11 Essential Elements of a Business Disaster Recovery Plan8 Min Well Spent

Many of us remember Hurricane Irma which rocked the South East United States in 2017, potentially disrupting 2,108,378 (yes – 2.1 million) businesses in Florida alone. Of these 145,415 businesses were located in Hillsborough County.

While some business survived unscathed, many were not so lucky. Businesses experienced downtime that lasted days or weeks. Without power, phone service and internet – your business is already hanging in the balance. 

Just add water or fire damage which could easily wipe out the precious data your laptops, workstations or servers contain, and you’ll have a recipe for a business disaster you might not be able to recover from.

Ensuring that your assets, data, and hardware are protected is only part of a disaster recovery plan – the rest is done by determining a process for how quickly you can get back online and operational again.

Rather than scrambling to put the pieces back together after a major storm, it’s time to put a plan in place. Here are 11 key elements of a disaster recovery plan:

Table of Contents

Communication Plan

When your business faces the unexpected, stress levels will be at their highest and things are going to get hectic. You’ll need a communication plan that effectively keeps everyone on the same page.

Your communication plan should include documents that have each employees’ updated contact information. We recommend creating email templates for internal employees, in the event of a disaster you’ll be able to quickly let your internal stakeholders know the status of your office and systems, whether they are expected to show up to work, and timelines to set expectations.

During high-stress times, people need reassurances and to know what the next steps are, considering including the following:

  • Depending on the circumstances, advise staff to avoid discussing the disaster until they’ve been directed to

  • Make sure employees understand they still have jobs

  • When and where personnel should report for work

  • How duties may change during the disaster recovery process

  • Any precautions that employees should be mindful

  • Key client communication strategies (if they are contacted by clients, how should they respond)

  • If employees will be paid the same way, when and how they can expect to be paid

  • You’ll likely have client deliverables and projects in the works – if your business encounters a situation that that prevents you from delivering on time, you need to let your clients know as soon as possible.
  • Having clear, concise and honest emails ready to update your clients in the event of business downtime will go a long distance in building and maintaining your existing relationships.
    Ensure that these messages set expectations, minimize confusion, and garner trust that when your team is back online, your company will deliver on any open projects as soon as operations are restored.
Disaster Recovery Plan: Role Assignments

Employees have a critical role to play in reestablishing operations following a disaster. The effectiveness of your communication and role assignments can increase or decrease your Recovery Time Objectives (RTO), the projected duration your business needs to restore operations within.

Your employees need to understand exactly what their role is and who is responsible for setting up workstations, procuring equipment that was damaged, redirecting phone services, assessing damages, and updating clients, as well as assessing data loss. 

With clear assignments and expectations in place, your team can work more efficiently to bring systems back online and minimize negative impacts following a disaster.

Disaster Recovery Plan for Physical Equipment

For businesses located in areas with seasonal natural disasters like hurricanes or tornados. It’s important to have a plan in place that protects your equipment from adverse weather.

The first step is safeguarding your electronics from water damage, which means moving any equipment off the floor, into a room without windows, and creating a barrier against water by wrapping electronics securely with heavy-duty plastic wrap.

If able, we recommend sealing your equipment in waterproof containers or bringing critical hardware like servers off-site to a safer location.

Data Continuity Plan for Information Systems

Data continuity is essential for every company, large or small, as it provides business systems resilience in every aspect. Taking an inventory of your data storage locations is a critical step when creating your disaster and recovery plan.

You’ll need to document and understand where exactly your data is stored, who has access, and what data is vital to business operations versus non-critical files or systems.

For a truly effective data continuity plan, you’ll need to ensure that your business is utilizing regularly scheduled image backups of your servers and critical workstations, preferably in the cloud or off-site, to ensure a backup copy is always available and unaffected by a local event.

Backup Testing and Validation Procedure

Your disaster recovery plan is only as good as the outcome of your last test. Be sure to backup your data in regular intervals, we recommend completing a full backup of all servers at least on a weekly basis.

Also, be sure to follow what is known as the “3-2-1 data backup rule”: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.

A graphic showing the 3-2-1 backup rule, a key tenant of any disaster recovery plan.

Why do we need redundancies? Simple – technology fails and accidents happen. By following the 3-2-1 data backup rule, you reduce vulnerabilities from a corrupt backup, hardware failure or a disaster.

Temporary Backup Server Strategy

Any Disaster Recovery as a Service (DRaaS) provider worth their weight will implement off-site cloud-based backups using a system like Veeam which allows your team to take advantage of Instant-On Server technology to spin up an exact clone of your server in the cloud so that your employees can support business goals and continue working in the wake of a disaster.

Server replication can cut your hardware recovery times from days to less than 15-minutes, potentially saving your brand image and company thousands in lost productivity.

Emergency Backup Power System

Your business may not be able to control the power grid but installing a generator is an option, for most businesses, in the event of a power outage.

A generator could help save your company thousands in the long-term considering an average hour of downtime costs $8,000 for a small company, between short-term local outages to power outages caused by natural disasters that could last day or weeks, a backup generator will often provide an ROI just after handful of interruptions.

Before you purchase a generator, be sure to work closely with a certified electrician to help you identify the right system for your business needs.

Internet and Communications Failover

Outside of power, your high-speed internet connection is the lifeline of your business. A resilient, redundant, backup communications network is essential to business continuity and disaster recovery plans.

From unplanned temporary Internet outages to longer-term natural disasters and man-made threats, losing Internet connectivity and mission-critical communications can jeopardize business and organization operations, productivity, and safety.

Internet failover is best achieved by having a second Internet service provider (ISP) network as a backup when your primary ISP provider goes down. In the event of such a failure, businesses can manually redirect their IP addresses to the secondary failover network or automate the failover process.

For absolute protection, consider implementing a 4G LTE or 5G wireless internet failover to avoid disruption from cut fiber optic or major disasters that could affect your primary and secondary Internet Service Providers.

Employee Remote Work Plan

In some cases, it may not be feasible for some or all employees to return to the office. In this event, having a post-disaster “Remote Work Policy” in place will help ease the burden for your valued staff who want to work but may not be able to return to the office.

Make sure everyone understands the security guidelines for connecting from off-site (like only connecting to your shared networks through a VPN, not saving secure documents directly to their personal drive, or saving all work to saved networks for access by the rest of the team later).

IT Vendor Communication & Service Restoration Process

Every business has vendors and service providers that are essential to operations which is why it’s important to have an updated vendor contact list, you’ll know who to call and reach out to for support in the event of post-disaster recovery.

We recommend businesses update their vendor list at least once a quarter and store this off-site or in the cloud. Create an Excel spreadsheet (or Google Sheet) and store it online, you can then share it with each department head to update as needed.

Before and After Pictures of Your Office and Equipment

An often-overlooked item in a disaster recovery plan is having up-to-date images of your business, both internal and external.

You’ll want to have before and after images on hand to prove that the items affected were actively in use by your employees and that you proactively took the diligent steps to protect your equipment while preparing for a storm. It’s important that your team takes images before clearing any debris and damages before you start cleaning up.

Be sure to include as many images as possible from all angles before clearing debris and of your existing inventory or equipment and an itemized list of the value for everything your filing in your insurance claim. Generally, you should not throw away any damaged items until the claim’s adjuster has visited.

While hurricane season doesn’t affect every business across the United States, local and national disasters may. What disasters does your team need to prepare for? Keep reading as we help your business prepare to tackle any disaster the unexpected might throw your way.

What Kind of Disasters Do You Need to Prepare For?

First, you’ll need to outline the disasters that you should be prepared for. As they say, you should always plan for the worst-case scenario, and no event should be kept from consideration.

  • User Error: Everyone makes mistakes, and the results vary wildly from minor inconveniences to major problems that affect multiple users. This includes accidental deletions, shadow IT, and other issues that could place your business in a bad spot if unprepared for.
  • Key Staff Unavailability: What would happen if someone with important knowledge or permissions were to suddenly be away from the office due to some accident, personal emergency, or other reason? If this access is exclusive, your business could be placed in a precarious situation.
  • Equipment Failure: Most modern businesses rely heavily on technology of some sort, and that technology requires an infrastructure. If these were to fail, what would you do? Important processes and procedures could be interrupted.
  • Malware: Malware is a constant threat to businesses, and it has evolved over the years to become a force to be reckoned with. Considering how many different ways there are for hackers to initiate threats, you need to be vigilant at all times to avoid it from becoming an issue. Check out our cybercrime report to learn more about how cybercriminals are disrupting businesses and industries.
  • Natural Disasters: Most businesses fear natural disasters of certain types, and it’s largely due to their geographic location. Hurricanes, earthquakes, floods, electrical storms… these are all risks that businesses need to consider when planning out their disaster recovery plan. While not all organizations will be susceptible to the same types of disasters, they all need to have a plan to address the specific situations they might find themselves in.
  • The Unexpected: Some scenarios are impossible to imagine, so it’s best to simply prepare for anything.
How to Be Sure You’re Properly Prepared

When it comes to preparing and evaluating your data backup solutions, you should regularly go through the process to make sure that the strategy is sufficient. You need to make a routine out of it so that the plan can be administered in a moment’s notice.

Malware, natural disasters, and other threats aren’t going to wait until you’re prepared, so take time to evaluate your processes and ensure your employees are aware of them, too.

This frequent testing should be designed to evaluate the technical aspect of your disaster recovery plan, as well as your team’s ability to carry it out. As you collect data from these tests, you need to update the plan and resolve any issues that become known. There is no room for error in your recovery tests, as the future of your business depends on it.

Tests to Run

Here are some of the types of backup tests that you should administer on a semi-regular basis:

  • Walkthrough Test: This is simply a basic review of the plan, reading it over to ensure that everyone involved remains updated to any possible changes that may have been made.
  • Tabletop Test: Similar to a tabletop game, someone from each department comes in and is given a hypothetical disaster scenario. Each team member should explain what they would do in their given scenario. This is useful in revealing possible shortcomings in a business’ existing strategy.
  • Parallel Test: These tests are meant to evaluate how well the restoration process works, using a virtual machine to “restore” your system, which continues to run in your usual infrastructure.
  • Full Interruption Testing: This test is one of the most in-depth, but also the most risk-laden, as it could lead to actual downtime. In fact, some industries have regulations barring this kind of test, so be sure to double-check with your IT resource that this option is available to you.

Disaster recovery is such an important part of the success of your business that you can’t take any chances with it. The elements we’ve covered today provide a great foundation that every business needs to consider when developing a disaster recovery plan.

If your company is ready to take the necessary steps to protect your business and ensure can completely recovery in the wake of a disaster, call IT Support Guys today to learn how our right-sized Disaster Recovery as a Service (DRaaS) solution will safeguard your company from the unexpected. Speak with a Disaster Recovery Engineer today at 855-4IT-GUYS (855-448-4897).

Connect with Next Perimeter on Social Media

READY TO TRANSFORM YOUR CYBERSECURITY?

Switching to Next Perimeter is Simple, with No Downtime or Disruptions

1. Free Exploratory Consultation Call

Let’s dive into your specific needs, security challenges, and current technology set-up. We’ll collaborate with you to start crafting tailored solutions that align with your business goals.

Element - Arrows Dark

2. Identity & Device Assessment

Our experts will begin developing a customized proposal for your unique environment. We’ll perform a thorough assessment to finalize the scope, ensuring every aspect of your digital security is covered.

Element - Arrows Light

3. Schedule Your Seamless Onboarding

With your approval, we’ll launch your onboarding process. Our all-in-one security solution will seamlessly integrate into your existing infrastructure, implemented by our expert team for a smooth transition.

Search