It is hard to imagine a business today that does not rely upon Information Technology systems. Even if it just emails and some files in a folder, losing access to them or the data in them, would likely be critical for the organization. Keystone serves small to medium sized businesses, and at a minimum, every one of them have at least three critical systems: email, document files, and financial or ERP data. Most have several key applications, which may be housed on local systems, private clouds hosted by Keystone, or public clouds like Microsoft O365 and SalesForce.com.
Over the next few blog articles, we want to inform you about Disaster Recovery plans, technologies, gotchas, and other helpful info.
There are two groups that should be concerned with this: business leadership that are working for the long-term success of the organization, and internal IT leaders and engineers who need to manage these systems, or oversee those who do. We will try to address the needs of both. In this post, we are keeping it less “techie”, and engaging the business leadership.
Why do I need an IT Disaster Recovery Plan?
This is really a question of what is the Impact of Loss of Systems or Data? A business leader is concerned with the losses involved in a disaster. This can be roughly measured. Just add the following:
- The cost to continue operations manually, with no systems support (if that is even possible). This would be a factor of employee or contracted labor costs * the number of hours to do the operation without systems * the cost per hour for each resource.
- The lost revenue due to cancelled orders.
- The cost of discounts in an attempt to satisfy unhappy customers.
- Long term lost revenue due to customers leaving and never coming back.
- The cost of any temporary IT measures (leasing equipment, added IT engineer labor costs at emergency rates, etc.).
- The cost of lost raw or finished goods due to expiration.
- The cost to enter or re-enter data when (and if) systems are restored.
- Higher employee turnover due to longer hours and more work.
- The lost good will value of the business due to lost market reputation.
Generally, you cannot assume your insurance policy will cover all of this. In fact, like most insurance, your costs may increase as a result of a claim. Some of these costs are almost inestimable.
These are all the costs and losses you will likely encounter, but the real issue the survivability of the organization. A FEMA study showed that 40-60% of businesses that lose their data will never recover and will shut down. This is because of the inherent value of the systems and data, and the inability to compete without them.
What is an IT Disaster Recovery Plan?
An IT Disaster Recovery Plan (IT DRP) is a formal plan to largely do two things: Avoid losses through protective measures and respond when production systems are lost. In the first case your IT Team will review all systems for vulnerabilities and monitor them for issues which may cause downtime. Examples of these issues are security breaches, equipment failure, and facility or geographical disasters. In the second case, should one of the issues occur, there must be a written tested plan that can be enacted to quickly restore operations.
You may think that the chance of a hurricane, tornado, fire, etc. are so low, why bother with planning for that risk. But most IT DRPs are activated due to hardware failures (45%), security breaches, extended local power outages, internet outages, or personnel errors on systems.
It falls under the category of System and Organization Control (SOC) analysis, with a defined, written plan to account for every system and its business function, owners, how it is backed up, how and when it would be restored, a communications plan, a key contact list, and more.
The plan should consider the types of disasters that could occur; for example, a loss of the server room due to fire would require a different response than data being encrypted in a cybersecurity attack.
This plan must be reviewed regularly and updated with each significant system change.
When you consider the variance in all the factors, you must conclude there is no one-size-fits all plan. The structure or heading of the plan may be similar, but the content must reflect your organization, and be kept up to date as it changes.
Finally, the IT DRP is part of a broader Business Continuity plan, which may encompass elements like facilities, employee assistance, shifting operations to third parties, inventory replenishment, and communication with vendors and customers.
Consider Keystone’s Sarge for your IT Disaster Recovery Plan
Your systems and data are essential to your ongoing operations and long-term success. Keystone has developed a world class IT Disaster Recovery planning, backup, and recovery suite for small – midsized businesses (up to 1,000 users or more). It is called SARGE by Keystone and provides tactical business continuity that will help you develop a technology plan and put it in place. restore the applications that run your business and get your entire IT infrastructure functional again.
Learn more about SARGE.
Next month we will consider the components of a good IT Disaster Recovery Plan.