The DRP Guide, Part One: Preparing for Disaster Recovery Planning
Data Center Maintenance
Disasters are more common—and more diverse in nature—than many IT pros expect
In North America, the news reported on an early subtropical storm on the East Coast in May and now the potential for a first Pacific storm of the season in June. In many areas of the country, that means increased focus on disaster planning.
It’s a subject we like to return to each year as a reminder. Disaster Recovery Plans, or DRPs, exist in files the world over. Sadly, many of them are developed as part of a rote exercise, simply because “IT should have a DRP.” Many organizations haven’t reconsidered the DRP since its inception, let alone tested the processes it puts in place.
Disasters are more common—and more diverse in nature—than many IT pros expect. We could each rate our vulnerability to tropical storm, tornado, or tsunami-induced nuclear meltdown, and (depending on location) consider the possibility of such disasters pretty low and thus DR planning pretty unimportant. But what will happen in case of blackout, severe internet failure, theft of core equipment, or a simple spike in data center temperatures caused by a failing A/C unit?
The DRP should take into account all of these possibilities and offer a solution that can be implemented to recover in the face of any disabling event.
To help in creating or refining such a robust, meaningful disaster recovery plan, we’ve put together a complete guide to DRPs, starting here with what to do before you embark on the DRP document creation (or updating).
That’s right. The first steps of the DRP process may not be found in the pages of the DRP itself. Rather, they are goal-setting exercises and business reviews that will ensure that all stakeholders agree on the definition of a successful recovery and that the enterprise is investing adequately (but not too much) in preparation and recovery to make it happen.
The pre-DRP process entails at least four key actions:
- Assessing downtime tolerance. Before you can plan for recovery, you need to know what the expectations are. For a company reliant on real-time, mission critical software, a few seconds of downtime is costly, so recovery expectations and investment in preparation will be high. For smaller or less tech-focused enterprises, longer outages may be acceptable and a less robust and expensive DR solution may suffice. Of course, downtime tolerance often changes over time; e.g., as the business grows, products or services evolve, or customers with higher expectations come on board. Update the DR team’s understanding of expectations so the plan can be modified accordingly.
- Review your SLAs with customers. What obligations do you have to customers in the case of a disaster? For example, how soon can they expect to access a web-based service or mobile app? How soon should employees be able to get on email to communicate with clients? Keep these SLAs in mind as your create or review the DRP to make sure that the processes will enable you to meet all legally binding targets.
- Set recovery objectives and timeframes for each application. It would be great to have every application back up within seconds of a disaster-induced failure, but that’s rarely feasible from both a technical and financial perspective. Identifying reasonable recovery goals at the granular level of each application will enable a cost-effective level of DR. These should align with the SLA guarantees above, so that the business does not face complaints, bad PR, or even lawsuits after a disaster because contractual obligations cannot be fulfilled.
- Review vendor SLAs. Make sure that all vendor and supplier SLAs include DRP provisions and that they are adequate to your needs. Obtain DR commitments from any vendor where they are lacking, and consider switching providers if they cannot supply reasonable guarantees. It’s definitely worth putting DRP on the regular vendor contract negotiation and renegotiation checklist!
Armed with this insight into what the DRP is expected to achieve, you can then begin to create the guide that will enable employees to follow through.