Originally posted on Rentsys Recovery Services' blog.
Earlier this year, the Disaster Recovery Preparedness (DRP) Council released the results of an annual benchmark survey that graded businesses worldwide on their state of DR preparedness using a scale of A (best) to F (worst). The report revealed some disturbing news: 3 in 4 companies are at risk due to incomplete or nonexistent disaster recovery plans. Fortunately, the DRP Council offered this nugget of encouragement: We're starting to identify DR best practices. Specifically, the survey results showed that businesses that scored an A or B had three things in common:
- They built detailed DR plans.
- They defined specific DR metrics for RTOs and RPOs.
- They tested DR plans more frequently.
The report is very clear that these goals are key to being a good student of DR preparedness. Now let's take a look at what solutions you can use to get a passing grade on your business's DR plan.
Goal: Build a Plan
"Build a DR plan for everything you need to recover, including applications, networks and document repositories, business services such as the entire order processing system, or even your entire site in the event of an outage or disaster."
More than 60 percent of participants don't have a fully documented DR plan, and 40 percent said the DR plan they did have couldn't weather the business's worst outage. These stats are troubling, considering 65 percent of companies are required to produce DR reports for compliance purposes. The problem is that 43 percent find reporting "overly difficult, manual and expensive."
Solution: Business Continuity Software
Using continuity planning software can simplify the planning process by providing a step-by-step road map of the planning process to ensure you don't overlook key elements of the plan, such as important applications for each department, employee and vendor contact information and IT/business relations. Software that allows you to upload data from your production databases reduces the amount of data entry required as well.
Goal: Define Metrics
"Define Recovery Time Objectives (RTO) & Recovery Point Objectives (RPO) for critical applications. Without these important metrics, you cannot set proper expectations and assumptions from management, employees, and customers about your DR capabilities and how to improve them."
Defining metrics for every critical business service is a crucial part of the planning process. The DRP Council found that the highest scoring businesses had established RTOs and RPOs for functions such as customers orders, finance and email. Determining these metrics can get sticky, however, especially when departments don't agree on business priorities and when regulatory requirements enter the picture.
Solution: Professional Planning Services
Using professional planning services can help you manage the planning process with as few headaches as possible. Business continuity (BC) professionals can serve as arbiters between departments, offering objective recommendations for priorities. If compliance is an issue, they can point out any specific areas that are required by law to have specific RTOs or RPOs.
Goal: Test the Plan Frequently
"Test critical applications frequently to validate they will recover within RTOs/RPOs. For DR preparedness to improve, companies must begin to automate these processes to overcome the high cost in time and money of verifying and testing their DR plans."
Test more and test faster is the principle DR superstars live by. Historically, testing has been a cumbersome and expensive process, which explains why 23 percent of those surveyed don't test their plans. To improve efficiency of verifying and testing DR plans, businesses are automating processes.
Solution: Cloud Vaulting and Testing Solutions
Vaulting data in the cloud allows you to quickly and securely back up large amounts of data, including transaction records, images, videos, logs and more. Some businesses, especially in the healthcare and financial industries, have expressed concern over storing data in the cloud due to compliance restrictions. However, trained compliance experts can help you create a strategy for testing IT systems and applications to stay compliant.
Overall, the key to getting a passing grade is similar to what it takes to pass your college exams: Take notes, set goals, plan ahead and use failures as learning opportunities.