1. A plan
As simple as it may sound, a thorough Disaster Recovery (DR) plan is critical to ensuring you can quickly recover from a disaster. The plan should contain a step-by-step process that considers the various issues that can occur during a disaster. Once a DR plan is developed, it should be printed out and stored in an accessible onsite location like a disaster recovery war room. A duplicate soft copy should be saved in other locations such as your IT consultant/solution provider’s network in case you need to access it remotely. The plan should be updated on an ongoing basis and will eventually provide for every scenario as part of the organization’s crisis management plan.
2. A trusted partner
With limited budget, nearly half of all small businesses find it difficult to have a dedicated IT department. To help ensure your business IT needs are being met you should look to a solution provider to help meet your company’s needs. Solution providers bring experience and best-of-breed solutions to the table and allow you to focus on the business
3. Establish processes so backups occur regularly
One of the biggest mistakes organizations make is not performing nightly and weekly backups. IT systems can be brought down for a number of reasons, including hardware failure, human error, natural disaster or improper security processes. Policies and processes should be implemented and automated as much as possible to ensure they are completed. It is critical to back up data regularly and store extra copies of this data offsite. Regular auditing of these processes should also occur.
4. A disaster recovery committeeThe disaster recovery (DR) committee should include the entire IT staff, executives responsible for IT, Human Resources (HR) and those business managers who seem appropriate. It is also important to review the plan during executive meetings to ensure all parties understand the process. As the organization grows additional divisional and group heads should be added as appropriate.
5. A communications planOrganizations often make the mistake of not communicating to employees in times of crisis. Multiple modes of communication should be employed and coordinated through HR to regularly update employees. Also important is communicating the overall plan with employees and DR committee members.
6. Backup and recovery software
Backup software will help ensure that your data is safely backed up in case of an unforeseen emergency; while recovery software will enable you to quickly restore complete systems. It is important to remember that your backups are only as good as your ability to recover the information, systems and applications.
7. Remote access and management of servers
IT staff or an IT consultant should have access to a web-based console to manage servers and other assets from a remote location in the event of an emergency. By establishing these access points IT will be able to provide support and management of systems.
8. Access to archive and backups
Archives and backups should be stored at an offsite location to ensure that data can be recovered in case of a physical disaster. If a solution provider is used for the storing of data, they should be integrated into your disaster recovery committee. In addition, organizations should make sure they have access to data that has been stored offsite -- either through direct physical access or the Internet.
9. Commitment to your plan
It is not only important to stick with a disaster recovery plan but to also get approval and commitment to the plan from all parts of the company. Executives need to be committed to the plan and be aware of what steps are necessary to remain in business during a crisis. A recent Symantec survey indicated that C-level involvement in the DR planning process is declining. In the 2008 survey the number of executive-level participants dropped from 55 percent to 33 percent worldwide. Increased executive involvement has been shown to increase the success of DR plans.
10. Test, test, test
A study conducted in October 2007 by Forrester Research and the Disaster Recovery Journal found that 50 percent of companies test their disaster recovery plan just once a year, while 14 percent never test. Disaster recovery best practices say that the disaster recovery plan must be tested, revised, and updated regularly. Symantec recommends that companies test their disaster recovery environment regularly in accordance with the needs of the business.