First, determine why disaster recovery is needed. Is it in response to an audit finding? Is it a regulatory or...
legal requirement? Next, determine if some level of DR is already being performed (e.g., backing up data onto tapes, backing up data to a cloud service). Next, if there is no DR activity at all -- hard to imagine these days -- determine what kinds of disaster recovery activities will be needed.
These can include data backups; system failover and failback services; network redundancy; duplicate access paths to an ISP; use of more than one ISP; and primary and alternate sources of equipment, e.g., servers, communications devices, power supplies, racks, cabling and connectors. If you have an IT department with even one person, have a discussion with that person to see what he/she wants to do for DR.
You should also discuss DR activities with other small businesses or experienced DR consultants. You may find that a managed service firm offering disaster recovery as a service (DRaaS) is your best option. Once you determine what you need, set up a project plan to get the work done, document all DR activities and perform tests to be sure the DR plan works.
When testing, first decide what will be tested. Discuss the test with IT staff and determine the objectives of the test, and what constitutes a successful test. Determine what resources will be needed to conduct the test. Define and document all the steps to be taken in the course of the test; this is the script for the test. Then review the test plan and script with all IT resources needed for the test.
If only a production environment exists, and no R&D or other environment is available, the test may have to be held over a weekend or another time that will not impact production systems and scheduled batch jobs. Make sure there are no other activities scheduled at the time the test is to be held. Have all the players available, and review the test before starting the process. Designate a person to take notes and to keep time.
Once the test is completed and systems have been returned to normal, have a post-test review as soon as possible after the test to determine what worked, what didn't work, and lessons learned. Update DR processes and procedures as soon as possible with information from the test. Finally, schedule the next test -- frequent testing is critical.
SMB disaster recovery planning template
Developing an SMB disaster recovery plan
DR planning strategies for small businesses
Dig Deeper on Small business disaster recovery
Related Q&A from Paul Kirvan
As the remote workforce increases, network managers and users might opt to set up two concurrent VPN connections from the same remote device. But ... Continue Reading
It's time to review your strategy for ransomware backup and recovery. While there are standard ways to protect your organization, newer technologies ... Continue Reading
Business continuity and resilience go hand in hand and play a role in an organization's disaster recovery plan. Essentially, business continuity is ... Continue Reading