IT Disaster Recovery– Building the perfect environment for meeting DR requirements

Article by Nitin Mishra



Some disasters get splashed across all media- some just create headaches for the affected organization. The right plan will get your business back on track quickly, whether you’re hit by a natural calamity or a disgruntled employee with super hacking skills. Here’s how to assess the situation, develop both short-term and long-term plans, and keep them updated.

  1. Decide who will head the DR initiative.The ideal person to head your IT DR planning and processes has to be someone who has familiarity across multiple disciplines, such as data storage, server virtualization, etc. However, if internal bandwidth and expertise is a constraint, then you can hire an IT consultant who has the requisite experience in DR planning and execution. A seasoned IT consultant will bring the designated staff member(s) up to speed. In case you already are outsourcing a significant part of your IT function, then you may consider outsourcing your disaster recovery planning and deployment as well.
  2. Decide the critical applications, data, systems and other resources that need to be protected andrecovered immediately in event of a disaster. When you make this assessment, determine the data that is not so critical enough to warrant protection under a DR umbrella.
  3. Conduct an internal risk assessment of the organization including a simple classification of threats i.e. environmental (earthquake, floods, etc), technical (server failure, network failure, etc) & human (hacking, virus, etc) and vulnerabilities (such as an unpatched operating system or unprotected network). Rank them as “low/medium/high”depending on the probability and impact of each potential threat.Based on the critical nature of each potential threat, determine what type of response will be required to recover from each.
  4. Based on the outcomes of your internal risk assessment and overall service-level requirements, establish recovery time objectives (RTOs) and recovery point objectives (RPOs). However, beprepared to modify your RTOs and RPOs based on what your organization is able and willingto spend. Business continuity disaster recovery strategies always involve a set of tradeoffs between the value andrecoverability of critical data and applications, and the resources required to plan, set up, testand execute your DR processes.
  5. Set your organization’s priorities and a budget – focus on the most critical resources first.Plan your spend prudently and base it on the appropriate value of the systems, data, applications andprocesses that you want to protect. It will be good toconsider the cost of downtime and lost data should youfind yourself less than fully prepared.
  6. After developing your initial plan, qualify, procure and/or license the necessary technology and product components to set up your DR processes. Choose disaster recovery best practices that fit well with your IT competencies and level ofinfrastructure. Pace yourself – it pays in the initial stages to set aggressive but realisticmilestones you can achieve each quarter. Educate and evangelize your staff on the importance of DR to ensure success of the DR initiative in your organization.
  7. Accelerate your learning and broaden your perspectives on DR by engaging with other IT professionals. Attend disaster recovery conferences,participate in disaster recovery-related forums (both onlineand offline),obtain certification from recognised BC / DR institute and share ideas, best practices and lessons learned.
  8. Be ready and commit for a long journey. If your DR initiative has to succeed, then it should be imbibed as an ongoing, visible, living and breathing process in your organization. DR is a never-ending journey where there will always be room for further improvement.