Business continuity is a must for businesses in every sector to mitigate and manage situations that range from system failures to natural disasters. If you weren’t among the audience at Zayo VP Jennifer Curry’s presentation on disaster recovery earlier this week at the HIMSS Conference for the healthcare industry, here’s your opportunity to learn more.
Want to hear directly from our experts? Register for our upcoming disaster recovery webinar today.
1. Know your enemy
The top four causes of IT disasters are hardware and infrastructure failure, human error, software failure and natural disasters. Causes can range from the air conditioner failing in your server room, to a user downloading malware, to a tornado. Assessing risk, then, means knowing your infrastructure down to the server, and even considering where your data centers are located — is the building prone to utility failures, or vulnerable to flooding?
2. Complete a business impact analysis
Once you determine the threats to your infrastructure, the next step is to determine how those threats would impact your business continuity in terms of dollar signs, from expensive repairs to lost income to regulatory fines. Make sure all managers and stakeholders of these systems are involved in the completion of the business impact analysis.
You should also assess the status of your systems:
- Mission critical — your business can’t operate without them
- Business-critical — your business can’t operate effectively without them
- Non-critical — your business can operate without them for an extended period of time without substantial added expenses
Understanding these distinctions will help you prioritize the processes in your disaster recovery plan. To get started, download Zayo’s Business Impact Analysis template.
3. Develop a disaster recovery plan
As with any plan, you start your disaster recovery plan by establishing goals: what are your priorities in case of disruption or disaster? The two terms you want to be familiar with are Recovery Point Objective (RPO) and Recovery Time Objective (RTO). RPO represents the amount of data you can afford to lose, and RTO represents how soon you will need to have your systems up and running. This means your plan should include daily data backups (with inexpensive daily backups, you may lose up to 24 hours of data), redundancy and failover for mission-critical systems, and post-disaster reconfigurations in case your backups fail.
Remember, though, that disaster doesn’t just affect your systems — it also affects people. Make sure your backup and contingency plans cover personnel absences. Who do you call when your security expert or your lead server technician is snowed in? Does your staff have alternate means of communicating and being productive when the network fails, or if nobody can physically show up to the office?
4. Rehearse and update
Just like a fire drill, you should be testing your disaster recovery plan every year. Walk through every component of your plan, rehearse procedures and, if budget allows, mimic the types of disruptions in your risk assessment.
Finally, make sure to keep your business continuity plan up-to-date. Incidents that require updates include a change in vendor or utility provider, staffing changes and changes in RTO or RPO. Any time you change your business, you should be changing your business continuity plan.
Zayo’s Disaster Recovery as a Service (DRaaS) can help you lock down your business continuity plan while providing a host of recovery options, from simple offsite data backup to near-instantaneous continuous availability.
Need help getting started? Contact our team today to learn more or register for our upcoming Disaster Recovery webinar.