First, determine why disaster recovery is needed. Is it in response to an audit finding? Is it a regulatory or...
legal requirement? Next, determine if some level of DR is already being performed (e.g., backing up data onto tapes, backing up data to a cloud service). Next, if there is no DR activity at all -- hard to imagine these days -- determine what kinds of disaster recovery activities will be needed.
These can include data backups; system failover and failback services; network redundancy; duplicate access paths to an ISP; use of more than one ISP; and primary and alternate sources of equipment, e.g., servers, communications devices, power supplies, racks, cabling and connectors. If you have an IT department with even one person, have a discussion with that person to see what he/she wants to do for DR.
You should also discuss DR activities with other small businesses or experienced DR consultants. You may find that a managed service firm offering disaster recovery as a service (DRaaS) is your best option. Once you determine what you need, set up a project plan to get the work done, document all DR activities and perform tests to be sure the DR plan works.
When testing, first decide what will be tested. Discuss the test with IT staff and determine the objectives of the test, and what constitutes a successful test. Determine what resources will be needed to conduct the test. Define and document all the steps to be taken in the course of the test; this is the script for the test. Then review the test plan and script with all IT resources needed for the test.
If only a production environment exists, and no R&D or other environment is available, the test may have to be held over a weekend or another time that will not impact production systems and scheduled batch jobs. Make sure there are no other activities scheduled at the time the test is to be held. Have all the players available, and review the test before starting the process. Designate a person to take notes and to keep time.
Once the test is completed and systems have been returned to normal, have a post-test review as soon as possible after the test to determine what worked, what didn't work, and lessons learned. Update DR processes and procedures as soon as possible with information from the test. Finally, schedule the next test -- frequent testing is critical.
SMB disaster recovery planning template
Developing an SMB disaster recovery plan
DR planning strategies for small businesses
Dig Deeper on Small business disaster recovery
Related Q&A from Paul Kirvan
Your organization should integrate its cybersecurity and backup processes. It's easy for a cyberattack to affect backups, unfortunately, so be ... Continue Reading
Many on-site and cloud-based services are available for small to medium-sized business backup. Pay particular attention to the deciding factors for ... Continue Reading
You should align your backup testing with the frequency of backups. This way, IT assets will not only be backed up, but also validated as ready for ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.