the | | | | systems. Recovering from even one day can be |
| amount of minutes, hours, days, and weeks' | | | | too costly for some businesses, but it might be |
| worth of information that your business can | | | | acceptable for others. |
| afford to lose. For example, if your business | | | | One of the best ways to minimize information |
| generates a significant paper trail before data | | | | loss associated with tape-based systems is to use |
| re-entering lost data may not be too difficult. If | | | | a managed backup service provider. A remote |
| you enter data directly into computers | | | | backup service can reduce your risk of loss to |
| (paperless), it is impossible to recreate the lost | | | | only a few hours, or, in some cases, zero data |
| data. Since no data loss is acceptable in this | | | | loss. The important role of this exercise is to |
| scenario, you will need a reliable disk or remote | | | | understand the risks associated with your current |
| backup system with continuous data protection. It | | | | information recovery system. |
| is important to note that RPO is also dependent | | | | Step 5: Identify the Players (and the |
| upon industry and government regulatory | | | | Benchwarmers) Once you have a plan, you need |
| requirements, like those associated with HIPPA | | | | a reliable team who can take action if disaster |
| and Sarbanes-Oxley. | | | | strikes. Will your IT manager restore your |
| Step 3: Consider the Possibilities Define your RTO | | | | server's after a disaster? Your remote backup |
| and RPO for every data loss scenario. Different | | | | service provider? A combination of the two? |
| scenarios result in different recovery times. For | | | | Additionally, you will need to designate alternates |
| example, it may take several days to recovery | | | | for these players. In cases of larger disasters, like |
| after a building fire, which requires the execution | | | | a tornado or a flood, some of your emergency |
| of a broad disaster recovery plan that includes a | | | | team members may be unavailable or unable to |
| new physical location, employee management and | | | | reach your site. Appointing alternates for these |
| phone service set up. Compared to a server | | | | key members and exercising your DR plan, |
| failure, which often means several minutes to an | | | | assures that someone is ready to get your |
| hour of downtime, your RTO and RPO will be | | | | business up and running. Make sure you managed |
| considerably longer for a site disaster. The most | | | | backup service provider has a DR plan as well. |
| common types of data loss scenarios are: | | | | |