Asigra assembled this list with the help of its service provider partners, many who support businesses in regions impacted by recent natural disasters, including Superstorm Sandy. Here is the 10-point list for disaster recovery planning:
- Have a Written Plan that Evolves with the Organization
Create a formal disaster recovery plan in case servers and local backup systems are damaged or destroyed. Put that plan in a secure location such as a lockbox service online and regularly update as infrastructure throughout the organization evolves.
- Avoid Windows (Not the Microsoft OS. The glass kind.)
Locate your data center (regardless of size) in a windowless room to minimize the possibility of rain damage.
- Emergency Power
Consider the implementation of uninterrupted power supply (UPS) systems on mission critical servers and systems that will allow for the smooth transition from primary (utility) power to emergency power systems during a power outage.
Be mindful of where IT systems are located to avoid damage resulting from floods, bursting pipes and the fire department. Where possible, locate critical servers, storage and systems above street level and avoid basements and other areas where water can accumulate. In single-story facilities, rack critical systems as high as possible above the floor to provide an additional measure of protection.
- Embrace Geographic Diversity
In the event of a large-scale natural event such as a hurricane, a regional disaster such as a tornado, flood or earthquake or even a localized disaster such as a fire, your data should be backed up in a geographically distant location to allow for remote recovery to a recovery site. Consider data recovery solutions that provide redundant data protection in a location that provides significant separation of the recovery location from the primary data center.
- Have a Local Backup
Having a local backup copy will be crucial if the primary business location maintains power but loses Internet connectivity and needs to recover server data.
- Define Disaster Recovery Service Level Agreements (SLAs) and Conduct Training Drills
Defining SLAs for recovery is essential as businesses may need instant recovery for some information (explore instant recovery capabilities on virtual machine platforms to get back up and running as quickly as possible), while waiting longer periods of time for lower priority data recovery that are less likely to impact operations. However, having such recovery policies and SLAs needs to be an essential part of the DR plan to ensure data can be recovered using the most effective method. Confirm the ability to recover effectively by engaging IT staff to participate in regular disaster recovery drills (recovery testing) to ensure recovery effectiveness. Ensure that data in the backup repositories is indeed recoverable. Also, make sure people have the necessary training to perform recoveries and are well versed with the procedures to recover.
- Identify a Minimum of Three Business Site Failover Locations
This will allow remotely backed up data to be recovered via Bare Metal Recovery (BMR) to servers at the recovery site location and allow critical business functions to continue in the event the primary site is lost.
- Employee Communication
Planning and testing are great preparatory tools, however, the events of an actual disaster will almost always bring the unexpected. It is recommended to have an offsite emergency website that all employees can access. With this site, real time information can be communicated to employees.
- Business Continuance
In a disaster, prioritization is the key. Making sure the most important business functions operate effectively will be critical. Support from employees will play a big part. They need to be capable of performing key business services. Make sure all employees in critical business areas understand exactly how they will connect to the recovered servers and perform their jobs.