Five Best Practices for Business Continuity and Disaster Recovery

In our previous post we defined business continuity and disaster recovery, distinguished between a business continuity plan and a disaster recovery plan, and motivated why you need these. Today’s post deals with best practices when it comes to disaster management and ensuring business continuity.

Best practices are those practices that render the best results with the least amount of effort based on tested procedures. But, before we discuss best practices, and before compiling your BCP and DRP it is worthwhile considering what types of incidents or crises you should make provision for. Below we have listed the types of incidents or crises that could occur:

  • Natural disasters – as the title indicates, these are disasters that you have no control over: fires, floods, earthquakes, etc.
  • Malicious attacks – malicious attacks are not limited to ransomware or hacking; vandalism, riots, terrorism and reputational threats all mean your company harm and can lead to data loss. 
  • Technological disasters – these include computer network failures, hardware failures or problems associated with using outdated equipment.
  • Human error – disasters are not always natural or malicious and human error is as big a consideration. For example, employees can accidentally delete important data, bring in external devices that contain malicious software or something as simple as a discarded cigarette but can cause a fire and data loss.

In what follows, we discuss 5 best practices to prepare for disaster and ensure business continuity:

 

1. Design a business continuity plan that ensures that all components can be accessed in the event of a disaster

The purpose of a BCP does not end after its creation. No matter how much time you have spent compiling the perfect documentation and allocate the appropriate resources, if these are not available on demand when disaster strikes, your BCP has failed.  The main aim of your BCP should therefore be unhindered access and, to this end, the files should be saved in a consistently available location.

2. Update your business continuity and disaster recovery plans in line with organizational changes

As your organization’s operations may change between compiling your BCP and DRP and when a disaster may occur, it is important to keep your BCP and DRP up to date. A practical example to demonstrate: You have compiled and tested your BCP and DRP; both plans have proven to work. Six months later, your organization has changed from running its application system on-prem to running it in the cloud. All the hard work to compile and test your BCP and DRP would have been for naught if you did not update your plans in line with this change and you won’t be able to recover anything quickly and so ensure business continuity. Change management is therefore an important component of a successful BCP and DRP.

3. Perform realistic tests to ensure it works.

As mentioned above, it is crucial to test your plan to ensure its successful execution. In the chaos that ensues in the face of a disaster, an untested plan will undoubtedly fail. When testing your BCP and DRP you should therefore consider all possibilities from the smallest systems fails to the entire business being wiped out by a tornado. Your plan should furthermore clearly indicate what is working and what not. This will lay the groundwork for maturation of your plan over time which will ultimate see your business continuity being maintained and any business losses of revenue or customer trust, curbed. A final benefit of testing is that it can serve as practice training an anticipation of the real disaster.

4. Keep full copies of critical data offsite

If, for example, your organization stores its primary data in location X, it is not sensible to store your secondary backup 30 miles away. Natural disasters (fires, floods, earthquakes) will still affect the secondary data center and so hamper operations. A copy of critical data and services should be kept at least 150 miles away from the primary data center. If, for operational reasons, you have to keep the primary and secondary data centers in close proximity, approach an expert consultant to assess the particular case to establish where close proximity is indeed a requirement.

5. Empower your personnel

Your personnel as the frontline of your organization and the backbone of your operations, should be trained and empowered to execute your BCP and DRP.  Personnel that has not been properly trained to use your BCP and DRP in the event of a disaster, will cause more disruption. Ensuring your personnel is prepared and has the knowledge and skills to face a critical event will not only reduce downtime but also increase performance through wiser use of IT assets

Our next post will discuss the critical components of a well-designed business continuity plan.

Securing your company’s data via cloud disaster recovery solutions is crucial to protect your business in the event of an unforeseen disaster. Stage2Data is one of North America’s most trusted cloud solution providers, offering secure data management at a cost effective price. Contact our team for more information today.